diff --git a/modules/home/programs/graphical/ghostty/config/ghostty.conf b/modules/home/programs/graphical/ghostty/config/ghostty.conf index 14a8792..f5eb20f 100755 --- a/modules/home/programs/graphical/ghostty/config/ghostty.conf +++ b/modules/home/programs/graphical/ghostty/config/ghostty.conf @@ -16,8 +16,8 @@ keybind = ctrl+left=goto_split:left keybind = ctrl+right=goto_split:right keybind = ctrl+up=goto_split:up keybind = ctrl+down=goto_split:down -keybind = ctrl+]=next_tab -keybind = ctrl+[=previous_tab +keybind = ctrl+]=goto_split:next +keybind = ctrl+[=goto_split:previous # Keybindings - Navigation - Tabs keybind = ctrl+1=goto_tab:1 diff --git a/modules/home/user/default.nix b/modules/home/user/default.nix index 9c19f40..ae02644 100644 --- a/modules/home/user/default.nix +++ b/modules/home/user/default.nix @@ -5,6 +5,7 @@ let mkIf mkDefault mkMerge + mkEnableOption ; inherit (lib.${namespace}) mkOpt; @@ -20,7 +21,7 @@ let in { options.${namespace}.user = { - enable = mkOpt types.bool false "Whether to configure the user account."; + enable = mkEnableOption "Whether to configure the user account."; email = mkOpt types.str "evan@reichard.io" "The email of the user."; fullName = mkOpt types.str "Evan Reichard" "The full name of the user."; home = mkOpt (types.nullOr types.str) home-directory "The user's home directory."; diff --git a/modules/nixos/hardware/opengl/default.nix b/modules/nixos/hardware/opengl/default.nix index 068ffef..75e6833 100644 --- a/modules/nixos/hardware/opengl/default.nix +++ b/modules/nixos/hardware/opengl/default.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, namespace, ... }: let - inherit (lib) mkIf mkForce; + inherit (lib) mkIf; inherit (lib.${namespace}) mkBoolOpt; cfg = config.${namespace}.hardware.opengl; diff --git a/modules/nixos/services/avahi/default.nix b/modules/nixos/services/avahi/default.nix new file mode 100644 index 0000000..a3b918d --- /dev/null +++ b/modules/nixos/services/avahi/default.nix @@ -0,0 +1,27 @@ +{ config, lib, namespace, ... }: +let + inherit (lib) mkIf; + + cfg = config.${namespace}.services.avahi; +in +{ + options.${namespace}.services.avahi = { + enable = lib.mkEnableOption "Avahi"; + }; + + config = mkIf cfg.enable { + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + publish = { + enable = true; + addresses = true; + domain = true; + hinfo = true; + userServices = true; + workstation = true; + }; + }; + }; +} diff --git a/modules/nixos/services/openiscsi/default.nix b/modules/nixos/services/openiscsi/default.nix index a85f63f..c7c7f97 100644 --- a/modules/nixos/services/openiscsi/default.nix +++ b/modules/nixos/services/openiscsi/default.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, namespace, host, ... }: let inherit (lib) types mkIf; - inherit (lib.${namespace}) mkOpt; + inherit (lib.${namespace}) mkOpt mkBoolOpt; cfg = config.${namespace}.services.openiscsi; in @@ -9,7 +9,7 @@ in options.${namespace}.services.openiscsi = { enable = lib.mkEnableOption "Open iSCSI support"; name = mkOpt types.str "iqn.2025.reichard.io:${host}" "iSCSI name"; - symlink = mkOpt types.bool false "Create a symlink to the iSCSI binaries"; + symlink = mkBoolOpt false "Create a symlink to the iSCSI binaries"; }; config = mkIf cfg.enable { diff --git a/modules/nixos/services/rke2/default.nix b/modules/nixos/services/rke2/default.nix index 927fb61..103f72f 100644 --- a/modules/nixos/services/rke2/default.nix +++ b/modules/nixos/services/rke2/default.nix @@ -1,7 +1,7 @@ { config, lib, namespace, ... }: let inherit (lib) types mkIf; - inherit (lib.${namespace}) mkOpt; + inherit (lib.${namespace}) mkOpt mkBoolOpt; cfg = config.${namespace}.services.rke2; in @@ -9,6 +9,7 @@ in options.