treewide: migrate networking to systemd-networkd

common/environment.nix

@@ -13,6 +13,7 @@
     lsof
     tcpdump
     netcat # <3
+    wireguard-tools
   ];
 
   environment.wordlist.enable = true;

flake.lock

@@ -46,11 +46,11 @@
     },
     "birdsong": {
       "locked": {
-        "lastModified": 1722971137,
-        "narHash": "sha256-1x0vaUy/uFCfoDn0a4K55+MNseAqLQmv1GPP6GQFFIA=",
+        "lastModified": 1730826917,
+        "narHash": "sha256-KzpWqP+Cg0H2V036LgIHfuxnpVq2wZ+eGFjuXegRhLY=",
         "ref": "main",
-        "rev": "2fd6d96a00ef69a2afe72a2fe9d18d759c1cc8f3",
-        "revCount": 7,
+        "rev": "8ca844c0d0ce3b8088c0a380ecdbf555015b0cd6",
+        "revCount": 9,
         "type": "git",
         "url": "https://git.qenya.tel/qenya/birdsong"
       },

hosts/kalessin/hardware-configuration.nix

@@ -40,8 +40,9 @@
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp0s6.useDHCP = lib.mkDefault true;
+  # networking.useDHCP = lib.mkDefault true;
+  networking.useNetworkd = true;
+  networking.interfaces.enp0s6.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
 }

hosts/orm/default.nix

@@ -11,7 +11,12 @@
   users.users.qenya.extraGroups = [ "wheel" ];
   qenya.base-server.enable = true;
 
-  age.secrets.wireguard-peer-orm.file = ../../secrets/wireguard-peer-orm.age;
+  age.secrets.wireguard-peer-orm = {
+    file = ../../secrets/wireguard-peer-orm.age;
+    owner = "root";
+    group = "systemd-network";
+    mode = "640";
+  };
 
   birdsong.peering = {
     enable = true;

hosts/orm/hardware-configuration.nix

@@ -42,8 +42,9 @@
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
+  # networking.useDHCP = lib.mkDefault true;
+  networking.useNetworkd = true;
+  networking.interfaces.ens3.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }

hosts/tohru/networking.nix

@@ -1,9 +1,18 @@
 { config, lib, pkgs, ... }:
 
 {
+  networking.useNetworkd = true;
+  systemd.network.wait-online.enable = false;
+  
   networking.networkmanager.enable = true;
 
-  age.secrets.wireguard-peer-tohru.file = ../../secrets/wireguard-peer-tohru.age;
+  age.secrets.wireguard-peer-tohru = {
+    file = ../../secrets/wireguard-peer-tohru.age;
+    owner = "root";
+    group = "systemd-network";
+    mode = "640";
+  };
+  
   birdsong.peering = {
     enable = true;
     privateKeyFile = config.age.secrets.wireguard-peer-tohru.path;

hosts/yevaud/default.nix

@@ -12,7 +12,12 @@
 
   qenya.base-server.enable = true;
 
-  age.secrets.wireguard-peer-yevaud.file = ../../secrets/wireguard-peer-yevaud.age;
+  age.secrets.wireguard-peer-yevaud = {
+    file = ../../secrets/wireguard-peer-yevaud.age;
+    owner = "root";
+    group = "systemd-network";
+    mode = "640";
+  };
 
   birdsong.peering = {
     enable = true;

hosts/yevaud/hardware-configuration.nix

@@ -42,8 +42,9 @@
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
+  # networking.useDHCP = lib.mkDefault true;
+  networking.useNetworkd = true;
+  networking.interfaces.ens3.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }