From 0518fb5949b3ba7a3b53782c7124be0ced6d0035 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sat, 30 Dec 2023 15:20:16 +0100 Subject: [PATCH] create module for networking --- nixos/default.nix | 66 +++++------------------------------ nixos/modules/networking.nix | 61 ++++++++++++++++++++++++++++++++ nixos/postgresql_server.crt | 67 ------------------------------------ 3 files changed, 70 insertions(+), 124 deletions(-) create mode 100644 nixos/modules/networking.nix delete mode 100644 nixos/postgresql_server.crt diff --git a/nixos/default.nix b/nixos/default.nix index 345dc44..6511d73 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -111,58 +111,6 @@ file ]; - networking = { - domain = "hyp"; - firewall.enable = true; - useDHCP = false; - }; - - system.stateVersion = "23.05"; - - systemd.network = { - enable = true; - - netdevs = { - "20-vlandmz" = { - netdevConfig = { - Kind = "vlan"; - Name = "vlandmz"; - }; - vlanConfig.Id = 30; - }; - "20-bridgedmz" = { - netdevConfig = { - Kind = "bridge"; - Name = "bridgedmz"; - }; - }; - }; - - networks = { - "30-main-nic" = { - matchConfig.Name = "en*"; - networkConfig = { DHCP = "yes"; }; - vlan = [ "vlandmz" ]; - }; - "40-vlandmz" = { - matchConfig.Name = "vlandmz"; - networkConfig = { - IPv6AcceptRA = false; - LinkLocalAddressing = "no"; - Bridge = "bridgedmz"; - }; - linkConfig.RequiredForOnline = "enslaved"; - }; - "40-bridgedmz" = { - matchConfig.Name = "bridgedmz"; - networkConfig = { - IPv6AcceptRA = false; - LinkLocalAddressing = "no"; - }; - linkConfig.RequiredForOnline = "carrier"; - }; - }; - }; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; @@ -178,9 +126,13 @@ ''; }; - system.activationScripts.diff = '' - if [[ -e /run/current-system ]]; then - ${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig" - fi - ''; + system = { + stateVersion = "23.05"; + + activationScripts.diff = '' + if [[ -e /run/current-system ]]; then + ${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig" + fi + ''; + }; } diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix new file mode 100644 index 0000000..63f51a0 --- /dev/null +++ b/nixos/modules/networking.nix @@ -0,0 +1,61 @@ +{ + networking = { + domain = "hyp"; + firewall.enable = true; + useDHCP = false; + }; + + systemd.network = { + enable = true; + + netdevs = { + "20-vlandmz" = { + vlanConfig.Id = 30; + + netdevConfig = { + Kind = "vlan"; + Name = "vlandmz"; + }; + }; + + "20-bridgedmz" = { + netdevConfig = { + Kind = "bridge"; + Name = "bridgedmz"; + }; + }; + }; + + networks = { + "30-main-nic" = { + matchConfig.Name = "en*"; + vlan = [ "vlandmz" ]; + + networkConfig = { + DHCP = "yes"; + }; + }; + + "40-vlandmz" = { + matchConfig.Name = "vlandmz"; + linkConfig.RequiredForOnline = "enslaved"; + + networkConfig = { + IPv6AcceptRA = false; + LinkLocalAddressing = "no"; + Bridge = "bridgedmz"; + }; + }; + + "40-bridgedmz" = { + matchConfig.Name = "bridgedmz"; + linkConfig.RequiredForOnline = "carrier"; + + networkConfig = { + IPv6AcceptRA = false; + LinkLocalAddressing = "no"; + }; + }; + }; + }; +} diff --git a/nixos/postgresql_server.crt b/nixos/postgresql_server.crt deleted file mode 100644 