3 changed files with 22 additions and 19 deletions
--- a/hosts/sigma/network.nix
+++ b/hosts/sigma/network.nix
@ -142,40 +142,40 @@
    interfaces = {
      "enp5s0" = {
        allowedTCPPorts = [
+          1234 # ad hoc
+          1337 # ad hoc
+          139 # Samba
+          22000 # syncthing
          22 # SSH
          25 # Mail SMTP
-          80 # Caddy
-          139 # Samba
          443 # Caddy
          445 # Samba
          465 # Mail ESMTP
-          993 # Mail IMAPS
-          1234 # ad hoc
-          1337 # ad hoc
          8000 # ad hoc
          8080 # ad hoc
-          22000 # syncthing
+          80 # Caddy
+          993 # Mail IMAPS
        ];
        allowedUDPPorts = [
          139 # Samba
-          445 # Samba
          21027 # syncthing
          22000 # syncthing
+          445 # Samba
        ];
      };
      "wg-sigma-public" = {
        allowedTCPPorts = [
-          22 # SSH
-          25 # Mail SMTP
-          80 # Caddy
-          443 # Caddy
-          465 # Mail ESMTP
-          993 # Mail IMAPS
          1234 # ad hoc
          1337 # ad hoc
+          22000 # syncthing
+          22 # SSH
+          25 # Mail SMTP
+          443 # Caddy
+          465 # Mail ESMTP
          8000 # ad hoc
          8080 # ad hoc
-          22000 # syncthing
+          80 # Caddy
+          993 # Mail IMAPS
        ];
        allowedUDPPorts = [
          21027 # syncthing
--- a/modules/base/network.nix
+++ b/modules/base/network.nix
@ -19,11 +19,6 @@
  networking.useNetworkd = true;
  systemd.network.enable = true;

-  # The notion of "online" is a broken concept
-  # https://github.com/nix-community/srvos/blob/main/nixos/common/networking.nix
-  systemd.services.NetworkManager-wait-online.enable = false;
-  systemd.network.wait-online.enable = false;
-
  # systemd-resolved provides DNS resolution to local applications through
  # D-Bus, NSS, and a local stub resolver on 127.0.0.53. It implements caching
  # and DNSSEC validation. We configure it to only, and always, use
--- a/modules/desktop/network.nix
+++ b/modules/desktop/network.nix
@ -22,4 +22,12 @@
      }
    ];
  };
+
+  # systemd-networkd-wait-online can timeout and fail if there are no network
+  # interfaces available for it to manage. When systemd-networkd is enabled but
+  # a different service is responsible for managing the system's internet
+  # connection (for example, NetworkManager), this service is unnecessary and
+  # can be disabled.
+  # https://search.nixos.org/options?channel=24.05&show=systemd.network.wait-online.enable
+  systemd.network.wait-online.enable = false;
 }