started migration to snowfall

2025-07-23 10:03:10 +02:00 · 2025-07-23 10:03:10 +02:00 · 5ba5d55108
commit 5ba5d55108
parent 091438d802
100 changed files with 49 additions and 32 deletions
--- a/_modules/system/networking/default.nix
+++ b/_modules/system/networking/default.nix
@ -0,0 +1,31 @@
+{ config, options, lib, pkgs, ... }: let
+  inherit (lib.modules) mkDefault;
+  inherit (lib.options) mkOption;
+
+  cfg = config.modules.networking;
+in {
+  options.modules.networking = {
+    wifi.backend = mkOption {
+      type = with lib.types; enum [ "wpa_supplicant" "iwd" ];
+      default = "wpa_supplicant";
+      example = "wpa_supplicant";
+      description = "set the backend used for wifi wpa_supplicant by default";
+    };
+  };
+
+  config = {
+    systemd.services.NetworkManager-wait-online.enable = false;
+
+    networking = {
+      enableIPv6 = true;
+      useDHCP = mkDefault true;
+
+      firewall.enable = true;
+
+      networkmanager = {
+        enable = mkDefault true;
+        wifi.backend = mkDefault config.modules.networking.wifi.backend;
+      };
+    };
+  };
+}
--- a/_modules/system/networking/nfs.nix
+++ b/_modules/system/networking/nfs.nix
@ -0,0 +1,22 @@
+{ config, lib, ... }:
+let
+  inherit (lib) mkIf mkEnableOption;
+
+  cfg = config.modules.networking.nfs;
+in
+{
+  options.modules.networking.nfs = {
+    enable = mkEnableOption "Enable NFS";
+  };
+
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [ 2049 ];
+
+    services.nfs.server = {
+      enable = true;
+      exports = ''
+        /var/media manwe(rw,sync,no_subtree_check,fsid=0)
+      '';
+    };
+  };
+}
--- a/_modules/system/networking/samba.nix
+++ b/_modules/system/networking/samba.nix
@ -0,0 +1,71 @@
+{ pkgs, config, lib, ... }:
+let
+  inherit (builtins) getEnv;
+  inherit (lib.modules) mkIf mkMerge;
+in
+{
+  options.modules.networking.samba = let
+    inherit (lib.options) mkEnableOption;
+  in {
+    sharing.enable = mkEnableOption "Samba: enable NixOs -> external file-transfer";
+    receicing.enable = mkEnableOption "Samba: enable external -> NixOs file-transfer";
+  };
+
+  config = mkMerge [
+    (mkIf config.modules.networking.samba.sharing.enable {
+      users = {
+        groups.samba-guest = {};
+        users.samba-guest = {
+          isSystemUser = true;
+          description = "Residence of our Samba guest users";
+          group = "samba-guest";
+          home = "/var/empty";
+          createHome = false;
+          shell = pkgs.shadow;
+        };
+      };
+      user.extraGroups = [ "samba-guest" ];
+
+      networking.firewall = {
+        allowPing = true;
+        allowedTCPPorts = [ 5327 ];
+        allowedUDPPorts = [ 3702 ];
+      };
+
+      services.samba-wsdd.enable = true;
+
+      services.samba = {
+        enable = true;
+        openFirewall = true;
+        extraConfig = ''
+          server string = ${config.networking.hostName}
+          netbios name = ${config.networking.hostName}
+          workgroup = WORKGROUP
+          security = user
+
+          create mask 0664
+          force create mode 0664
+          directory mask 0775
+          force directory mode 0775
+          follow symlink = yes
+
+          hosts allow = 192.168.1.0/24 localhost
+          hosts deny = 0.0.0.0/0
+          guest account = nobody
+          map to guest = bad user
+        '';
+        shares = {
+          Public = {
+            path = (getEnv "HOME") + "/Public";
+            browseable = "yes";
+            "read only" = "yes";
+            "guest ok" = "yes";
+            "forse user" = "${config.user.name}";
+            "force group" = "samba-guest";
+            "write list" = "${config.user.name}";
+          };
+        };
+      };
+    })
+  ];
+}
--- a/_modules/system/networking/ssh.nix
+++ b/_modules/system/networking/ssh.nix
@ -0,0 +1,28 @@
+{ config, lib, ... }:
+let
+  inherit (lib.modules) mkIf;
+  inherit (lib.options) mkEnableOption;
+
+  cfg = config.modules.networking.ssh;
+in
+{
+  options.modules.networking.ssh = {
+    enable = mkEnableOption "enable ssh";
+  };
+
+  config = mkIf cfg.enable {
+    services.openssh = {
+      enable = true;
+      openFirewall = true;
+      ports = [ 22 ];
+      settings = {
+        PasswordAuthentication = true;
+        AllowUsers = [ "chris" "root" ];
+        UseDns = true;
+        UsePAM = true;
+        PermitRootLogin = "prohibit-password";
+        PermitEmptyPasswords = "no";
+      };
+    };
+  };
+}