network: move tailscale in modules

Move the networking configuration for the hosts to its own file.

9 files changed, 78 insertions, 63 deletions

diff --git a/hosts/aptos/default.nix b/hosts/aptos/default.nix
index 95f4b81..b596f30 100644
--- a/hosts/aptos/default.nix
+++ b/hosts/aptos/default.nix
@@ -4,8 +4,8 @@
   imports = [ # Include the results of the hardware scan.
     ./hardware-configuration.nix
     ./sound.nix
+    ./networking.nix
     ../common/desktop
-    ../common/system/tailscale.nix
     ../common/hardware/xps9300.nix
   ];
 
@@ -22,25 +22,6 @@
     };
   };
 
-  # Use systemd-networkd for networking
-  systemd.network = {
-    enable = true;
-    networks = {
-      wlan0 = {
-        matchConfig.Name = "wlan0";
-        networkConfig = { DHCP = "yes"; };
-        extraConfig = ''
-          [DHCPv4]
-          UseDNS=yes
-          UseDomains=yes
-        '';
-      };
-    };
-  };
-
-  networking.wireless.iwd.enable = true;
-  networking.private-wireguard.enable = true;
-
   services.thermald.enable = true;
 
   # This value determines the NixOS release from which the default
diff --git a/hosts/aptos/networking.nix b/hosts/aptos/networking.nix
new file mode 100644
index 0000000..ed5e175
--- /dev/null
+++ b/hosts/aptos/networking.nix
@@ -0,0 +1,22 @@
+{ ... }: {
+  # Use systemd-networkd for networking
+  systemd.network = {
+    enable = true;
+    networks = {
+      wlan0 = {
+        matchConfig.Name = "wlan0";
+        networkConfig = { DHCP = "yes"; };
+        extraConfig = ''
+          [DHCPv4]
+          UseDNS=yes
+          UseDomains=yes
+        '';
+      };
+    };
+  };
+
+  networking.wireless.iwd.enable = true;
+  networking.private-wireguard.enable = true;
+
+  my.services.tailscale.enable = true;
+}
diff --git a/hosts/carmel/default.nix b/hosts/carmel/default.nix
index ecc8362..7e48b5d 100644
--- a/hosts/carmel/default.nix
+++ b/hosts/carmel/default.nix
@@ -4,6 +4,7 @@
   imports = [ # Include the results of the hardware scan.
     ./hardware-configuration.nix
     ./sound.nix
+    ./networking.nix
     ../common/desktop
     # In order to unlock the root disk remotely
     ../common/system/boot-ssh.nix
@@ -21,22 +22,6 @@
 
   hardware.opengl.driSupport = true;
 
-  # Use systemd-networkd for networking
-  systemd.network = {
-    enable = true;
-    networks = {
-      enp9s0 = {
-        matchConfig.Name = "enp9s0";
-        networkConfig = { DHCP = "yes"; };
-        extraConfig = ''
-          [DHCPv4]
-          UseDNS=yes
-          UseDomains=yes
-        '';
-      };
-    };
-  };
-
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave
diff --git a/hosts/carmel/networking.nix b/hosts/carmel/networking.nix
new file mode 100644
index 0000000..f4a1c6f
--- /dev/null
+++ b/hosts/carmel/networking.nix
@@ -0,0 +1,17 @@
+{ ... }: {
+  # Use systemd-networkd for networking
+  systemd.network = {
+    enable = true;
+    networks = {
+      enp9s0 = {
+        matchConfig.Name = "enp9s0";
+        networkConfig = { DHCP = "yes"; };
+        extraConfig = ''
+          [DHCPv4]
+          UseDNS=yes
+          UseDomains=yes
+        '';
+      };
+    };
+  };
+}
diff --git a/hosts/common/system/tailscale.nix b/hosts/common/system/tailscale.nix
deleted file mode 100644
index 88c123c..0000000
--- a/hosts/common/system/tailscale.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  services.tailscale.enable = true;
-  networking.firewall.trustedInterfaces = [ "tailscale0" ];
-}
diff --git a/hosts/tahoe/default.nix b/hosts/tahoe/default.nix
index 5a746dd..9d11720 100644
--- a/hosts/tahoe/default.nix
+++ b/hosts/tahoe/default.nix
@@ -3,31 +3,12 @@
 {
   imports = [ # Include the results of the hardware scan.
     ./hardware-configuration.nix
+    ./networking.nix
     ../profiles/nas.nix
-    ../common/system/tailscale.nix
   ];
 
   boot = { initrd = { luks.devices."system".allowDiscards = true; }; };
 
-  # Use systemd-networkd for networking
-  systemd.network = {
-    enable = true;
-    networks = {
-      enp42s0 = {
-        matchConfig.Name = "enp42s0";
-        networkConfig = { DHCP = "yes"; };
-        extraConfig = ''
-          [DHCPv4]
-          UseDNS=yes
-          UseDomains=yes
-        '';
-      };
-    };
-  };
-
-  networking.private-wireguard.enable = true;
-  networking.firewall.enable = false;
-
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave
diff --git a/hosts/tahoe/networking.nix b/hosts/tahoe/networking.nix
new file mode 100644
index 0000000..1b0568e
--- /dev/null
+++ b/hosts/tahoe/networking.nix
@@ -0,0 +1,22 @@
+{ ... }: {
+  # Use systemd-networkd for networking
+  systemd.network = {
+    enable = true;
+    networks = {
+      enp42s0 = {
+        matchConfig.Name = "enp42s0";
+        networkConfig = { DHCP = "yes"; };
+        extraConfig = ''
+          [DHCPv4]
+          UseDNS=yes
+          UseDomains=yes
+        '';
+      };
+    };
+  };
+
+  networking.private-wireguard.enable = true;
+  networking.firewall.enable = false;
+
+  my.services.tailscale.enable = true;
+}
diff --git a/modules/services/default.nix b/modules/services/default.nix
index d34f57a..9a5338b 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -1 +1 @@
-{ ... }: { imports = [ ./ssh-server ]; }
+{ ... }: { imports = [ ./ssh-server ./tailscale ]; }
diff --git a/modules/services/tailscale/default.nix b/modules/services/tailscale/default.nix
new file mode 100644
index 0000000..cad1cad
--- /dev/null
+++ b/modules/services/tailscale/default.nix
@@ -0,0 +1,13 @@
+{ config, lib, ... }:
+let cfg = config.my.services.tailscale;
+in {
+
+  options.my.services.tailscale = with lib; {
+    enable = mkEnableOption "tailscale configuration";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.tailscale.enable = true;
+    networking.firewall.trustedInterfaces = [ "tailscale0" ];
+  };
+}