net/fail2ban: initial commit

1 files changed, 49 insertions, 0 deletions

diff --git a/sys/net/interfaces.nix b/sys/net/interfaces.nix
new file mode 100644
index 0000000..0341440
--- /dev/null
+++ b/sys/net/interfaces.nix
@@ -0,0 +1,49 @@
+{ lib, config, pkgs, ... }:
+with lib; let
+  cfg = config.local.net;
+in
+{
+  options.local.net = with lib.types; {
+    enable = mkEnableOption "networking stack";
+
+    hostname = mkOption {
+      type = str;
+    };
+
+    dhcpInterface = mkOption {
+      type = nullOr str;
+      default = null;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = [ pkgs.dhcpcd ];
+
+    networking = {
+      domain = mkDefault config.local.domains.host.main;
+      hostName = cfg.hostname;
+
+      useDHCP = false;
+      enableIPv6 = true;
+      useNetworkd = true;
+      useHostResolvConf = false;
+
+      wireguard.enable = true;
+    };
+
+    systemd.network.networks = mkIf (cfg.dhcpInterface != null) {
+      "40-${cfg.dhcpInterface}" = {
+        matchConfig.Name = cfg.dhcpInterface;
+
+        networkConfig = {
+          DHCP = "ipv4";
+          IPv6AcceptRA = true;
+          IPv6PrivacyExtensions = "kernel";
+        };
+
+        # make routing on this interface a dependency for network-online.target
+        linkConfig.RequiredForOnline = "routable";
+      };
+    };
+  };
+}