71 lines
1.6 KiB
Nix
71 lines
1.6 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
inherit (lib)
|
|
mkIf
|
|
mkEnableOption
|
|
mkOption
|
|
types
|
|
;
|
|
cfg = config.nixos.hardware.network;
|
|
in
|
|
{
|
|
options = {
|
|
nixos.hardware.network = {
|
|
enable = mkEnableOption "Enable the custom networking module";
|
|
interfaces = mkOption {
|
|
type = types.attrsOf (
|
|
types.submodule {
|
|
options = {
|
|
allowedTCPPorts = mkOption {
|
|
type = types.listOf types.int;
|
|
default = [ ];
|
|
description = "List of allowed TCP ports for this interface.";
|
|
};
|
|
allowedUDPPorts = mkOption {
|
|
type = types.listOf types.int;
|
|
default = [ ];
|
|
description = "List of allowed UDP ports for this interface.";
|
|
};
|
|
};
|
|
}
|
|
);
|
|
default = { };
|
|
description = "Network interface configurations.";
|
|
};
|
|
extraHosts = mkOption {
|
|
type = types.lines;
|
|
default = "";
|
|
description = "Extra entries for /etc/hosts.";
|
|
};
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
assertions = [
|
|
{
|
|
assertion = cfg.interfaces != { } -> config.networking.networkmanager.enable;
|
|
message = "Network interfaces configured but NetworkManager is not enabled";
|
|
}
|
|
];
|
|
|
|
networking = {
|
|
networkmanager.enable = true;
|
|
nftables.enable = true;
|
|
firewall = {
|
|
enable = true;
|
|
inherit (cfg) interfaces;
|
|
};
|
|
extraHosts = cfg.extraHosts;
|
|
};
|
|
|
|
systemd.services.NetworkManager = {
|
|
wants = [ "nftables.service" ];
|
|
after = [ "nftables.service" ];
|
|
};
|
|
};
|
|
}
|