From fd9f5e202cd650a64de261715199893f4ee0505c Mon Sep 17 00:00:00 2001
From: DuN0z <dun0z@porzh.me>
Date: Sat, 4 Oct 2025 09:46:20 +0200
Subject: [PATCH] CHANGES: NetworkManager to systemd-networkd

---
 hosts/terre-neuvas/configuration.nix | 37 +++++++++++++++++++++++++---
 hosts/terre-neuvas/hardware.nix      |  4 +--
 modules/common/networking.nix        |  3 +--
 modules/common/qemu.nix              |  8 ------
 modules/sites/levr.porzh.me.nix      |  8 +++---
 profiles/server-selfhosted.nix       |  1 -
 6 files changed, 41 insertions(+), 20 deletions(-)

diff --git a/hosts/terre-neuvas/configuration.nix b/hosts/terre-neuvas/configuration.nix
index 5a37621..86b0267 100644
--- a/hosts/terre-neuvas/configuration.nix
+++ b/hosts/terre-neuvas/configuration.nix
@@ -20,7 +20,6 @@
   boot.loader.efi.canTouchEfiVariables = true;
 
   networking.hostName = "terre-neuvas"; # Define your hostname.
-  networking.networkmanager.enable = true;
 
   # Configure keymap in X11
   services.xserver.xkb = {
@@ -33,7 +32,7 @@
 
   users.users.lomig = {
     isNormalUser = true;
-    extraGroups = ["networkmanager" "lp" "wheel" "docker" ];
+    extraGroups = [ "lp" "wheel" "docker" ];
     shell = pkgs.zsh;
   };
 
@@ -50,8 +49,40 @@
      hugo
   ];
   networking = {
-    firewall.allowedTCPPorts = [ 80 5900 5901 5902 ];
+    useNetworkd = true ;
+    firewall.allowedTCPPorts = [ 22 80 5900 5901 5902 ];
+    interfaces.eno1.useDHCP = false ;
+    interfaces.br0 = {
+      useDHCP = false ;
+      ipv4.addresses = [
+        {
+          address = "192.168.0.3";
+          prefixLength = 24 ;
+        }
+      ];
+    };
+    defaultGateway = {
+      interface = "br0" ;
+      address = "192.168.0.254" ;
+    };
+    nameservers = [ "192.168.0.254" "1.1.1.1" ];
     bridges.br0.interfaces = [ "eno1" ];
   };
+  systemd.network = {
+    enable = true ;
+    netdevs."br0" = {
+      netdevConfig = {
+        Name = "br0";
+        Kind = "bridge";
+      };
+    };
+    networks."br0" = {
+      matchConfig.Name = "br0" ;
+    };
+    networks."eno1" = {
+      matchConfig.Name = "eno1";
+      networkConfig.Bridge = "br0";
+    };
+  };
   system.stateVersion = "25.05"; # Did you read the comment?
 }
diff --git a/hosts/terre-neuvas/hardware.nix b/hosts/terre-neuvas/hardware.nix
index 9bb56d2..8c1dc15 100644
--- a/hosts/terre-neuvas/hardware.nix
+++ b/hosts/terre-neuvas/hardware.nix
@@ -10,7 +10,7 @@
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
+  boot.kernelModules = lib.mkAfter [ "kvm-intel" "tun" ];
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
@@ -37,7 +37,7 @@
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
+  # networking.useDHCP = lib.mkDefault true;
   # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
   # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
 
diff --git a/modules/common/networking.nix b/modules/common/networking.nix
index 20186a4..17e8015 100644
--- a/modules/common/networking.nix
+++ b/modules/common/networking.nix
@@ -1,8 +1,7 @@
 _: {
   networking = {
-    networkmanager.enable = true;
     nameservers = ["1.1.1.1" "8.8.8.8"];
-    dhcpcd.extraConfig = "nohook resolv.conf";
+#    dhcpcd.extraConfig = "nohook resolv.conf";
     firewall.enable = true;
     interfaces.enp11s0.wakeOnLan.enable = true ;
   };
diff --git a/modules/common/qemu.nix b/modules/common/qemu.nix
index f80d147..a701233 100644
--- a/modules/common/qemu.nix
+++ b/modules/common/qemu.nix
@@ -28,14 +28,6 @@
   };
 
   users.users.lomig.extraGroups = ["libvirtd" "kvm" "input"];
-  networking = {
-    useDHCP = false;
-  };
-
-  systemd.network.networks."10-br0" = {
-    matchConfig.Name = "br0";
-    networkConfig.DHCP = "yes";
-  };
 
   environment.etc."qemu/bridge.conf".text = ''
     allow br0
diff --git a/modules/sites/levr.porzh.me.nix b/modules/sites/levr.porzh.me.nix
index c5c5ee2..bd556c7 100644
--- a/modules/sites/levr.porzh.me.nix
+++ b/modules/sites/levr.porzh.me.nix
@@ -42,8 +42,8 @@
 # -----------------------------------------------------------------
 # 3️⃣ Ouverture du firewall (ports 80 et 443)
 # -----------------------------------------------------------------
-  networking.firewall.allowedTCPPorts = [
-    80   # HTTP (pour la redirection ACME)
-      443  # HTTPS (site final)
-  ];
+#  networking.firewall.allowedTCPPorts = [
+#    80   # HTTP (pour la redirection ACME)
+#      443  # HTTPS (site final)
+#  ];
 }
diff --git a/profiles/server-selfhosted.nix b/profiles/server-selfhosted.nix
index e4b564d..c5a3bed 100644
--- a/profiles/server-selfhosted.nix
+++ b/profiles/server-selfhosted.nix
@@ -2,7 +2,6 @@
   imports = [
     ../modules/roles/server.nix
     ../modules/common/base.nix
-    ../modules/common/networking.nix
     ../modules/common/qemu.nix
     ../modules/services/printing.nix
 #    ../modules/services/goaccess.nix