upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-06 21:17:14 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions
dotfiles/systems/ceres/config/networking.nix
Nick 304d353a1f test: vaultwarden microVM
2025-11-08 00:25:44 -06:00

89 lines
2 KiB
Nix
Executable file
Raw Blame History

{
lib,
flake,
...
}:
let
inherit (flake.config.machines.devices) ceres;
inherit (flake.config.services) instances;
wireguardService = instances.wireGuard;
in
{
# Enable microVM host
microvm.host.enable = true;
# # systemd-networkd for bridge management
# systemd.network.enable = true;
# # Bridge configuration for microVMs
# systemd.network.netdevs."10-br-vms" = {
# netdevConfig = {
# Name = "br-vms";
# Kind = "bridge";
# };
# };
# # Attach physical interface and tap interfaces to bridge
# systemd.network.networks."20-lan" = {
# matchConfig.Name = [
# "enp10s0"
# "vm-*"
# ];
# networkConfig = {
# Bridge = "br-vms";
# };
# };
# # Bridge gets the host IP
# systemd.network.networks."30-br-vms" = {
# matchConfig.Name = "br-vms";
# networkConfig = {
# Address = "192.168.50.240/24";
# Gateway = "192.168.50.1";
# DNS = [ "192.168.50.1" ];
# };
# linkConfig.RequiredForOnline = "routable";
# };
networking = {
hostName = ceres.name;
# NetworkManager disabled - using systemd-networkd for bridge management
# Having both enabled causes multiple DHCP leases and IP conflicts
networkmanager.enable = false;
nftables.enable = true;
useDHCP = lib.mkDefault false; # systemd-networkd handles DHCP via bridge
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
25 # SMTP
139 # SMTP
587 # SMTP
2525 # SMTP
9999 # NC
wireguardService.ports.port0 # WireGuard
];
allowedUDPPorts = [
wireguardService.ports.port0 # WireGuard
wireguardService.ports.port1 # WireGuard
];
};
};
services = {
avahi = {
enable = true;
openFirewall = true;
nssmdns4 = true;
publish = {
enable = true;
userServices = true;
};
};
sshd.enable = true;
openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
};
}
Reference in a new issue View git blame Copy permalink