nix-config-v2/modules/networking/core.nix

{
  config,
  lib,
  ...
}: let
  cfg = config.networking;
in {
  options.networking = {
    # Firewall Configuration
    firewall = {
      enable = lib.mkEnableOption {
        type = lib.types.bool;
        default = true;
        description = "Enable system firewall";
      };

      tcpPorts = {
        # Predefined, default common service ports
        ssh = {
          enable = lib.mkEnableOption {
            type = lib.types.bool;
            default = false;
            description = "Open SSH service port (22)";
          };
        };
        web = {
          enable = lib.mkEnableOption {
            type = lib.types.bool;
            default = false;
            description = "Open common web service ports (80, 443)";
          };
        };
        smtp = {
          enable = lib.mkEnableOption {
            type = lib.types.bool;
            default = false;
            description = "Open SMTP service ports (25, 465, 587)";
          };
        };
        imap = {
          enable = lib.mkEnableOption {
            type = lib.types.bool;
            default = false;
            description = "Open IMAP service ports (143, 993)";
          };
        };
        mysql = {
          enable = lib.mkEnableOption {
            type = lib.types.bool;
            default = false;
            description = "Open MySQL service port (3306)";
          };
        };
        mssql = {
          enable = lib.mkEnableOption {
            type = lib.types.bool;
            default = false;
            description = "Open Microsoft SQL Server service port (1433)";
          };
        };
        postgres = {
          enable = lib.mkEnableOption {
            type = lib.types.bool;
            default = false;
            description = "Open Postgres service port (5432)";
          };
        };
        allowedPorts = lib.mkOption {
          type = lib.types.listOf lib.types.port;
          default = [];
          description = "List of custom TCP ports to open";
        };
      };

      udpPorts = {
        dns = {
          enable = lib.mkEnableOption {
            type = lib.types.bool;
            default = false;
            description = "Open DNS service port (53)";
          };
        };
        ntp = {
          enable = lib.mkEnableOption {
            type = lib.types.bool;
            default = false;
            description = "Open NTP service port (123)";
          };
        };
        allowedPorts = lib.mkOption {
          type = lib.types.listOf lib.types.port;
          default = [];
          description = "List of custom UDP ports to open";
        };
      };
    };

    networkManager = {
      enable = lib.mkEnableOption {
        type = lib.types.bool;
        default = true;
        description = "Enable NetworkManager for network connection management";
      };

      extraPlugins = lib.mkOption {
        type = lib.types.listOf lib.types.package;
        default = [];
        description = "Additional NetworkManager plugins to install";
      };
    };
  };

  config = {
    networking.firewall = {
      enable = cfg.firewall.enable;

      allowedTCPPorts =
        (
          lib.optionals
          cfg.firewall.tcpPorts.ssh.enable [22]
          cfg.firewall.tcpPorts.web.enable [80 443]
          cfg.firewall.tcpPorts.smtp.enable [25 465 587]
          cfg.firewall.tcpPorts.imap.enable [143 993]
          cfg.firewall.tcpPorts.mysql.enable [3306]
          cfg.firewall.tcpPorts.mssql.enable [1433]
          cfg.firewall.tcpPorts.postgres.enable [5432]
        )
        ++ cfg.firewall.tcpPorts.allowedPorts;

      allowedUDPPorts =
        (
          lib.optionals
          cfg.firewall.udpPorts.dns.enable [53]
          cfg.firewall.udpPorts.ntp.enable [123]
        )
        ++ cfg.firewall.udpPorts.allowedPorts;
    };

    networking.networkmanager = {
      enable = lib.mkForce cfg.networkManager.enable;
      packages = cfg.networkManager.extraPlugins;
    };
  };
}
modularized all the things part one (?) 2024-12-15 18:22:36 -05:00			`{`
			`config,`
			`lib,`
			`...`
			`}: let`
updated modules to work for cloud 2024-12-23 15:35:36 -05:00			`cfg = config.networking;`
modularized all the things part one (?) 2024-12-15 18:22:36 -05:00			`in {`
updated modules to work for cloud 2024-12-23 15:35:36 -05:00			`options.networking = {`
modularized all the things part one (?) 2024-12-15 18:22:36 -05:00			`# Firewall Configuration`
			`firewall = {`
updated modules to work for cloud 2024-12-23 15:35:36 -05:00			`enable = lib.mkEnableOption {`
modularized all the things part one (?) 2024-12-15 18:22:36 -05:00			`type = lib.types.bool;`
			`default = true;`
			`description = "Enable system firewall";`
			`};`

