aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--machines/nixos/x86_64-linux/do-rproxy/default.nix3
-rw-r--r--machines/nixos/x86_64-linux/synology-vm/default.nix2
-rw-r--r--modules/nixos/base.nix36
-rw-r--r--profiles/network/fail2ban.nix15
-rw-r--r--profiles/network/firewall.nix10
-rw-r--r--profiles/network/networkd.nix19
6 files changed, 36 insertions, 49 deletions
diff --git a/machines/nixos/x86_64-linux/do-rproxy/default.nix b/machines/nixos/x86_64-linux/do-rproxy/default.nix
index 20a048f..51ebea1 100644
--- a/machines/nixos/x86_64-linux/do-rproxy/default.nix
+++ b/machines/nixos/x86_64-linux/do-rproxy/default.nix
@@ -25,9 +25,6 @@
"${self}/profiles/programs/home-manager.nix"
"${self}/profiles/admin-user/user.nix"
"${self}/profiles/admin-user/home-manager.nix"
- "${self}/profiles/network/networkd.nix"
- "${self}/profiles/network/firewall.nix"
- "${self}/profiles/network/fail2ban.nix"
"${self}/profiles/services/podman.nix"
./profiles/nginx.nix
];
diff --git a/machines/nixos/x86_64-linux/synology-vm/default.nix b/machines/nixos/x86_64-linux/synology-vm/default.nix
index 34d9962..9edc292 100644
--- a/machines/nixos/x86_64-linux/synology-vm/default.nix
+++ b/machines/nixos/x86_64-linux/synology-vm/default.nix
@@ -21,8 +21,6 @@
"${self}/profiles/programs/home-manager.nix"
"${self}/profiles/admin-user/user.nix"
"${self}/profiles/admin-user/home-manager.nix"
- "${self}/profiles/network/networkd.nix"
- "${self}/profiles/network/firewall.nix"
"${self}/profiles/services/podman.nix"
./profiles/forgejo.nix
./profiles/keycloak.nix
diff --git a/modules/nixos/base.nix b/modules/nixos/base.nix
index f3dece1..9ed3abc 100644
--- a/modules/nixos/base.nix
+++ b/modules/nixos/base.nix
@@ -16,6 +16,42 @@
};
};
+ networking = {
+ useNetworkd = true;
+ # Used by systemd-resolved, not directly by resolv.conf.
+ nameservers = [
+ "8.8.8.8#dns.google"
+ "1.0.0.1#cloudflare-dns.com"
+ ];
+ firewall = {
+ enable = true;
+ allowPing = true;
+ logRefusedConnections = false;
+ };
+ };
+
+ systemd.network = {
+ enable = true;
+ };
+
+ services.resolved = {
+ enable = true;
+ dnssec = "false";
+ };
+
+ services.fail2ban = {
+ enable = true;
+ ignoreIP = [
+ "10.100.0.0/24" # wireguard
+ ];
+ bantime = "1h";
+ bantime-increment = {
+ enable = true;
+ maxtime = "168h";
+ factor = "4";
+ };
+ };
+
i18n = {
defaultLocale = "en_US.UTF-8";
supportedLocales = [
diff --git a/profiles/network/fail2ban.nix b/profiles/network/fail2ban.nix
deleted file mode 100644
index 6aa6613..0000000
--- a/profiles/network/fail2ban.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ ... }:
-{
- services.fail2ban = {
- enable = true;
- ignoreIP = [
- "10.100.0.0/24" # wireguard
- ];
- bantime = "1h";
- bantime-increment = {
- enable = true;
- maxtime = "168h";
- factor = "4";
- };
- };
-}
diff --git a/profiles/network/firewall.nix b/profiles/network/firewall.nix
deleted file mode 100644
index b29dc31..0000000
--- a/profiles/network/firewall.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ ... }:
-{
- networking = {
- firewall = {
- enable = true;
- allowPing = true;
- logRefusedConnections = false;
- };
- };
-}
diff --git a/profiles/network/networkd.nix b/profiles/network/networkd.nix
deleted file mode 100644
index 928d6dc..0000000
--- a/profiles/network/networkd.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ ... }:
-{
- networking.useNetworkd = true;
-
- systemd.network = {
- enable = true;
- };
-
- services.resolved = {
- enable = true;
- dnssec = "false";
- };
-
- # Used by systemd-resolved, not directly by resolv.conf.
- networking.nameservers = [
- "8.8.8.8#dns.google"
- "1.0.0.1#cloudflare-dns.com"
- ];
-}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 13:08:46 +0000