core: put fail2ban and resolved behind options

6 files changed, 53 insertions, 22 deletions

diff --git a/modules/core/networking/firewall/fail2ban.nix b/modules/core/networking/firewall/fail2ban.nix
index 606b725..eb10b69 100644
--- a/modules/core/networking/firewall/fail2ban.nix
+++ b/modules/core/networking/firewall/fail2ban.nix
@@ -1,7 +1,11 @@
-{ pkgs, ... }:
+{
+  config,
+  pkgs,
+  ...
+}:
 {
   services.fail2ban = {
-    enable = false;
+    enable = config.modules.networking.fail2ban.enable;
 
     extraPackages = with pkgs; [
       nftables
diff --git a/modules/core/networking/resolved.nix b/modules/core/networking/resolved.nix
index 82effbe..d5763db 100644
--- a/modules/core/networking/resolved.nix
+++ b/modules/core/networking/resolved.nix
@@ -1,7 +1,11 @@
-{ secrets, ... }:
+{
+  config,
+  secrets,
+  ...
+}:
 {
   services.resolved = {
-    enable = false;
+    enable = config.modules.networking.resolved.enable;
     dnssec = "true";
     domains = [ "~." ];
     dnsovertls = "true";
diff --git a/modules/options/containers.nix b/modules/options/containers.nix
index a60f498..4035c5a 100644
--- a/modules/options/containers.nix
+++ b/modules/options/containers.nix
@@ -1,20 +1,22 @@
 { lib, ... }:
-with lib.options;
-with lib.types;
 {
-  options.modules.containers = {
-    engine = mkOption {
-      default = "podman";
+  options.modules.containers =
+    let
+      inherit (lib) mkOption types;
+    in
+    {
+      engine = mkOption {
+        default = "podman";
 
-      type = types.enum [
-        "podman"
-        "docker"
-      ];
-    };
+        type = types.enum [
+          "podman"
+          "docker"
+        ];
+      };
 
-    extraOptions = mkOption {
-      default = [ ];
-      type = types.listOf types.str;
+      extraOptions = mkOption {
+        default = [ ];
+        type = types.listOf types.str;
+      };
     };
-  };
 }
diff --git a/modules/options/default.nix b/modules/options/default.nix
index 39276d1..7097b15 100644
--- a/modules/options/default.nix
+++ b/modules/options/default.nix
@@ -2,12 +2,14 @@
 {
   imports = [
     ./containers.nix
+    ./networking.nix
     ./nix.nix
   ];
 
   options.modules =
-    with lib.options;
-    with lib.types;
+    let
+      inherit (lib) mkOption types;
+    in
     {
       primaryUser = mkOption {
         default = null;
diff --git a/modules/options/networking.nix b/modules/options/networking.nix
new file mode 100644
index 0000000..5f9dcc2
--- /dev/null
+++ b/modules/options/networking.nix
@@ -0,0 +1,18 @@
+{ lib, ... }:
+{
+  options.modules.networking =
+    let
+      inherit (lib) mkOption types;
+    in
+    {
+      resolved.enable = mkOption {
+        default = false;
+        type = types.bool;
+      };
+
+      fail2ban.enable = mkOption {
+        default = false;
+        type = types.bool;
+      };
+    };
+}
diff --git a/modules/options/nix.nix b/modules/options/nix.nix
index 4cc54ec..2d67404 100644
--- a/modules/options/nix.nix
+++ b/modules/options/nix.nix
@@ -1,8 +1,9 @@
 { lib, ... }:
 {
   options.modules.nix =
-    with lib.options;
-    with lib.types;
+    let
+      inherit (lib) mkOption types;
+    in
     {
       extendedSupport = mkOption {
         default = false;