4 files changed, 60 insertions, 0 deletions

diff --git a/modules/networking/default.nix b/modules/networking/default.nix
new file mode 100644
index 0000000..caf7686
--- /dev/null
+++ b/modules/networking/default.nix
@@ -0,0 +1,28 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ./dhcpcd.nix
+    ./firewall.nix
+    ./networkmanager.nix
+  ];
+
+  networking = {
+    hostName = "kansai";
+    nftables.enable = true;
+    enableIPv6 = false;
+
+    nameservers = [
+      "1.1.1.1#one.one.one.one"
+      "1.0.0.1#one.one.one.one"
+      "9.9.9.9#dns.quad9.net"
+      "149.112.112.112#dns.quad9.net"
+    ];
+
+    timeServers = [
+      "0.nixos.pool.ntp.org"
+      "1.nixos.pool.ntp.org"
+      "2.nixos.pool.ntp.org"
+      "3.nixos.pool.ntp.org"
+    ];
+  };
+}
diff --git a/modules/networking/dhcpcd.nix b/modules/networking/dhcpcd.nix
new file mode 100644
index 0000000..99ac0f3
--- /dev/null
+++ b/modules/networking/dhcpcd.nix
@@ -0,0 +1,6 @@
+{
+  networking.dhcpcd = {
+    wait = "background";
+    extraConfig = "noarp";
+  };
+}
diff --git a/modules/networking/firewall.nix b/modules/networking/firewall.nix
new file mode 100644
index 0000000..73bc44f
--- /dev/null
+++ b/modules/networking/firewall.nix
@@ -0,0 +1,18 @@
+{
+  networking.firewall = {
+    enable = true;
+    allowedUDPPorts = [ 53 ];
+
+    allowedTCPPorts = [
+      80
+      443
+    ];
+
+    allowedUDPPortRanges = [
+      {
+        from = 60000;
+        to = 61000;
+      }
+    ];
+  };
+}
diff --git a/modules/networking/networkmanager.nix b/modules/networking/networkmanager.nix
new file mode 100644
index 0000000..edb4c1c
--- /dev/null
+++ b/modules/networking/networkmanager.nix
@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+{
+  networking.networkmanager = {
+    enable = true;
+    plugins = [ pkgs.networkmanager-openvpn ];
+    dns = "systemd-resolved";
+  };
+}