Migrate fully to systemd-networkd and nftables

Signed-off-by: Mel <mel@rnrd.eu>
author: Mel <mel@rnrd.eu> 2026-04-24 23:35:19 +0200
committer: Mel <mel@rnrd.eu> 2026-04-24 23:35:19 +0200
commit: 56c22cf8ae9de73bbc1c37ce0b1635ae7af9be64 (patch)
tree: 3ba1ca13dcf1ed9c0013f6bffddaee9392991b16 /machines
parent: 127d8ff2c2e77a0cbfc7a2a3c962ef23b5ab7261 (diff)
download: network-56c22cf8ae9de73bbc1c37ce0b1635ae7af9be64.tar.zst
network-56c22cf8ae9de73bbc1c37ce0b1635ae7af9be64.zip
13 files changed, 34 insertions, 117 deletions
diff --git a/machines/corsac/devices.nix b/machines/corsac/devices.nix
index a2215fd..971983b 100644
--- a/machines/corsac/devices.nix
+++ b/machines/corsac/devices.nix
@@ -11,9 +11,6 @@
     initrd.systemd.enable = true;
   };
 
-  networking.useDHCP = false;
-
-  systemd.network.enable = true;
   systemd.network.networks."20-wired" = {
     name = "enp1s0";
     DHCP = "yes";
diff --git a/machines/corsac/hardware.nix b/machines/corsac/hardware.nix
index 8ac85c4..bbb4b30 100644
--- a/machines/corsac/hardware.nix
+++ b/machines/corsac/hardware.nix
@@ -28,12 +28,5 @@
     [ { device = "/dev/disk/by-uuid/ce3c3e2c-1f16-4e37-90f3-9ccfc81ee4c8"; }
     ];
 
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
-
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
diff --git a/machines/fourmi/devices.nix b/machines/fourmi/devices.nix
index c8d2e72..56d243f 100644
--- a/machines/fourmi/devices.nix
+++ b/machines/fourmi/devices.nix
@@ -51,18 +51,28 @@
   };
 
   networking = {
-    # todo: configure properly
     firewall.enable = lib.mkForce false;
-
-    useDHCP = true;
     wireless = {
       enable = true;
       interfaces = [ "wlan0" ];
       secretsFile = config.age.secrets.wireless-secrets.path;
-      networks = {
-        # yea this is my home network :3
-        # (my boyfriends brother picked the name)
-        "Das asoziale Netzwerk".pskRaw = "ext:psk_home";
+      networks."Das asoziale Netzwerk".pskRaw = "ext:psk_home";
+    };
+  };
+
+  systemd.network = {
+    networks = {
+      "10-wired" = {
+        name = "end0";
+        DHCP = "yes";
+        dhcpV4Config.RouteMetric = 100;
+        networkConfig.RequiredForOnline = "no";
+      };
+      "20-wireless" = {
+        name = "wlan0";
+        DHCP = "yes";
+        dhcpV4Config.RouteMetric = 600;
+        networkConfig.RequiredForOnline = "no";
       };
     };
   };
diff --git a/machines/fourmi/hardware.nix b/machines/fourmi/hardware.nix
index 1738e23..3395bdf 100644
--- a/machines/fourmi/hardware.nix
+++ b/machines/fourmi/hardware.nix
@@ -20,12 +20,5 @@
 
   swapDevices = [ ];
 
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.end0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
 
 }
diff --git a/machines/lapin/devices.nix b/machines/lapin/devices.nix
index 450baf3..239242a 100644
--- a/machines/lapin/devices.nix
+++ b/machines/lapin/devices.nix
@@ -15,18 +15,7 @@
     memoryPercent = 50;
   };
 
-  networking = {
-    # Network configuration is managed with networkd.
-    useDHCP = false;
-    nameservers = [
-      "1.1.1.1" "1.0.0.1"
-      "2606:4700:4700::1111" "2606:4700:4700::1001"
-    ];
-  };
-
-  # Static IPv6 network configuration
-  # + soliciting of IPv4 via DHCP.
-  systemd.network.enable = true;
+  # static ipv6 + dhcp ipv4
   systemd.network.networks."10-wan" = {
     name = "enp1s0";
     DHCP = "ipv4";
@@ -35,32 +24,24 @@
   };
 
   services.resolved = {
-    # LLMNR and MulticastDNS both give DNS timeouts.
-    # MDNS specifically for some reason gives Docker bridge interfaces it's scope,
-    # which means every DNS request waits for an answer... from every interface... 
+    # llmnr and multicastdns both give dns timeouts.
+    # mdns specifically for some reason gives docker bridge interfaces it's scope,
+    # which means every dns request waits for an answer... from every interface...
     llmnr = "false";
     extraConfig = "MulticastDNS=no";
-    dnssec = "false"; # DNSSEC breaks IPv6, for some reason :(
-  };
-  
-  virtualisation.docker.daemon.settings = {
-    "experimental" = true;
-    "ipv6" = true;
-    "ip6tables" = true;
-    "fixed-cidr-v6" = "fc00:d0c:b1b1::/48";
-    "bip" = "172.17.0.1/24";
-    "default-address-pools" = [
-      { base = "172.17.0.0/16"; size = 24; }
-      { base = "fc00:d0c::/32"; size = 48; }
-    ];
+    dnssec = "false"; # dnssec breaks ipv6, for some reason :(
   };
 
