91 lines
		
	
	
		
			2.0 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			91 lines
		
	
	
		
			2.0 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| # Network and networking modules
 | |
| 
 | |
| This directory houses all network, firewall, DHCP, DNS, and all other related networking enablement.
 | |
| 
 | |
| ## `core.nix`
 | |
| 
 | |
| This is where the firewall and NetworkManager live. For the firewall, you have pre-defined options that will open ports for you by enabling some network service.
 | |
| 
 | |
| For example:
 | |
| 
 | |
| ```nix
 | |
| tcpPorts.web.enable = true;
 | |
| udpPorts.dns.enable = true;
 | |
| ```
 | |
| 
 | |
| Here's a more featureful example of how you would enable a firewall and set up NetworkManager:
 | |
| 
 | |
| ```nix
 | |
|   customNetworking = {
 | |
|     firewall = {
 | |
|       enable = true;
 | |
| 
 | |
|       # Open web service ports
 | |
|       tcpPorts.web.enable = true;
 | |
| 
 | |
|       # Custom TCP ports
 | |
|       tcpPorts.allowedPorts = [ 8080 22 ];
 | |
| 
 | |
|       # Custom UDP ports
 | |
|       udpPorts.allowedPorts = [ 5000 ];
 | |
|     };
 | |
| 
 | |
|     networkManager = {
 | |
|       enable = true;
 | |
|       extraPlugins = with pkgs; [
 | |
|         # Additional NetworkManager plugins
 | |
|         networkmanager-openvpn
 | |
|         networkmanager-openconnect
 | |
|       ];
 | |
|     };
 | |
|   };
 | |
| ```
 | |
| 
 | |
| As shown above, you'll have to open ports for services you would want to access remotely.
 | |
| 
 | |
| ## DNS
 | |
| 
 | |
| There are two options here: BIND9 (or simply Bind) or Technitium DNS server. Enabling both DNS servers will throw an error and your configuration will not build.
 | |
| 
 | |
| You'll have to import `./dns.nix` for the services to be enabled.
 | |
| 
 | |
| Here's an example of what configuration might look like:
 | |
| 
 | |
| ```nix
 | |
|   dns.bind = {
 | |
|     enable = true;
 | |
|     settings = {
 | |
|       interfaces = [ "127.0.0.1" "192.168.100.100" ];
 | |
|       zones = [
 | |
|         {
 | |
|           name = "example.com";
 | |
|           type = "master";
 | |
|           file = "/etc/named/zones/example.com.zone";
 | |
|         }
 | |
|       ];
 | |
|       extraConfig = ''
 | |
|         // Additional BIND configuration
 | |
|         options {
 | |
|           directory "/var/named";
 | |
|           recursion yes;
 | |
|         }
 | |
|       '';
 | |
|     }
 | |
|   };
 | |
| ```
 | |
| 
 | |
| _or_
 | |
| 
 | |
| ```nix
 | |
|   dns.technitium = {
 | |
|     enable = true;
 | |
|     settings = {
 | |
|       address = "192.168.100.0";
 | |
|       port = 5380;
 | |
|       extraOptions = {
 | |
|         LOG_LEVEL = "info";
 | |
|       };
 | |
|     }
 | |
|   };
 | |
| ```
 |