From a0c2fdc90aefe9fc2e5d8f75eb7e7a1ef4974b2e Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Thu, 9 Oct 2025 19:21:46 -0700 Subject: more simplification of the configuration --- machines/nixos/x86_64-linux/do-rproxy/default.nix | 3 -- .../nixos/x86_64-linux/synology-vm/default.nix | 2 -- modules/nixos/base.nix | 36 ++++++++++++++++++++++ profiles/network/fail2ban.nix | 15 --------- profiles/network/firewall.nix | 10 ------ profiles/network/networkd.nix | 19 ------------ 6 files changed, 36 insertions(+), 49 deletions(-) delete mode 100644 profiles/network/fail2ban.nix delete mode 100644 profiles/network/firewall.nix delete mode 100644 profiles/network/networkd.nix diff --git a/machines/nixos/x86_64-linux/do-rproxy/default.nix b/machines/nixos/x86_64-linux/do-rproxy/default.nix index 20a048f..51ebea1 100644 --- a/machines/nixos/x86_64-linux/do-rproxy/default.nix +++ b/machines/nixos/x86_64-linux/do-rproxy/default.nix @@ -25,9 +25,6 @@ "${self}/profiles/programs/home-manager.nix" "${self}/profiles/admin-user/user.nix" "${self}/profiles/admin-user/home-manager.nix" - "${self}/profiles/network/networkd.nix" - "${self}/profiles/network/firewall.nix" - "${self}/profiles/network/fail2ban.nix" "${self}/profiles/services/podman.nix" ./profiles/nginx.nix ]; diff --git a/machines/nixos/x86_64-linux/synology-vm/default.nix b/machines/nixos/x86_64-linux/synology-vm/default.nix index 34d9962..9edc292 100644 --- a/machines/nixos/x86_64-linux/synology-vm/default.nix +++ b/machines/nixos/x86_64-linux/synology-vm/default.nix @@ -21,8 +21,6 @@ "${self}/profiles/programs/home-manager.nix" "${self}/profiles/admin-user/user.nix" "${self}/profiles/admin-user/home-manager.nix" - "${self}/profiles/network/networkd.nix" - "${self}/profiles/network/firewall.nix" "${self}/profiles/services/podman.nix" ./profiles/forgejo.nix ./profiles/keycloak.nix diff --git a/modules/nixos/base.nix b/modules/nixos/base.nix index f3dece1..9ed3abc 100644 --- a/modules/nixos/base.nix +++ b/modules/nixos/base.nix @@ -16,6 +16,42 @@ }; }; + networking = { + useNetworkd = true; + # Used by systemd-resolved, not directly by resolv.conf. + nameservers = [ + "8.8.8.8#dns.google" + "1.0.0.1#cloudflare-dns.com" + ]; + firewall = { + enable = true; + allowPing = true; + logRefusedConnections = false; + }; + }; + + systemd.network = { + enable = true; + }; + + services.resolved = { + enable = true; + dnssec = "false"; + }; + + services.fail2ban = { + enable = true; + ignoreIP = [ + "10.100.0.0/24" # wireguard + ]; + bantime = "1h"; + bantime-increment = { + enable = true; + maxtime = "168h"; + factor = "4"; + }; + }; + i18n = { defaultLocale = "en_US.UTF-8"; supportedLocales = [ diff --git a/profiles/network/fail2ban.nix b/profiles/network/fail2ban.nix deleted file mode 100644 index 6aa6613..0000000 --- a/profiles/network/fail2ban.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ ... }: -{ - services.fail2ban = { - enable = true; - ignoreIP = [ - "10.100.0.0/24" # wireguard - ]; - bantime = "1h"; - bantime-increment = { - enable = true; - maxtime = "168h"; - factor = "4"; - }; - }; -} diff --git a/profiles/network/firewall.nix b/profiles/network/firewall.nix deleted file mode 100644 index b29dc31..0000000 --- a/profiles/network/firewall.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: -{ - networking = { - firewall = { - enable = true; - allowPing = true; - logRefusedConnections = false; - }; - }; -} diff --git a/profiles/network/networkd.nix b/profiles/network/networkd.nix deleted file mode 100644 index 928d6dc..0000000 --- a/profiles/network/networkd.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ ... }: -{ - networking.useNetworkd = true; - - systemd.network = { - enable = true; - }; - - services.resolved = { - enable = true; - dnssec = "false"; - }; - - # Used by systemd-resolved, not directly by resolv.conf. - networking.nameservers = [ - "8.8.8.8#dns.google" - "1.0.0.1#cloudflare-dns.com" - ]; -} -- cgit v1.2.3