fw + avahi

2025-04-06 12:52:25 -04:00 · 2025-04-06 12:52:25 -04:00 · 7705f24e0f
commit 7705f24e0f
parent cddaa01e99
9 changed files with 83 additions and 58 deletions
--- a/modules/home/programs/graphical/ghostty/config/ghostty.conf
+++ b/modules/home/programs/graphical/ghostty/config/ghostty.conf
@ -16,8 +16,8 @@ keybind = ctrl+left=goto_split:left
 keybind = ctrl+right=goto_split:right
 keybind = ctrl+up=goto_split:up
 keybind = ctrl+down=goto_split:down
-keybind = ctrl+]=next_tab
-keybind = ctrl+[=previous_tab
+keybind = ctrl+]=goto_split:next
+keybind = ctrl+[=goto_split:previous

 # Keybindings - Navigation - Tabs
 keybind = ctrl+1=goto_tab:1
--- a/modules/home/user/default.nix
+++ b/modules/home/user/default.nix
@ -5,6 +5,7 @@ let
    mkIf
    mkDefault
    mkMerge
+    mkEnableOption
    ;
  inherit (lib.${namespace}) mkOpt;

@ -20,7 +21,7 @@ let
 in
 {
  options.${namespace}.user = {
-    enable = mkOpt types.bool false "Whether to configure the user account.";
+    enable = mkEnableOption "Whether to configure the user account.";
    email = mkOpt types.str "evan@reichard.io" "The email of the user.";
    fullName = mkOpt types.str "Evan Reichard" "The full name of the user.";
    home = mkOpt (types.nullOr types.str) home-directory "The user's home directory.";
--- a/modules/nixos/hardware/opengl/default.nix
+++ b/modules/nixos/hardware/opengl/default.nix
@ -1,6 +1,6 @@
 { config, lib, pkgs, namespace, ... }:
 let
-  inherit (lib) mkIf mkForce;
+  inherit (lib) mkIf;
  inherit (lib.${namespace}) mkBoolOpt;

  cfg = config.${namespace}.hardware.opengl;
--- a/modules/nixos/services/avahi/default.nix
+++ b/modules/nixos/services/avahi/default.nix
@ -0,0 +1,27 @@
+{ config, lib, namespace, ... }:
+let
+  inherit (lib) mkIf;
+
+  cfg = config.${namespace}.services.avahi;
+in
+{
+  options.${namespace}.services.avahi = {
+    enable = lib.mkEnableOption "Avahi";
+  };
+
+  config = mkIf cfg.enable {
+    services.avahi = {
+      enable = true;
+      nssmdns4 = true;
+      openFirewall = true;
+      publish = {
+        enable = true;
+        addresses = true;
+        domain = true;
+        hinfo = true;
+        userServices = true;
+        workstation = true;
+      };
+    };
+  };
+}
--- a/modules/nixos/services/openiscsi/default.nix
+++ b/modules/nixos/services/openiscsi/default.nix
@ -1,7 +1,7 @@
 { config, pkgs, lib, namespace, host, ... }:
 let
  inherit (lib) types mkIf;
-  inherit (lib.${namespace}) mkOpt;
+  inherit (lib.${namespace}) mkOpt mkBoolOpt;

  cfg = config.${namespace}.services.openiscsi;
 in
@ -9,7 +9,7 @@ in
  options.${namespace}.services.openiscsi = {
    enable = lib.mkEnableOption "Open iSCSI support";
    name = mkOpt types.str "iqn.2025.reichard.io:${host}" "iSCSI name";
-    symlink = mkOpt types.bool false "Create a symlink to the iSCSI binaries";
+    symlink = mkBoolOpt false "Create a symlink to the iSCSI binaries";
  };

  config = mkIf cfg.enable {
--- a/modules/nixos/services/rke2/default.nix
+++ b/modules/nixos/services/rke2/default.nix
@ -1,7 +1,7 @@
 { config, lib, namespace, ... }:
 let
  inherit (lib) types mkIf;
-  inherit (lib.${namespace}) mkOpt;
+  inherit (lib.${namespace}) mkOpt mkBoolOpt;

  cfg = config.${namespace}.services.rke2;
 in
@ -9,6 +9,7 @@ in
  options.${namespace}.services.rke2 = with types; {
    enable = lib.mkEnableOption "Enable RKE2";
    disable = mkOpt (listOf str) [ ] "Disable services";
+    openFirewall = mkBoolOpt true "Open firewall";
  };

