From 9cfe6e2c4c15acbbfafa61b8da35c3b93edb89ad Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 5 Nov 2024 18:31:39 +0000 Subject: [PATCH] treewide: migrate networking to systemd-networkd --- common/environment.nix | 1 + flake.lock | 8 ++++---- hosts/kalessin/hardware-configuration.nix | 5 +++-- hosts/orm/default.nix | 7 ++++++- hosts/orm/hardware-configuration.nix | 5 +++-- hosts/tohru/networking.nix | 11 ++++++++++- hosts/yevaud/default.nix | 7 ++++++- hosts/yevaud/hardware-configuration.nix | 5 +++-- 8 files changed, 36 insertions(+), 13 deletions(-) diff --git a/common/environment.nix b/common/environment.nix index f9d3a84..08e3fc4 100644 --- a/common/environment.nix +++ b/common/environment.nix @@ -13,6 +13,7 @@ lsof tcpdump netcat # <3 + wireguard-tools ]; environment.wordlist.enable = true; diff --git a/flake.lock b/flake.lock index 951b039..84dc2db 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "birdsong": { "locked": { - "lastModified": 1722971137, - "narHash": "sha256-1x0vaUy/uFCfoDn0a4K55+MNseAqLQmv1GPP6GQFFIA=", + "lastModified": 1730826917, + "narHash": "sha256-KzpWqP+Cg0H2V036LgIHfuxnpVq2wZ+eGFjuXegRhLY=", "ref": "main", - "rev": "2fd6d96a00ef69a2afe72a2fe9d18d759c1cc8f3", - "revCount": 7, + "rev": "8ca844c0d0ce3b8088c0a380ecdbf555015b0cd6", + "revCount": 9, "type": "git", "url": "https://git.qenya.tel/qenya/birdsong" }, diff --git a/hosts/kalessin/hardware-configuration.nix b/hosts/kalessin/hardware-configuration.nix index 8e0fb17..a80e477 100644 --- a/hosts/kalessin/hardware-configuration.nix +++ b/hosts/kalessin/hardware-configuration.nix @@ -40,8 +40,9 @@ # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s6.useDHCP = lib.mkDefault true; + # networking.useDHCP = lib.mkDefault true; + networking.useNetworkd = true; + networking.interfaces.enp0s6.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; } diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index e8e32ef..a042e95 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -11,7 +11,12 @@ users.users.qenya.extraGroups = [ "wheel" ]; qenya.base-server.enable = true; - age.secrets.wireguard-peer-orm.file = ../../secrets/wireguard-peer-orm.age; + age.secrets.wireguard-peer-orm = { + file = ../../secrets/wireguard-peer-orm.age; + owner = "root"; + group = "systemd-network"; + mode = "640"; + }; birdsong.peering = { enable = true; diff --git a/hosts/orm/hardware-configuration.nix b/hosts/orm/hardware-configuration.nix index 11459e7..eddc71e 100644 --- a/hosts/orm/hardware-configuration.nix +++ b/hosts/orm/hardware-configuration.nix @@ -42,8 +42,9 @@ # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens3.useDHCP = lib.mkDefault true; + # networking.useDHCP = lib.mkDefault true; + networking.useNetworkd = true; + networking.interfaces.ens3.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } diff --git a/hosts/tohru/networking.nix b/hosts/tohru/networking.nix index 18cee0a..6042cc8 100644 --- a/hosts/tohru/networking.nix +++ b/hosts/tohru/networking.nix @@ -1,9 +1,18 @@ { config, lib, pkgs, ... }: { + networking.useNetworkd = true; + systemd.network.wait-online.enable = false; + networking.networkmanager.enable = true; - age.secrets.wireguard-peer-tohru.file = ../../secrets/wireguard-peer-tohru.age; + age.secrets.wireguard-peer-tohru = { + file = ../../secrets/wireguard-peer-tohru.age; + owner = "root"; + group = "systemd-network"; + mode = "640"; + }; + birdsong.peering = { enable = true; privateKeyFile = config.age.secrets.wireguard-peer-tohru.path; diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index 85870d7..aae386f 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -12,7 +12,12 @@ qenya.base-server.enable = true; - age.secrets.wireguard-peer-yevaud.file = ../../secrets/wireguard-peer-yevaud.age; + age.secrets.wireguard-peer-yevaud = { + file = ../../secrets/wireguard-peer-yevaud.age; + owner = "root"; + group = "systemd-network"; + mode = "640"; + }; birdsong.peering = { enable = true; diff --git a/hosts/yevaud/hardware-configuration.nix b/hosts/yevaud/hardware-configuration.nix index 3a14ff6..713cc0a 100644 --- a/hosts/yevaud/hardware-configuration.nix +++ b/hosts/yevaud/hardware-configuration.nix @@ -42,8 +42,9 @@ # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens3.useDHCP = lib.mkDefault true; + # networking.useDHCP = lib.mkDefault true; + networking.useNetworkd = true; + networking.interfaces.ens3.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; }