mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

config cleanups

Browse Source
This commit is contained in:
Matt Jallen
2026-03-27 13:29:45 -05:00
parent 9ae5c8ab6d
commit 06c1ae13df
8 changed files with 91 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
modules/nixos/network/default.nix
View File

@@ -20,7 +20,7 @@ let
autoconnect = profile.autoconnect;
autoconnect-retries = profile.autoconnect-retries;
autoconnect-priority = profile.priority;
interface-name = cfg.ipv4.interface;
interface-name = profile.interface or cfg.ipv4.interface;
};
ipv4 = {
method = cfg.ipv4.method;
@@ -30,7 +30,7 @@ let
{ }
else
{
address = "${cfg.ipv4.address}\\24";
address = cfg.ipv4.address;
gateway = cfg.ipv4.gateway;
dns = cfg.ipv4.dns;
}
@@ -42,6 +42,7 @@ let
wifi = mkIf (profile.type == "wifi") {
mode = "infrastructure";
ssid = profile.ssid;
roaming = "allowed";
};
wifi-security = mkIf (profile.type == "wifi") {
key-mgmt = profile.keyMgmt;
@@ -128,13 +129,18 @@ in
trustedInterfaces = cfg.firewall.trustedInterfaces;
# Default port ranges for KDE Connect
allowedTCPPortRanges = [
allowedTCPPortRanges = lib.mkIf cfg.firewall.kdeConnect.enable [
{
from = 1714;
to = 1764;
from = cfg.firewall.kdeConnect.tcpRange.from;
to = cfg.firewall.kdeConnect.tcpRange.to;
}
];
allowedUDPPortRanges = lib.mkIf cfg.firewall.kdeConnect.enable [
{
from = cfg.firewall.kdeConnect.udpRange.from;
to = cfg.firewall.kdeConnect.udpRange.to;
}
];
allowedUDPPortRanges = config.networking.firewall.allowedTCPPortRanges;
# Extra firewall commands
extraCommands = lib.mkIf (cfg.extraFirewallCommands != "") cfg.extraFirewallCommands;
@@ -155,7 +161,7 @@ in
# Use iwd as the WiFi backend when iwd is also enabled
wifi.backend = mkIf cfg.iwd.enable "iwd";
wifi.powersave = cfg.networkmanager.powersave;
settings.connectivity.uri = mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
settings.connectivity.uri = "http://nmcheck.gnome.org/check_network_status.txt";
plugins = with pkgs; [
networkmanager-fortisslvpn
networkmanager-iodine

53
modules/nixos/network/options.nix
View File

@@ -46,6 +46,36 @@ in
allowedUDPPorts = mkOpt (types.listOf types.port) [ ] "List of allowed UDP ports.";
trustedInterfaces = mkOpt (types.listOf types.str) [ ] "List of trusted interfaces.";
kdeConnect = {
enable = mkBoolOpt true "Whether to configure firewall ports for KDE Connect.";
tcpRange =
mkOpt
(types.submodule {
options = {
from = mkOpt types.port 1714 "Start of TCP port range.";
to = mkOpt types.port 1764 "End of TCP port range.";
};
})
{
from = 1714;
to = 1764;
}
"KDE Connect TCP port range.";
udpRange =
mkOpt
(types.submodule {
options = {
from = mkOpt types.port 1714 "Start of UDP port range.";
to = mkOpt types.port 1764 "End of UDP port range.";
};
})
{
from = 1714;
to = 1764;
}
"KDE Connect UDP port range.";
};
};
networkmanager = {
@@ -62,6 +92,10 @@ in
type = mkOpt types.str "wifi" "type of the network.(wifi/ethernet)";
interface =
mkOpt types.str "wlan0"
"Interface for this profile (defaults to global ipv4.interface).";
autoconnect = mkBoolOpt true "autoconnect to this connection";
autoconnect-retries =
@@ -72,7 +106,9 @@ in
mkOpt types.int 0
"connection priority in range -999 to 999. The higher number means higher priority.";
psk = mkOpt types.str "$PSK" "PSK environment variable for the WiFi password.";
psk =
mkOpt types.str "$PSK"
"PSK for WiFi connection (set to \$PSK to use SOPS secret 'wifi/PSK').";
keyMgmt = mkOpt types.str "sae" "Key management type (e.g., sae, wpa-psk).";
};
@@ -80,10 +116,19 @@ in
))
{
"Joey's Jungle 6G" = {
priority = -900;
ssid = "Joey's Jungle 6G";
psk = "$PSK";
priority = 100;
};
"Joey's Jungle 5G" = {
priority = -999;
ssid = "Joey's Jungle 5G";
psk = "$PSK";
priority = 50;
};
"Joey's Jungle 2.5G" = {
ssid = "Joey's Jungle 2.5G";
psk = "$PSK";
priority = 10;
};
}
"network profiles.";
@@ -92,7 +137,7 @@ in
hostId = mkOpt types.str "" "Host ID for ZFS and other services.";
iwd = {
enable = mkBoolOpt false "Whether to enable iwd for wireless networking.";
enable = mkBoolOpt true "Whether to enable iwd for wireless networking.";
settings = mkOpt types.attrs { } "Settings for iwd.";
};

19
systems/aarch64-linux/macbook-pro-nixos/default.nix
View File

@@ -78,13 +78,16 @@
};
network = {
hostName = "macbook-pro-nixos";
iwd.enable = true;
networkmanager.enable = true;
extraFirewallCommands = ''
iptables -I INPUT -m pkttype --pkt-type multicast -j ACCEPT
iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
iptables -I INPUT -p udp -m udp --match multiport --dports 1990,2021 -j ACCEPT
'';
ipv4 = {
method = "auto";
interface = "wlan0";
};
firewall = {
allowedUDPPorts = [
1990
2021
];
};
};
services = {
nebula = {
@@ -113,6 +116,8 @@
# - CONFIG_ANDROID_BINDERFS is not enabled
};
systemd.services.virt-secret-init-encryption.enable = false;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages =

9
systems/aarch64-linux/pi5/default.nix
View File

@@ -133,11 +133,10 @@
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
};
networkmanager = {
profiles = {
"static-end0" = {
type = "ethernet";
};
networkmanager.profiles = {
"static-end0" = {
type = "ethernet";
interface = "end0";
};
};
};

4
systems/x86_64-install-iso/graphical/default.nix
View File

@@ -24,6 +24,10 @@
network = {
hostName = "nixos";
ipv4 = {
method = "auto";
interface = "wlan0";
};
firewall = {
enable = true;
allowPing = true;

6
systems/x86_64-linux/allyx/default.nix
View File

@@ -65,8 +65,10 @@
network = {
hostName = "allyx";
iwd.enable = true;
networkmanager.enable = true;
ipv4 = {
method = "auto";
interface = "wlan0";
};
};
services = {

1
systems/x86_64-linux/jallen-nas/default.nix
View File

@@ -127,6 +127,7 @@ in
address = "10.0.1.3";
method = "manual";
gateway = "10.0.1.1";
dns = "1.1.1.1";
interface = "enp197s0";
};
hostId = "4b501480";

6
systems/x86_64-linux/matt-nixos/default.nix
View File

@@ -75,8 +75,10 @@
network = {
hostName = "matt-nixos";
iwd.enable = true;
networkmanager.enable = true;
ipv4 = {
method = "auto";
interface = "wlan0";
};
};
services = {