nixos-server-config/networking.nix

{ config, pkgs, ... }:

{
  networking = {
    hostName = "nixos-server";
    defaultGateway = {
      address = "10.0.20.1";
      interface = "bond0";
    };    
    nameservers = [ "10.0.20.1" ];

    bonds.bond0 = {
      interfaces = [ "enp3s0f0" "enp3s0f1" ];
      driverOptions = {
        mode = "802.3ad";
      };
    };

    interfaces = {
      enp2s0.useDHCP = false;
      bond0 = {
        ipv4.addresses = [ {
          address = "10.0.20.28";
          prefixLength = 24;
        } ];
        ipv6.addresses = [ {
          address = "2001:470:6a49:2a:31ad:b70d:49f4:75f2";
          prefixLength = 128;
        } ];
      };
      internal.useDHCP = true;
    };

    vlans = {
      internal = {
        id = 10;
        interface = "bond0";
      };
    };

  wireguard.interfaces = {
    wg0 = {
      ips = [ "10.0.24.1" ];
      privateKeyFile = "/home/michael/wireguard/privkey";
      listenPort = 45904;
    };
  };

    firewall = {
      enable = true;
      allowPing = true;
      allowedTCPPorts = [
        22  # ssh
      ];
      interfaces = {
        internal = {
          allowedTCPPorts = [
            873  # rsync
            139  # samba
            445  # samba
            2049 # nfs
          ];
          allowedUDPPorts = [
            137 # samba
            138 # samba
          ];
        };
      };
    };

    /*proxy = {
      default = "http://10.0.20.1:8118";
      noProxy = "127.0.0.1,localhost,internal.domain";
    };*/
  };
}
Initial commit 2019-11-10 08:41:19 +00:00			`{ config, pkgs, ... }:`

			`{`
			`networking = {`
			`hostName = "nixos-server";`
updated 20.09 server configuration Signed-off-by: Michael <michael.lindman@gmail.com> 2021-10-07 00:05:02 +00:00			`defaultGateway = {`
			`address = "10.0.20.1";`
			`interface = "bond0";`
			`};`
Initial commit 2019-11-10 08:41:19 +00:00			`nameservers = [ "10.0.20.1" ];`

updated 20.09 server configuration Signed-off-by: Michael <michael.lindman@gmail.com> 2021-10-07 00:05:02 +00:00			`bonds.bond0 = {`
			`interfaces = [ "enp3s0f0" "enp3s0f1" ];`
			`driverOptions = {`
			`mode = "802.3ad";`
			`};`
Initial commit 2019-11-10 08:41:19 +00:00			`};`

			`interfaces = {`
updated 20.09 server configuration Signed-off-by: Michael <michael.lindman@gmail.com> 2021-10-07 00:05:02 +00:00			`enp2s0.useDHCP = false;`
			`bond0 = {`
Initial commit 2019-11-10 08:41:19 +00:00			`ipv4.addresses = [ {`
			`address = "10.0.20.28";`
			`prefixLength = 24;`
			`} ];`
			`ipv6.addresses = [ {`
			`address = "2001:470:6a49:2a:31ad:b70d:49f4:75f2";`
			`prefixLength = 128;`
			`} ];`
			`};`
updated 20.09 server configuration Signed-off-by: Michael <michael.lindman@gmail.com> 2021-10-07 00:05:02 +00:00			`internal.useDHCP = true;`
Initial commit 2019-11-10 08:41:19 +00:00			`};`

updated 20.09 server configuration Signed-off-by: Michael <michael.lindman@gmail.com> 2021-10-07 00:05:02 +00:00			`vlans = {`
			`internal = {`
			`id = 10;`
			`interface = "bond0";`
Initial commit 2019-11-10 08:41:19 +00:00			`};`
			`};`

updated 20.09 server configuration Signed-off-by: Michael <michael.lindman@gmail.com> 2021-10-07 00:05:02 +00:00			`wireguard.interfaces = {`
			`wg0 = {`
			`ips = [ "10.0.24.1" ];`
			`privateKeyFile = "/home/michael/wireguard/privkey";`
			`listenPort = 45904;`
			`};`
			`};`

Initial commit 2019-11-10 08:41:19 +00:00			`firewall = {`
			`enable = true;`
updated 20.09 server configuration Signed-off-by: Michael <michael.lindman@gmail.com> 2021-10-07 00:05:02 +00:00			`allowPing = true;`
Initial commit 2019-11-10 08:41:19 +00:00			`allowedTCPPorts = [`
updated 20.09 server configuration Signed-off-by: Michael <michael.lindman@gmail.com> 2021-10-07 00:05:02 +00:00			`22 # ssh`
Initial commit 2019-11-10 08:41:19 +00:00			`];`
updated 20.09 server configuration Signed-off-by: Michael <michael.lindman@gmail.com> 2021-10-07 00:05:02 +00:00			`interfaces = {`
			`internal = {`
			`allowedTCPPorts = [`
			`873 # rsync`
			`139 # samba`
			`445 # samba`
			`2049 # nfs`
			`];`
			`allowedUDPPorts = [`
			`137 # samba`
			`138 # samba`
			`];`
			`};`
			`};`
Initial commit 2019-11-10 08:41:19 +00:00			`};`
updated 20.09 server configuration Signed-off-by: Michael <michael.lindman@gmail.com> 2021-10-07 00:05:02 +00:00
			`/*proxy = {`
			`default = "http://10.0.20.1:8118";`
			`noProxy = "127.0.0.1,localhost,internal.domain";`
			`};*/`
Initial commit 2019-11-10 08:41:19 +00:00			`};`
			`}`