2.0 KiB
2.0 KiB
Network and networking modules
This directory houses all network, firewall, DHCP, DNS, and all other related networking enablement.
core.nix
This is where the firewall and NetworkManager live. For the firewall, you have pre-defined options that will open ports for you by enabling some network service.
For example:
tcpPorts.web.enable = true;
udpPorts.dns.enable = true;
Here's a more featureful example of how you would enable a firewall and set up NetworkManager:
customNetworking = {
firewall = {
enable = true;
# Open web service ports
tcpPorts.web.enable = true;
# Custom TCP ports
tcpPorts.allowedPorts = [ 8080 22 ];
# Custom UDP ports
udpPorts.allowedPorts = [ 5000 ];
};
networkManager = {
enable = true;
extraPlugins = with pkgs; [
# Additional NetworkManager plugins
networkmanager-openvpn
networkmanager-openconnect
];
};
};
As shown above, you'll have to open ports for services you would want to access remotely.
DNS
There are two options here: BIND9 (or simply Bind) or Technitium DNS server. Enabling both DNS servers will throw an error and your configuration will not build.
You'll have to import ./dns.nix for the services to be enabled.
Here's an example of what configuration might look like:
dns.bind = {
enable = true;
settings = {
interfaces = [ "127.0.0.1" "192.168.100.100" ];
zones = [
{
name = "example.com";
type = "master";
file = "/etc/named/zones/example.com.zone";
}
];
extraConfig = ''
// Additional BIND configuration
options {
directory "/var/named";
recursion yes;
}
'';
}
};
or
dns.technitium = {
enable = true;
settings = {
address = "192.168.100.0";
port = 5380;
extraOptions = {
LOG_LEVEL = "info";
};
}
};