system/networking.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

{
  lib,
  config,
  ...
}: let
  inherit (lib) mkIf;
  cfg = config.network;
in {
  config = mkIf cfg.enable {
    # ethernet / wifi
    networking.networkmanager.enable = true;
    users.groups.networkmanager.members = [config.user];

    # firewall
    networking.firewall.enable = cfg.firewall.enable;
    networking.firewall.allowedTCPPorts = [80 443 8080];
    networking.nftables.enable = cfg.firewall.enable;

    # dns
    services.resolved.enable = cfg.dns.enable;
    networking.networkmanager.dns =
      if cfg.dns.enable
      then "systemd-resolved"
      else "default";
  };
}