  config = mkIf cfg.enable {
@ -16,5 +17,23 @@ in
      enable = true;
      disable = cfg.disable;
    };
+
+    networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [
+      # RKE2 Ports - https://docs.rke2.io/install/requirements#networking
+      6443 # Kubernetes API
+      9345 # RKE2 supervisor API
+      2379 # etcd Client Port
+      2380 # etcd Peer Port
+      2381 # etcd Metrics Port
+      10250 # kubelet metrics
+      9099 # Canal CNI health checks
+    ];
+
+    networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [
+      # RKE2 Ports - https://docs.rke2.io/install/requirements#networking
+      8472 # Canal CNI with VXLAN
+      # 51820 # Canal CNI with WireGuard IPv4 (if using encryption)
+      # 51821 # Canal CNI with WireGuard IPv6 (if using encryption)
+    ];
  };
 }
--- a/modules/nixos/system/networking/default.nix
+++ b/modules/nixos/system/networking/default.nix
@ -1,14 +1,16 @@
 { config, lib, pkgs, namespace, ... }:
 let
-  inherit (lib) mkIf mkForce;
-  inherit (lib.${namespace}) mkBoolOpt;
+  inherit (lib) mkIf mkDefault mkEnableOption;
+  inherit (lib.${namespace}) mkBoolOpt enabled;

  cfg = config.${namespace}.system.networking;
 in
 {
  options.${namespace}.system.networking = {
-    enable = lib.mkEnableOption "networking support";
-    enableIWD = mkBoolOpt false "enable iwd";
+    enable = mkEnableOption "Enable Networking";
+    enableIWD = mkEnableOption "Enable IWD";
+    useDHCP = mkBoolOpt true "Use DHCP";
+    useNetworkd = mkBoolOpt false "Use networkd";
  };

  config = mkIf cfg.enable {
@ -21,8 +23,9 @@ in
    reichard.user.extraGroups = [ "network" ];

    networking = {
-      firewall.enable = true;
-      usePredictableInterfaceNames = mkForce true;
+      firewall = enabled;
+      useDHCP = mkDefault cfg.useDHCP;
+      useNetworkd = cfg.useNetworkd;
    } // (lib.optionalAttrs cfg.enableIWD) {
      wireless.iwd = {
        enable = true;
--- a/systems/aarch64-linux/mbp-nixos/default.nix
+++ b/systems/aarch64-linux/mbp-nixos/default.nix
@ -31,6 +31,10 @@ in
      };
    };

+    services = {
+      avahi = enabled;
+    };
+
    security = {
      sops = {
        enable = true;
--- a/systems/x86_64-vmware/rke2-node/default.nix
+++ b/systems/x86_64-vmware/rke2-node/default.nix
@ -8,6 +8,16 @@ in
  ];

  config = {
+    # Basic System
+    system.stateVersion = "24.11";
+    time.timeZone = "UTC";
+
+    fileSystems."/" = {
+      device = "/dev/disk/by-label/nixos";
+      fsType = "ext4";
+      autoResize = true;
+    };
+
    reichard = {
      nix = enabled;

@ -16,9 +26,15 @@ in
          enable = true;
          xenGuest = true;
        };
+        networking = {
+          enable = true;
+          useDHCP = false;
+          useNetworkd = true;
+        };
      };

      services = {
+        avahi = enabled;
        openssh = enabled;
        cloud-init = enabled;
        rke2 = {
@ -39,50 +55,6 @@ in
      };
    };

-    # Basic System
-    system.stateVersion = "24.11";
-    time.timeZone = "UTC";
-
-    fileSystems."/" = {
-      device = "/dev/disk/by-label/nixos";
-      fsType = "ext4";
-      autoResize = true;
-    };
-
-    # Network Configuration
-    networking = {
-      hostName = lib.mkForce "";
-      useNetworkd = true;
-      useDHCP = false;
-
-      firewall = {
-        enable = true;
-
-        allowedTCPPorts = [
-          # RKE2 Ports - https://docs.rke2.io/install/requirements#networking
-          6443 # Kubernetes API
-          9345 # RKE2 supervisor API
-          2379 # etcd Client Port
-          2380 # etcd Peer Port
-          2381 # etcd Metrics Port
-          10250 # kubelet metrics
-          9099 # Canal CNI health checks
-        ];
-
-        allowedUDPPorts = [
-          # RKE2 Ports - https://docs.rke2.io/install/requirements#networking
-          8472 # Canal CNI with VXLAN
-          # 51820 # Canal CNI with WireGuard IPv4 (if using encryption)
-          # 51821 # Canal CNI with WireGuard IPv6 (if using encryption)
-        ];
-
-        # Allow Multicast
-        extraCommands = ''
-          iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
-        '';
-      };
-    };
-
    systemd.services = {
      # RKE2 - Wait Cloud Init
      rke2-server = {
@ -112,7 +84,6 @@ in
      };
    };

-    # System Packages
    environment = {
      systemPackages = with pkgs; [
        htop