mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

stuff

Browse Source
This commit is contained in:
mjallen18
2025-09-02 19:23:08 -05:00
parent e79ae984a3
commit a6167bf31c
16 changed files with 226 additions and 508 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
modules/nixos/network/default.nix
View File

@@ -7,6 +7,45 @@
with lib;
let
cfg = config.${namespace}.network;
profiles =
let
make =
name: profile:
nameValuePair "${name}" {
connection = {
id = name;
type = profile.type;
autoconnect = profile.autoconnect;
autoconnect-retries = profile.autoconnect-retries;
autoconnect-priority = profile.priority;
interface-name = cfg.ipv4.interface;
};
ipv4 =
{
method = cfg.ipv4.method;
} // (if (cfg.ipv4.method == "auto") then { }
else
{
address = cfg.ipv4.address;
gateway = cfg.ipv4.gateway;
dns = cfg.ipv4.dns;
});
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = mkIf (profile.type == "wifi") {
mode = "infrastructure";
ssid = profile.ssid;
};
wifi-security = mkIf (profile.type == "wifi") {
key-mgmt = profile.keyMgmt;
psk = profile.psk;
};
};
in
mapAttrs' make cfg.networkmanager.profiles;
in
{
imports = [
@@ -75,47 +114,18 @@ in
})
# Enable NetworkManager when wifi is enabled and iwd is disabled
(mkIf (cfg.wifi.enable && !cfg.iwd.enable) {
(mkIf (cfg.networkmanager.enable && !cfg.iwd.enable) {
enable = true;
wifi.powersave = cfg.wifi.powersave;
wifi.powersave = cfg.networkmanager.powersave;
settings.connectivity.uri = mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
# Configure WiFi profiles if any are defined
ensureProfiles = mkIf (cfg.wifi.profiles != { }) {
ensureProfiles = mkIf (cfg.networkmanager.profiles != { }) {
environmentFiles = [
config.sops.secrets.wifi.path
];
profiles = mapAttrs (name: profile: {
connection = {
id = name;
type = "wifi";
};
ipv4 =
if (cfg.ipv4.method == "auto") then
{
method = "auto";
}
else
{
address1 = cfg.ipv4.address;
dns = cfg.ipv4.dns;
gateway = cfg.ipv4.gateway;
method = "manual";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = profile.ssid;
};
wifi-security = {
key-mgmt = profile.keyMgmt;
psk = profile.psk;
};
}) cfg.wifi.profiles;
profiles = profiles;
};
})
];