			`tcpPorts = {`
			`# Predefined, default common service ports`
			`ssh = {`
updated modules to work for cloud 2024-12-23 15:35:36 -05:00			`enable = lib.mkEnableOption {`
modularized all the things part one (?) 2024-12-15 18:22:36 -05:00			`type = lib.types.bool;`
			`default = false;`
			`description = "Open SSH service port (22)";`
			`};`
			`};`
			`web = {`
updated modules to work for cloud 2024-12-23 15:35:36 -05:00			`enable = lib.mkEnableOption {`
modularized all the things part one (?) 2024-12-15 18:22:36 -05:00			`type = lib.types.bool;`
			`default = false;`
			`description = "Open common web service ports (80, 443)";`
			`};`
			`};`
			`smtp = {`
updated modules to work for cloud 2024-12-23 15:35:36 -05:00			`enable = lib.mkEnableOption {`
modularized all the things part one (?) 2024-12-15 18:22:36 -05:00			`type = lib.types.bool;`
			`default = false;`
			`description = "Open SMTP service ports (25, 465, 587)";`
			`};`
			`};`
			`imap = {`
updated modules to work for cloud 2024-12-23 15:35:36 -05:00			`enable = lib.mkEnableOption {`
modularized all the things part one (?) 2024-12-15 18:22:36 -05:00			`type = lib.types.bool;`
			`default = false;`
			`description = "Open IMAP service ports (143, 993)";`
			`};`
			`};`
			`mysql = {`
updated modules to work for cloud 2024-12-23 15:35:36 -05:00			`enable = lib.mkEnableOption {`
modularized all the things part one (?) 2024-12-15 18:22:36 -05:00			`type = lib.types.bool;`
			`default = false;`
			`description = "Open MySQL service port (3306)";`
			`};`
			`};`
			`mssql = {`
updated modules to work for cloud 2024-12-23 15:35:36 -05:00			`enable = lib.mkEnableOption {`
modularized all the things part one (?) 2024-12-15 18:22:36 -05:00			`type = lib.types.bool;`
			`default = false;`
			`description = "Open Microsoft SQL Server service port (1433)";`
			`};`
			`};`
			`postgres = {`
updated modules to work for cloud 2024-12-23 15:35:36 -05:00			`enable = lib.mkEnableOption {`
modularized all the things part one (?) 2024-12-15 18:22:36 -05:00			`type = lib.types.bool;`
			`default = false;`
			`description = "Open Postgres service port (5432)";`
			`};`
			`};`
			`allowedPorts = lib.mkOption {`
			`type = lib.types.listOf lib.types.port;`
			`default = [];`
			`description = "List of custom TCP ports to open";`
			`};`
			`};`

			`udpPorts = {`
			`dns = {`
updated modules to work for cloud 2024-12-23 15:35:36 -05:00			`enable = lib.mkEnableOption {`
modularized all the things part one (?) 2024-12-15 18:22:36 -05:00			`type = lib.types.bool;`
			`default = false;`
			`description = "Open DNS service port (53)";`
			`};`
			`};`
			`ntp = {`
updated modules to work for cloud 2024-12-23 15:35:36 -05:00			`enable = lib.mkEnableOption {`
modularized all the things part one (?) 2024-12-15 18:22:36 -05:00			`type = lib.types.bool;`
			`default = false;`
			`description = "Open NTP service port (123)";`
			`};`
			`};`
			`allowedPorts = lib.mkOption {`
			`type = lib.types.listOf lib.types.port;`
			`default = [];`
			`description = "List of custom UDP ports to open";`
			`};`
			`};`
			`};`

			`networkManager = {`
updated modules to work for cloud 2024-12-23 15:35:36 -05:00			`enable = lib.mkEnableOption {`
modularized all the things part one (?) 2024-12-15 18:22:36 -05:00			`type = lib.types.bool;`
			`default = true;`
			`description = "Enable NetworkManager for network connection management";`
			`};`

			`extraPlugins = lib.mkOption {`
			`type = lib.types.listOf lib.types.package;`
			`default = [];`
			`description = "Additional NetworkManager plugins to install";`
			`};`
			`};`
			`};`

			`config = {`
			`networking.firewall = {`
			`enable = cfg.firewall.enable;`

			`allowedTCPPorts =`
			`(`
			`lib.optionals`
			`cfg.firewall.tcpPorts.ssh.enable [22]`
			`cfg.firewall.tcpPorts.web.enable [80 443]`
			`cfg.firewall.tcpPorts.smtp.enable [25 465 587]`
			`cfg.firewall.tcpPorts.imap.enable [143 993]`
			`cfg.firewall.tcpPorts.mysql.enable [3306]`
			`cfg.firewall.tcpPorts.mssql.enable [1433]`
			`cfg.firewall.tcpPorts.postgres.enable [5432]`
			`)`
			`++ cfg.firewall.tcpPorts.allowedPorts;`

			`allowedUDPPorts =`
			`(`
			`lib.optionals`
			`cfg.firewall.udpPorts.dns.enable [53]`
			`cfg.firewall.udpPorts.ntp.enable [123]`
			`)`
			`++ cfg.firewall.udpPorts.allowedPorts;`
			`};`

			`networking.networkmanager = {`
fixed networkmanager 2025-01-04 18:56:53 -05:00			`enable = lib.mkForce cfg.networkManager.enable;`
modularized all the things part one (?) 2024-12-15 18:22:36 -05:00			`packages = cfg.networkManager.extraPlugins;`
			`};`
			`};`
			`}`