+
   fileSystems = {
-    # Mount the large-ish service state folder to a regrowable volume. :)
+    # mount the large-ish service state folder to a regrowable volume. :)
     "/srv" = {
       device = "/dev/disk/by-id/scsi-0HC_Volume_101611810";
       fsType = "ext4";
-      options = [ "defaults" "discard" ];
+      options = [
+        "defaults"
+        "discard"
+      ];
     };
   };
 }
diff --git a/machines/lapin/hardware.nix b/machines/lapin/hardware.nix
index cc32191..4d07099 100644
--- a/machines/lapin/hardware.nix
+++ b/machines/lapin/hardware.nix
@@ -25,11 +25,4 @@
 
   swapDevices = [ ];
 
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
-
 }
diff --git a/machines/renard/devices.nix b/machines/renard/devices.nix
index aa8d7b9..d952488 100644
--- a/machines/renard/devices.nix
+++ b/machines/renard/devices.nix
@@ -18,9 +18,6 @@
     memoryPercent = 50;
   };
 
-  networking.useDHCP = false;
-
-  systemd.network.enable = true;
   systemd.network.networks."10-wan" = {
     name = "ens18";
     DHCP = "ipv4";
diff --git a/machines/renard/hardware.nix b/machines/renard/hardware.nix
index d79dee9..f7d1d6b 100644
--- a/machines/renard/hardware.nix
+++ b/machines/renard/hardware.nix
@@ -20,11 +20,4 @@
 
   swapDevices = [ ];
 
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
-
 }
diff --git a/machines/taupe/devices.nix b/machines/taupe/devices.nix
index a07f794..22587a9 100644
--- a/machines/taupe/devices.nix
+++ b/machines/taupe/devices.nix
@@ -12,16 +12,7 @@
     memoryPercent = 50;
   };
 
-  networking = {
-    useDHCP = false;
-    nameservers = [
-      "1.1.1.1" "1.0.0.1"
-      "2606:4700:4700::1111" "2606:4700:4700::1001"
-    ];
-  };
-
   # static ipv6 + dhcp ipv4
-  systemd.network.enable = true;
   systemd.network.networks."10-wan" = {
     name = "enp1s0";
     DHCP = "ipv4";
diff --git a/machines/taupe/hardware.nix b/machines/taupe/hardware.nix
index 810fafd..2fb0cf3 100644
--- a/machines/taupe/hardware.nix
+++ b/machines/taupe/hardware.nix
@@ -26,11 +26,4 @@
 
   swapDevices = [ ];
 
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
-
 }
diff --git a/machines/taureau/devices.nix b/machines/taureau/devices.nix
index 856dcf1..012b0ce 100644
--- a/machines/taureau/devices.nix
+++ b/machines/taureau/devices.nix
@@ -10,15 +10,6 @@
     kernelModules = [ ];
   };
 
-  networking = {
-    nameservers = [
-      "1.1.1.1" "1.0.0.1"
-    ];
-    # networkd handles our network
-    useDHCP = false;
-  };
-
-  systemd.network.enable = true;
   systemd.network.networks."10-wan" = {
     name = "enp6s16";
     # ipv4 gets it's config through dhcp just fine!
diff --git a/machines/taureau/hardware.nix b/machines/taureau/hardware.nix
index 3c30146..7fbaf1d 100644
--- a/machines/taureau/hardware.nix
+++ b/machines/taureau/hardware.nix
@@ -18,12 +18,5 @@
 
   swapDevices = [ ];
 
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp6s16.useDHCP = lib.mkDefault true;
-
   virtualisation.hypervGuest.enable = true;
 }
diff --git a/machines/truite/devices.nix b/machines/truite/devices.nix
index bc432c1..cdc3982 100644
--- a/machines/truite/devices.nix
+++ b/machines/truite/devices.nix
@@ -17,21 +17,13 @@
     memoryPercent = 50;
   };
 
-  networking = {
-    nameservers = [ "1.1.1.1" "1.0.0.1" ];
-    useDHCP = false;
-  };
-
-  systemd.network = {
-    enable = true;
-    networks."10-wan" = {
-      name = "ens18";
+  systemd.network.networks."10-wan" = {
+    name = "ens18";
 
-      address = [ "194.87.197.92/23" "2a00:b700:5::3:1cb/118" ];
-      gateway = [ "194.87.196.1" ];
-      routes = [ { Gateway = "2a00:b700:5::1"; GatewayOnLink = true; } ];
-      DHCP = "no";
-    };
+    address = [ "194.87.197.92/23" "2a00:b700:5::3:1cb/118" ];
+    gateway = [ "194.87.196.1" ];
+    routes = [ { Gateway = "2a00:b700:5::1"; GatewayOnLink = true; } ];
+    DHCP = "no";
   };
 }
author	Mel <mel@rnrd.eu>	2026-04-24 23:35:19 +0200
committer	Mel <mel@rnrd.eu>	2026-04-24 23:35:19 +0200
commit	56c22cf8ae9de73bbc1c37ce0b1635ae7af9be64 (patch)
tree	3ba1ca13dcf1ed9c0013f6bffddaee9392991b16 /machines
parent	127d8ff2c2e77a0cbfc7a2a3c962ef23b5ab7261 (diff)
download	network-56c22cf8ae9de73bbc1c37ce0b1635ae7af9be64.tar.zst network-56c22cf8ae9de73bbc1c37ce0b1635ae7af9be64.zip