${namespace}.services.rke2 = with types; { enable = lib.mkEnableOption "Enable RKE2"; disable = mkOpt (listOf str) [ ] "Disable services"; + openFirewall = mkBoolOpt true "Open firewall"; }; config = mkIf cfg.enable { @@ -16,5 +17,23 @@ in enable = true; disable = cfg.disable; }; + + networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ + # RKE2 Ports - https://docs.rke2.io/install/requirements#networking + 6443 # Kubernetes API + 9345 # RKE2 supervisor API + 2379 # etcd Client Port + 2380 # etcd Peer Port + 2381 # etcd Metrics Port + 10250 # kubelet metrics + 9099 # Canal CNI health checks + ]; + + networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ + # RKE2 Ports - https://docs.rke2.io/install/requirements#networking + 8472 # Canal CNI with VXLAN + # 51820 # Canal CNI with WireGuard IPv4 (if using encryption) + # 51821 # Canal CNI with WireGuard IPv6 (if using encryption) + ]; }; } diff --git a/modules/nixos/system/networking/default.nix b/modules/nixos/system/networking/default.nix index 2e25769..948b976 100644 --- a/modules/nixos/system/networking/default.nix +++ b/modules/nixos/system/networking/default.nix @@ -1,14 +1,16 @@ { config, lib, pkgs, namespace, ... }: let - inherit (lib) mkIf mkForce; - inherit (lib.${namespace}) mkBoolOpt; + inherit (lib) mkIf mkDefault mkEnableOption; + inherit (lib.${namespace}) mkBoolOpt enabled; cfg = config.${namespace}.system.networking; in { options.${namespace}.system.networking = { - enable = lib.mkEnableOption "networking support"; - enableIWD = mkBoolOpt false "enable iwd"; + enable = mkEnableOption "Enable Networking"; + enableIWD = mkEnableOption "Enable IWD"; + useDHCP = mkBoolOpt true "Use DHCP"; + useNetworkd = mkBoolOpt false "Use networkd"; }; config = mkIf cfg.enable { @@ -21,8 +23,9 @@ in reichard.user.extraGroups = [ "network" ]; networking = { - firewall.enable = true; - usePredictableInterfaceNames = mkForce true; + firewall = enabled; + useDHCP = mkDefault cfg.useDHCP; + useNetworkd = cfg.useNetworkd; } // (lib.optionalAttrs cfg.enableIWD) { wireless.iwd = { enable = true; diff --git a/systems/aarch64-linux/mbp-nixos/default.nix b/systems/aarch64-linux/mbp-nixos/default.nix index 78251c4..e45c4df 100755 --- a/systems/aarch64-linux/mbp-nixos/default.nix +++ b/systems/aarch64-linux/mbp-nixos/default.nix @@ -31,6 +31,10 @@ in }; }; + services = { + avahi = enabled; + }; + security = { sops = { enable = true; diff --git a/systems/x86_64-vmware/rke2-node/default.nix b/systems/x86_64-vmware/rke2-node/default.nix index c87b5a5..6d4b784 100755 --- a/systems/x86_64-vmware/rke2-node/default.nix +++ b/systems/x86_64-vmware/rke2-node/default.nix @@ -8,6 +8,16 @@ in ]; config = { + # Basic System + system.stateVersion = "24.11"; + time.timeZone = "UTC"; + + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + autoResize = true; + }; + reichard = { nix = enabled; @@ -16,9 +26,15 @@ in enable = true; xenGuest = true; }; + networking = { + enable = true; + useDHCP = false; + useNetworkd = true; + }; }; services = { + avahi = enabled; openssh = enabled; cloud-init = enabled; rke2 = { @@ -39,50 +55,6 @@ in }; }; - # Basic System - system.stateVersion = "24.11"; - time.timeZone = "UTC"; - - fileSystems."/" = { - device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - autoResize = true; - }; - - # Network Configuration - networking = { - hostName = lib.mkForce ""; - useNetworkd = true; - useDHCP = false; - - firewall = { - enable = true; - - allowedTCPPorts = [ - # RKE2 Ports - https://docs.rke2.io/install/requirements#networking - 6443 # Kubernetes API - 9345 # RKE2 supervisor API - 2379 # etcd Client Port - 2380 # etcd Peer Port - 2381 # etcd Metrics Port - 10250 # kubelet metrics - 9099 # Canal CNI health checks - ]; - - allowedUDPPorts = [ - # RKE2 Ports - https://docs.rke2.io/install/requirements#networking - 8472 # Canal CNI with VXLAN - # 51820 # Canal CNI with WireGuard IPv4 (if using encryption) - # 51821 # Canal CNI with WireGuard IPv6 (if using encryption) - ]; - - # Allow Multicast - extraCommands = '' - iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT - ''; - }; - }; - systemd.services = { # RKE2 - Wait Cloud Init rke2-server = { @@ -112,7 +84,6 @@ in }; }; - # System Packages environment = { systemPackages = with pkgs; [ htop