index e6bb806..0000000 --- a/nixos/postgresql_server.crt +++ /dev/null @@ -1,67 +0,0 @@ -Certificate: - Data: - Version: 1 (0x0) - Serial Number: - ef:2f:4d:d4:26:7e:33:1b - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=jefke.hyp - Validity - Not Before: Nov 22 19:12:03 2023 GMT - Not After : Oct 29 19:12:03 2123 GMT - Subject: CN=jefke.hyp - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) - Modulus: - 00:c7:ab:eb:9c:d0:7f:4f:f1:ba:65:0a:8b:07:7b: - 2e:5b:f0:26:82:33:c9:73:e6:91:cc:11:94:05:1c: - 8d:67:29:cb:5e:67:35:02:80:54:af:99:4b:aa:ce: - e8:56:62:be:63:cb:b2:4a:b0:a9:28:12:e2:77:50: - 7d:d5:d2:3b:48:d8:32:59:25:26:ff:a6:5c:f6:eb: - ae:5b:3d:7a:14:10:ba:90:9c:6f:1f:b9:d8:99:0e: - b7:09:5e:62:69:c4:c0:c6:27:b0:d3:60:0d:47:4c: - a5:11:53:f2:f1:4a:f9:a6:bc:d6:a3:35:a2:e8:e5: - a9:d1:60:e8:e5:18:ce:d2:60:80:4e:dc:48:ae:7f: - b7:ea:76:51:28:39:a4:b0:95:82:95:93:98:b2:9f: - 23:c9:81:69:59:a3:e4:f7:5a:1c:01:31:96:c1:4b: - 59:21:f8:a2:e6:9e:21:78:0e:6b:c1:68:c7:5c:16: - 9a:06:54:df:b6:77:1d:2d:89:d0:c8:9e:db:b5:d4: - 8c:fb:b9:4f:b7:6e:39:5f:39:8e:48:73:76:7d:46: - 6e:1f:8d:14:cb:40:b5:ff:c6:f0:c0:44:3c:ed:52: - 3f:4f:7b:69:63:93:c6:41:e6:5e:ed:33:50:20:46: - db:93:bf:e8:52:51:95:f1:81:73:58:da:67:21:7b: - 12:bd - Exponent: 65537 (0x10001) - Signature Algorithm: sha256WithRSAEncryption - aa:5c:89:41:a6:b7:3d:65:87:ca:50:c4:f3:58:aa:d3:b4:55: - b1:a7:8d:18:26:17:e5:8a:21:24:a1:49:53:77:31:5b:55:63: - be:01:d8:fe:b7:06:7c:da:07:1f:94:6a:de:96:ad:ca:3b:20: - 2a:e1:35:90:19:83:6d:37:d1:15:12:de:3c:0e:46:be:66:a1: - 6a:1d:ec:72:dc:46:79:69:e4:af:77:c8:ff:cd:d6:7d:16:88: - ab:44:fd:70:fc:40:47:ff:43:95:11:5a:9a:56:0c:d2:dd:7c: - 3b:87:aa:10:26:fa:25:a3:a0:43:8a:1b:ec:54:11:7e:65:67: - d2:06:e1:3e:3b:e1:0e:b0:80:ef:4b:35:3f:fc:34:1d:95:2e: - ee:c1:67:38:da:b3:74:86:4b:95:8c:0c:1d:51:28:c1:42:e9: - 77:68:d7:ec:3b:66:30:c6:e5:2a:62:ea:15:fb:24:56:cf:02: - d0:25:54:a7:58:15:b5:2a:71:93:56:c0:69:7a:36:18:6c:31: - b1:8e:3c:77:d7:77:ac:fc:e1:94:c5:08:bb:35:ac:48:5f:6b: - 8b:c8:c8:78:f4:a9:ca:4f:9d:51:54:89:97:c9:af:a1:fa:71: - df:58:f6:ff:04:7c:c8:1c:95:6b:1a:e3:a7:f6:43:1c:27:94: - 10:03:ce:ec ------BEGIN CERTIFICATE----- -MIICpjCCAY4CCQDvL03UJn4zGzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlq -ZWZrZS5oeXAwIBcNMjMxMTIyMTkxMjAzWhgPMjEyMzEwMjkxOTEyMDNaMBQxEjAQ -BgNVBAMMCWplZmtlLmh5cDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AMer65zQf0/xumUKiwd7LlvwJoIzyXPmkcwRlAUcjWcpy15nNQKAVK+ZS6rO6FZi -vmPLskqwqSgS4ndQfdXSO0jYMlklJv+mXPbrrls9ehQQupCcbx+52JkOtwleYmnE -wMYnsNNgDUdMpRFT8vFK+aa81qM1oujlqdFg6OUYztJggE7cSK5/t+p2USg5pLCV -gpWTmLKfI8mBaVmj5PdaHAExlsFLWSH4ouaeIXgOa8Fox1wWmgZU37Z3HS2J0Mie -27XUjPu5T7duOV85jkhzdn1Gbh+NFMtAtf/G8MBEPO1SP097aWOTxkHmXu0zUCBG -25O/6FJRlfGBc1jaZyF7Er0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqlyJQaa3 -PWWHylDE81iq07RVsaeNGCYX5YohJKFJU3cxW1VjvgHY/rcGfNoHH5Rq3patyjsg -KuE1kBmDbTfRFRLePA5Gvmahah3sctxGeWnkr3fI/83WfRaIq0T9cPxAR/9DlRFa -mlYM0t18O4eqECb6JaOgQ4ob7FQRfmVn0gbhPjvhDrCA70s1P/w0HZUu7sFnONqz -dIZLlYwMHVEowULpd2jX7DtmMMblKmLqFfskVs8C0CVUp1gVtSpxk1bAaXo2GGwx -sY48d9d3rPzhlMUIuzWsSF9ri8jIePSpyk+dUVSJl8mvofpx31j2/wR8yByVaxrj -p/ZDHCeUEAPO7A== ------END CERTIFICATE-----