From 39e2d8f4e577a35017a88603c2dd316245010e43 Mon Sep 17 00:00:00 2001
From: coolneng <akasroua@gmail.com>
Date: Tue, 20 Dec 2022 15:04:11 +0100
Subject: [PATCH] Migrate to systemd-networkd
---
configuration.nix | 6 ++-
modules/networking.nix | 86 +++++++++++++++++++++++-------------------
2 files changed, 53 insertions(+), 39 deletions(-)
diff --git a/configuration.nix b/configuration.nix
index 21d8451..f56bd23 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -105,7 +105,11 @@ with pkgs;
# Specify secrets
age = {
- secrets.wireguard.file = secrets/wireguard.age;
+ secrets.wireguard = {
+ file = secrets/wireguard.age;
+ owner = "systemd-network";
+ group = "systemd-network";
+ };
secrets.syncthing.file = secrets/syncthing.age;
secrets.msmtp.file = secrets/msmtp.age;
secrets.gitea = {
diff --git a/modules/networking.nix b/modules/networking.nix
index 3c544e4..0a906c9 100644
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -3,23 +3,24 @@
let wireguard_port = 1194;
in {
- # Assign a static IP
+ # Enable systemd-networkd
networking = {
hostName = "zion";
hostId = "4e74ea68";
- interfaces.eth0 = {
- useDHCP = false;
- ipv4.addresses = [{
- address = "192.168.13.2";
- prefixLength = 24;
- }];
- };
- defaultGateway = {
- address = "192.168.13.1";
- interface = "eth0";
- };
- nameservers = [ "51.158.108.203" "137.220.55.93" ];
- enableIPv6 = false;
+ useDHCP = false;
+ useNetworkd = true;
+ dhcpcd.enable = false;
+ };
+ systemd.services."systemd-networkd-wait-online".enable = false;
+
+ # Assign a static IP
+ systemd.network.networks."24-home" = {
+ name = "eth0";
+ matchConfig.Name = "eth0";
+ address = [ "192.168.13.2/24" ];
+ gateway = [ "192.168.13.1" ];
+ dns = [ "51.158.108.203" "137.220.55.93" ];
+ networkConfig.DNSSEC = "no";
};
# Enable zeroconf
@@ -61,38 +62,47 @@ in {
'';
};
- # Enable NAT for wireguard
- networking.nat = {
- enable = true;
- externalInterface = "eth0";
- internalInterfaces = [ "wg0" ];
+ # Wireguard setup
+ systemd.network.netdevs."wg0" = {
+ netdevConfig = {
+ Kind = "wireguard";
+ Name = "wg0";
+ };
+ wireguardConfig = {
+ ListenPort = wireguard_port;
+ PrivateKeyFile = config.age.secrets.wireguard.path;
+ };
+ wireguardPeers = [
+ # panacea
+ {
+ wireguardPeerConfig = {
+ PublicKey = "XMkTztU2Y8hw6Fu/2o4Gszij+EmNacvFMXuZyHS1n38=";
+ AllowedIPs = [ "10.8.0.2/32" ];
+ };
+ }
+ # caravanserai
+ {
+ wireguardPeerConfig = {
+ PublicKey = "eeKfAgMisM3K4ZOErev05RJ9LS2NLqL4x9jyi4XhM1Q=";
+ AllowedIPs = [ "10.8.0.3/32" ];
+ };
+ }
+ ];
};
- # Wireguard setup
- networking.wireguard.interfaces = {
- wg0 = {
- ips = [ "10.8.0.1/24" ];
- listenPort = wireguard_port;
- privateKeyFile = config.age.secrets.wireguard.path;
- peers = [
- # panacea
- {
- publicKey = "XMkTztU2Y8hw6Fu/2o4Gszij+EmNacvFMXuZyHS1n38=";
- allowedIPs = [ "10.8.0.2/32" ];
- }
- # caravanserai
- {
- publicKey = "eeKfAgMisM3K4ZOErev05RJ9LS2NLqL4x9jyi4XhM1Q=";
- allowedIPs = [ "10.8.0.3/32" ];
- }
- ];
+ systemd.network.networks."wg0" = {
+ matchConfig.Name = "wg0";
+ networkConfig = {
+ Address = "10.8.0.1/24";
+ IPForward = true;
+ IPMasquerade = "ipv4";
};
};
# DNS server with ad-block
services.dnsmasq = {
enable = true;
- servers = config.networking.nameservers;
+ servers = config.systemd.network.networks."24-home".dns;
extraConfig = ''
domain-needed
bogus-priv