modularized all the things
part one (?)
This commit is contained in:
90
modules/networking/README.md
Normal file
90
modules/networking/README.md
Normal file
@ -0,0 +1,90 @@
|
||||
# Network and networking modules
|
||||
|
||||
This directory houses all network, firewall, DHCP, DNS, and all other related networking enablement.
|
||||
|
||||
## `core.nix`
|
||||
|
||||
This is where the firewall and NetworkManager live. For the firewall, you have pre-defined options that will open ports for you by enabling some network service.
|
||||
|
||||
For example:
|
||||
|
||||
```nix
|
||||
tcpPorts.web.enable = true;
|
||||
udpPorts.dns.enable = true;
|
||||
```
|
||||
|
||||
Here's a more featureful example of how you would enable a firewall and set up NetworkManager:
|
||||
|
||||
```nix
|
||||
customNetworking = {
|
||||
firewall = {
|
||||
enable = true;
|
||||
|
||||
# Open web service ports
|
||||
tcpPorts.web.enable = true;
|
||||
|
||||
# Custom TCP ports
|
||||
tcpPorts.allowedPorts = [ 8080 22 ];
|
||||
|
||||
# Custom UDP ports
|
||||
udpPorts.allowedPorts = [ 5000 ];
|
||||
};
|
||||
|
||||
networkManager = {
|
||||
enable = true;
|
||||
extraPlugins = with pkgs; [
|
||||
# Additional NetworkManager plugins
|
||||
networkmanager-openvpn
|
||||
networkmanager-openconnect
|
||||
];
|
||||
};
|
||||
};
|
||||
```
|
||||
|
||||
As shown above, you'll have to open ports for services you would want to access remotely.
|
||||
|
||||
## DNS
|
||||
|
||||
There are two options here: BIND9 (or simply Bind) or Technitium DNS server. Enabling both DNS servers will throw an error and your configuration will not build.
|
||||
|
||||
You'll have to import `./dns.nix` for the services to be enabled.
|
||||
|
||||
Here's an example of what configuration might look like:
|
||||
|
||||
```nix
|
||||
dns.bind = {
|
||||
enable = true;
|
||||
settings = {
|
||||
interfaces = [ "127.0.0.1" "192.168.100.100" ];
|
||||
zones = [
|
||||
{
|
||||
name = "example.com";
|
||||
type = "master";
|
||||
file = "/etc/named/zones/example.com.zone";
|
||||
}
|
||||
];
|
||||
extraConfig = ''
|
||||
// Additional BIND configuration
|
||||
options {
|
||||
directory "/var/named";
|
||||
recursion yes;
|
||||
}
|
||||
'';
|
||||
}
|
||||
};
|
||||
```
|
||||
|
||||
_or_
|
||||
|
||||
```nix
|
||||
dns.technitium = {
|
||||
enable = true;
|
||||
settings = {
|
||||
address = "192.168.100.0";
|
||||
port = 5380;
|
||||
extraOptions = {
|
||||
LOG_LEVEL = "info";
|
||||
};
|
||||
}
|
||||
};
|
||||
```
|
||||
Reference in New Issue
Block a user