diff --git a/modules/nixos/network/default.nix b/modules/nixos/network/default.nix index 5f15731..e8b0fae 100644 --- a/modules/nixos/network/default.nix +++ b/modules/nixos/network/default.nix @@ -20,7 +20,7 @@ let autoconnect = profile.autoconnect; autoconnect-retries = profile.autoconnect-retries; autoconnect-priority = profile.priority; - interface-name = cfg.ipv4.interface; + interface-name = profile.interface or cfg.ipv4.interface; }; ipv4 = { method = cfg.ipv4.method; @@ -30,7 +30,7 @@ let { } else { - address = "${cfg.ipv4.address}\\24"; + address = cfg.ipv4.address; gateway = cfg.ipv4.gateway; dns = cfg.ipv4.dns; } @@ -42,6 +42,7 @@ let wifi = mkIf (profile.type == "wifi") { mode = "infrastructure"; ssid = profile.ssid; + roaming = "allowed"; }; wifi-security = mkIf (profile.type == "wifi") { key-mgmt = profile.keyMgmt; @@ -128,13 +129,18 @@ in trustedInterfaces = cfg.firewall.trustedInterfaces; # Default port ranges for KDE Connect - allowedTCPPortRanges = [ + allowedTCPPortRanges = lib.mkIf cfg.firewall.kdeConnect.enable [ { - from = 1714; - to = 1764; + from = cfg.firewall.kdeConnect.tcpRange.from; + to = cfg.firewall.kdeConnect.tcpRange.to; + } + ]; + allowedUDPPortRanges = lib.mkIf cfg.firewall.kdeConnect.enable [ + { + from = cfg.firewall.kdeConnect.udpRange.from; + to = cfg.firewall.kdeConnect.udpRange.to; } ]; - allowedUDPPortRanges = config.networking.firewall.allowedTCPPortRanges; # Extra firewall commands extraCommands = lib.mkIf (cfg.extraFirewallCommands != "") cfg.extraFirewallCommands; @@ -155,7 +161,7 @@ in # Use iwd as the WiFi backend when iwd is also enabled wifi.backend = mkIf cfg.iwd.enable "iwd"; wifi.powersave = cfg.networkmanager.powersave; - settings.connectivity.uri = mkDefault "http://nmcheck.gnome.org/check_network_status.txt"; + settings.connectivity.uri = "http://nmcheck.gnome.org/check_network_status.txt"; plugins = with pkgs; [ networkmanager-fortisslvpn networkmanager-iodine diff --git a/modules/nixos/network/options.nix b/modules/nixos/network/options.nix index bbe55c5..af7fd38 100644 --- a/modules/nixos/network/options.nix +++ b/modules/nixos/network/options.nix @@ -46,6 +46,36 @@ in allowedUDPPorts = mkOpt (types.listOf types.port) [ ] "List of allowed UDP ports."; trustedInterfaces = mkOpt (types.listOf types.str) [ ] "List of trusted interfaces."; + + kdeConnect = { + enable = mkBoolOpt true "Whether to configure firewall ports for KDE Connect."; + tcpRange = + mkOpt + (types.submodule { + options = { + from = mkOpt types.port 1714 "Start of TCP port range."; + to = mkOpt types.port 1764 "End of TCP port range."; + }; + }) + { + from = 1714; + to = 1764; + } + "KDE Connect TCP port range."; + udpRange = + mkOpt + (types.submodule { + options = { + from = mkOpt types.port 1714 "Start of UDP port range."; + to = mkOpt types.port 1764 "End of UDP port range."; + }; + }) + { + from = 1714; + to = 1764; + } + "KDE Connect UDP port range."; + }; }; networkmanager = { @@ -62,6 +92,10 @@ in type = mkOpt types.str "wifi" "type of the network.(wifi/ethernet)"; + interface = + mkOpt types.str "wlan0" + "Interface for this profile (defaults to global ipv4.interface)."; + autoconnect = mkBoolOpt true "autoconnect to this connection"; autoconnect-retries = @@ -72,7 +106,9 @@ in mkOpt types.int 0 "connection priority in range -999 to 999. The higher number means higher priority."; - psk = mkOpt types.str "$PSK" "PSK environment variable for the WiFi password."; + psk = + mkOpt types.str "$PSK" + "PSK for WiFi connection (set to \$PSK to use SOPS secret 'wifi/PSK')."; keyMgmt = mkOpt types.str "sae" "Key management type (e.g., sae, wpa-psk)."; }; @@ -80,10 +116,19 @@ in )) { "Joey's Jungle 6G" = { - priority = -900; + ssid = "Joey's Jungle 6G"; + psk = "$PSK"; + priority = 100; }; "Joey's Jungle 5G" = { - priority = -999; + ssid = "Joey's Jungle 5G"; + psk = "$PSK"; + priority = 50; + }; + "Joey's Jungle 2.5G" = { + ssid = "Joey's Jungle 2.5G"; + psk = "$PSK"; + priority = 10; }; } "network profiles."; @@ -92,7 +137,7 @@ in hostId = mkOpt types.str "" "Host ID for ZFS and other services."; iwd = { - enable = mkBoolOpt false "Whether to enable iwd for wireless networking."; + enable = mkBoolOpt true "Whether to enable iwd for wireless networking."; settings = mkOpt types.attrs { } "Settings for iwd."; }; diff --git a/systems/aarch64-linux/macbook-pro-nixos/default.nix b/systems/aarch64-linux/macbook-pro-nixos/default.nix index f9989eb..0b96e34 100755 --- a/systems/aarch64-linux/macbook-pro-nixos/default.nix +++ b/systems/aarch64-linux/macbook-pro-nixos/default.nix @@ -78,13 +78,16 @@ }; network = { hostName = "macbook-pro-nixos"; - iwd.enable = true; - networkmanager.enable = true; - extraFirewallCommands = '' - iptables -I INPUT -m pkttype --pkt-type multicast -j ACCEPT - iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT - iptables -I INPUT -p udp -m udp --match multiport --dports 1990,2021 -j ACCEPT - ''; + ipv4 = { + method = "auto"; + interface = "wlan0"; + }; + firewall = { + allowedUDPPorts = [ + 1990 + 2021 + ]; + }; }; services = { nebula = { @@ -113,6 +116,8 @@ # - CONFIG_ANDROID_BINDERFS is not enabled }; + systemd.services.virt-secret-init-encryption.enable = false; + # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = diff --git a/systems/aarch64-linux/pi5/default.nix b/systems/aarch64-linux/pi5/default.nix index 1596416..c4b85bc 100644 --- a/systems/aarch64-linux/pi5/default.nix +++ b/systems/aarch64-linux/pi5/default.nix @@ -133,11 +133,10 @@ allowedTCPPorts = [ 53 ]; allowedUDPPorts = [ 53 ]; }; - networkmanager = { - profiles = { - "static-end0" = { - type = "ethernet"; - }; + networkmanager.profiles = { + "static-end0" = { + type = "ethernet"; + interface = "end0"; }; }; }; diff --git a/systems/x86_64-install-iso/graphical/default.nix b/systems/x86_64-install-iso/graphical/default.nix index f577e57..519250f 100644 --- a/systems/x86_64-install-iso/graphical/default.nix +++ b/systems/x86_64-install-iso/graphical/default.nix @@ -24,6 +24,10 @@ network = { hostName = "nixos"; + ipv4 = { + method = "auto"; + interface = "wlan0"; + }; firewall = { enable = true; allowPing = true; diff --git a/systems/x86_64-linux/allyx/default.nix b/systems/x86_64-linux/allyx/default.nix index cabedf5..872ae5b 100644 --- a/systems/x86_64-linux/allyx/default.nix +++ b/systems/x86_64-linux/allyx/default.nix @@ -65,8 +65,10 @@ network = { hostName = "allyx"; - iwd.enable = true; - networkmanager.enable = true; + ipv4 = { + method = "auto"; + interface = "wlan0"; + }; }; services = { diff --git a/systems/x86_64-linux/jallen-nas/default.nix b/systems/x86_64-linux/jallen-nas/default.nix index 9a93176..05c548e 100755 --- a/systems/x86_64-linux/jallen-nas/default.nix +++ b/systems/x86_64-linux/jallen-nas/default.nix @@ -127,6 +127,7 @@ in address = "10.0.1.3"; method = "manual"; gateway = "10.0.1.1"; + dns = "1.1.1.1"; interface = "enp197s0"; }; hostId = "4b501480"; diff --git a/systems/x86_64-linux/matt-nixos/default.nix b/systems/x86_64-linux/matt-nixos/default.nix index 8b74fb2..0523b51 100644 --- a/systems/x86_64-linux/matt-nixos/default.nix +++ b/systems/x86_64-linux/matt-nixos/default.nix @@ -75,8 +75,10 @@ network = { hostName = "matt-nixos"; - iwd.enable = true; - networkmanager.enable = true; + ipv4 = { + method = "auto"; + interface = "wlan0"; + }; }; services = {