user updates
This commit is contained in:
mjallen18
@@ -1,7 +1,6 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
namespace,
|
||||
...
|
||||
}:
|
||||
@@ -17,21 +16,21 @@ in
|
||||
config = {
|
||||
networking = {
|
||||
hostName = lib.mkForce cfg.hostName;
|
||||
|
||||
|
||||
# Use networkd if enabled
|
||||
useNetworkd = lib.mkIf cfg.useNetworkd true;
|
||||
|
||||
|
||||
# Set default gateway and nameservers if in manual mode
|
||||
defaultGateway = lib.mkIf (cfg.ipv4.method == "manual") {
|
||||
address = cfg.ipv4.gateway;
|
||||
interface = lib.mkIf (cfg.ipv4.interface != "") cfg.ipv4.interface;
|
||||
};
|
||||
|
||||
|
||||
nameservers = lib.mkIf (cfg.ipv4.method == "manual") [ cfg.ipv4.dns ];
|
||||
|
||||
|
||||
# Set hostId if provided
|
||||
hostId = lib.mkIf (cfg.hostId != "") cfg.hostId;
|
||||
|
||||
|
||||
# Configure NAT if enabled
|
||||
nat = lib.mkIf cfg.nat.enable {
|
||||
enable = true;
|
||||
@@ -47,7 +46,7 @@ in
|
||||
allowedTCPPorts = cfg.firewall.allowedTCPPorts;
|
||||
allowedUDPPorts = cfg.firewall.allowedUDPPorts;
|
||||
trustedInterfaces = cfg.firewall.trustedInterfaces;
|
||||
|
||||
|
||||
# Default port ranges for KDE Connect
|
||||
allowedTCPPortRanges = [
|
||||
{
|
||||
@@ -56,11 +55,11 @@ in
|
||||
}
|
||||
];
|
||||
allowedUDPPortRanges = config.networking.firewall.allowedTCPPortRanges;
|
||||
|
||||
|
||||
# Extra firewall commands
|
||||
extraCommands = lib.mkIf (cfg.extraFirewallCommands != "") cfg.extraFirewallCommands;
|
||||
};
|
||||
|
||||
|
||||
# Configure iwd if enabled
|
||||
wireless.iwd = lib.mkIf cfg.iwd.enable {
|
||||
enable = true;
|
||||
@@ -74,51 +73,49 @@ in
|
||||
enable = mkForce false;
|
||||
wifi.backend = mkForce "iwd";
|
||||
})
|
||||
|
||||
|
||||
# Enable NetworkManager when wifi is enabled and iwd is disabled
|
||||
(mkIf (cfg.wifi.enable && !cfg.iwd.enable) {
|
||||
enable = true;
|
||||
wifi.powersave = cfg.wifi.powersave;
|
||||
settings.connectivity.uri = mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
|
||||
|
||||
|
||||
# Configure WiFi profiles if any are defined
|
||||
ensureProfiles = mkIf (cfg.wifi.profiles != {}) {
|
||||
ensureProfiles = mkIf (cfg.wifi.profiles != { }) {
|
||||
environmentFiles = [
|
||||
config.sops.secrets.wifi.path
|
||||
];
|
||||
|
||||
profiles = mapAttrs
|
||||
(name: profile: {
|
||||
connection = {
|
||||
id = name;
|
||||
type = "wifi";
|
||||
};
|
||||
ipv4 =
|
||||
if (cfg.ipv4.method == "auto") then
|
||||
{
|
||||
method = "auto";
|
||||
}
|
||||
else
|
||||
{
|
||||
address1 = cfg.ipv4.address;
|
||||
dns = cfg.ipv4.dns;
|
||||
gateway = cfg.ipv4.gateway;
|
||||
method = "manual";
|
||||
};
|
||||
ipv6 = {
|
||||
addr-gen-mode = "stable-privacy";
|
||||
method = "auto";
|
||||
};
|
||||
wifi = {
|
||||
mode = "infrastructure";
|
||||
ssid = profile.ssid;
|
||||
};
|
||||
wifi-security = {
|
||||
key-mgmt = profile.keyMgmt;
|
||||
psk = profile.psk;
|
||||
};
|
||||
})
|
||||
cfg.wifi.profiles;
|
||||
|
||||
profiles = mapAttrs (name: profile: {
|
||||
connection = {
|
||||
id = name;
|
||||
type = "wifi";
|
||||
};
|
||||
ipv4 =
|
||||
if (cfg.ipv4.method == "auto") then
|
||||
{
|
||||
method = "auto";
|
||||
}
|
||||
else
|
||||
{
|
||||
address1 = cfg.ipv4.address;
|
||||
dns = cfg.ipv4.dns;
|
||||
gateway = cfg.ipv4.gateway;
|
||||
method = "manual";
|
||||
};
|
||||
ipv6 = {
|
||||
addr-gen-mode = "stable-privacy";
|
||||
method = "auto";
|
||||
};
|
||||
wifi = {
|
||||
mode = "infrastructure";
|
||||
ssid = profile.ssid;
|
||||
};
|
||||
wifi-security = {
|
||||
key-mgmt = profile.keyMgmt;
|
||||
psk = profile.psk;
|
||||
};
|
||||
}) cfg.wifi.profiles;
|
||||
};
|
||||
})
|
||||
];
|
||||
|
||||
@@ -54,7 +54,7 @@ with lib;
|
||||
};
|
||||
internalInterfaces = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
default = [ ];
|
||||
description = "List of internal interfaces for NAT.";
|
||||
};
|
||||
externalInterface = mkOption {
|
||||
@@ -82,17 +82,17 @@ with lib;
|
||||
};
|
||||
allowedTCPPorts = mkOption {
|
||||
type = types.listOf types.port;
|
||||
default = [];
|
||||
default = [ ];
|
||||
description = "List of allowed TCP ports.";
|
||||
};
|
||||
allowedUDPPorts = mkOption {
|
||||
type = types.listOf types.port;
|
||||
default = [];
|
||||
default = [ ];
|
||||
description = "List of allowed UDP ports.";
|
||||
};
|
||||
trustedInterfaces = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
default = [ ];
|
||||
description = "List of trusted interfaces.";
|
||||
};
|
||||
};
|
||||
@@ -109,25 +109,27 @@ with lib;
|
||||
description = "Whether to enable WiFi power saving.";
|
||||
};
|
||||
profiles = mkOption {
|
||||
type = types.attrsOf (types.submodule {
|
||||
options = {
|
||||
ssid = mkOption {
|
||||
type = types.str;
|
||||
description = "SSID of the WiFi network.";
|
||||
type = types.attrsOf (
|
||||
types.submodule {
|
||||
options = {
|
||||
ssid = mkOption {
|
||||
type = types.str;
|
||||
description = "SSID of the WiFi network.";
|
||||
};
|
||||
psk = mkOption {
|
||||
type = types.str;
|
||||
default = "$PSK";
|
||||
description = "PSK environment variable for the WiFi password.";
|
||||
};
|
||||
keyMgmt = mkOption {
|
||||
type = types.str;
|
||||
default = "sae";
|
||||
description = "Key management type (e.g., sae, wpa-psk).";
|
||||
};
|
||||
};
|
||||
psk = mkOption {
|
||||
type = types.str;
|
||||
default = "$PSK";
|
||||
description = "PSK environment variable for the WiFi password.";
|
||||
};
|
||||
keyMgmt = mkOption {
|
||||
type = types.str;
|
||||
default = "sae";
|
||||
description = "Key management type (e.g., sae, wpa-psk).";
|
||||
};
|
||||
};
|
||||
});
|
||||
default = {};
|
||||
}
|
||||
);
|
||||
default = { };
|
||||
description = "WiFi network profiles.";
|
||||
};
|
||||
};
|
||||
@@ -146,7 +148,7 @@ with lib;
|
||||
};
|
||||
settings = mkOption {
|
||||
type = types.attrs;
|
||||
default = {};
|
||||
default = { };
|
||||
description = "Settings for iwd.";
|
||||
};
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user