194
modules/nixos/network/options.nix
View File

@@ -4,159 +4,89 @@
...
}:
with lib;
let
inherit (lib.mjallen) mkOpt mkBoolOpt;
in
{
options.${namespace}.network = with types; {
hostName = lib.mkOption {
type = str;
default = "nixos";
description = "The hostname of the system.";
};
options.${namespace}.network = {
hostName = mkOpt types.str "nixos" "The hostname of the system.";
ipv4 = {
method = mkOption {
type = types.str;
default = "auto";
description = "Method for IPv4 configuration (auto or manual).";
};
address = lib.mkOption {
type = types.str;
default = "10.0.1.1/24";
description = "IPv4 address with subnet mask (e.g., 10.0.1.1/24).";
};
gateway = lib.mkOption {
type = types.str;
default = "10.0.1.1";
description = "IPv4 default gateway.";
};
interface = lib.mkOption {
type = types.str;
default = "";
description = "Interface for the default gateway (required when using networkd).";
};
dns = lib.mkOption {
type = types.str;
default = "10.0.1.1";
description = "IPv4 DNS server.";
};
method = mkOpt types.str "auto" "Method for IPv4 configuration (auto or manual).";
address = mkOpt types.str "10.0.1.1/24" "IPv4 address with subnet mask (e.g., 10.0.1.1/24).";
gateway = mkOpt types.str "10.0.1.1" "IPv4 default gateway.";
interface = mkOpt types.str "" "Interface for the default gateway (required when using networkd).";
dns = mkOpt types.str "10.0.1.1" "IPv4 DNS server.";
};
useNetworkd = mkOption {
type = types.bool;
default = false;
description = "Whether to use systemd-networkd for networking.";
};
useNetworkd = mkBoolOpt false "Whether to use systemd-networkd for networking.";
nat = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable NAT.";
};
internalInterfaces = mkOption {
type = types.listOf types.str;
default = [ ];
description = "List of internal interfaces for NAT.";
};
externalInterface = mkOption {
type = types.str;
default = "";
description = "External interface for NAT.";
};
enableIPv6 = mkOption {
type = types.bool;
default = false;
description = "Whether to enable IPv6 NAT.";
};
enable = mkBoolOpt false "Whether to enable NAT.";
internalInterfaces = mkOpt (types.listOf types.str) [ ] "List of internal interfaces for NAT.";
externalInterface = mkOpt types.str "" "External interface for NAT.";
enableIPv6 = mkBoolOpt false "Whether to enable IPv6 NAT.";
};
firewall = {
enable = mkOption {
type = types.bool;
default = true;
description = "Whether to enable the firewall.";
};
allowPing = mkOption {
type = types.bool;
default = true;
description = "Whether to allow ICMP ping.";
};
allowedTCPPorts = mkOption {
type = types.listOf types.port;
default = [ ];
description = "List of allowed TCP ports.";
};
allowedUDPPorts = mkOption {
type = types.listOf types.port;
default = [ ];
description = "List of allowed UDP ports.";
};
trustedInterfaces = mkOption {
type = types.listOf types.str;
default = [ ];
description = "List of trusted interfaces.";
};
enable = mkBoolOpt true "Whether to enable the firewall.";
allowPing = mkBoolOpt true "Whether to allow ICMP ping.";
allowedTCPPorts = mkOpt (types.listOf types.port) [ ] "List of allowed TCP ports.";
allowedUDPPorts = mkOpt (types.listOf types.port) [ ] "List of allowed UDP ports.";
trustedInterfaces = mkOpt (types.listOf types.str) [ ] "List of trusted interfaces.";
};
wifi = {
enable = mkOption {
type = types.bool;
default = true;
description = "Whether to enable WiFi configuration.";
};
powersave = mkOption {
type = types.bool;
default = false;
description = "Whether to enable WiFi power saving.";
};
profiles = mkOption {
type = types.attrsOf (
networkmanager = {
enable = mkBoolOpt true "Whether to enable WiFi configuration.";
powersave = mkBoolOpt false "Whether to enable WiFi power saving.";
profiles = mkOpt (types.attrsOf (
types.submodule {
options = {
ssid = mkOption {
type = types.str;
description = "SSID of the WiFi network.";
};
psk = mkOption {
type = types.str;
default = "$PSK";
description = "PSK environment variable for the WiFi password.";
};
keyMgmt = mkOption {
type = types.str;
default = "sae";
description = "Key management type (e.g., sae, wpa-psk).";
};
ssid = mkOpt types.str "" "SSID of the WiFi network.";
type = mkOpt types.str "wifi" "type of the network.(wifi/ethernet)";
autoconnect = mkBoolOpt true "autoconnect to this connection";
autoconnect-retries = mkOpt types.int (-1) "The number of times a connection should be tried when autoactivating before giving up. Zero means forever, -1 means the global default (4 times if not overridden)";
priority = mkOpt types.int 0 "connection priority in range -999 to 999. The higher number means higher priority.";
psk = mkOpt types.str "$PSK" "PSK environment variable for the WiFi password.";
keyMgmt = mkOpt types.str "sae" "Key management type (e.g., sae, wpa-psk).";
};
}
);
default = { };
description = "WiFi network profiles.";
};
))
{
"Joey's Jungle 6G" = { priority = -900; };
"Joey's Jungle 5G" = { priority = -999; };
}
"network profiles.";
};
hostId = mkOption {
type = types.str;
default = "";
description = "Host ID for ZFS and other services.";
};
hostId = mkOpt types.str "" "Host ID for ZFS and other services.";
iwd = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable iwd for wireless networking.";
};
settings = mkOption {
type = types.attrs;
default = { };
description = "Settings for iwd.";
};
enable = mkBoolOpt false "Whether to enable iwd for wireless networking.";
settings = mkOpt types.attrs { } "Settings for iwd.";
};
extraFirewallCommands = mkOption {
type = types.str;
default = "";
description = "Extra commands for the firewall.";
};
extraFirewallCommands = mkOpt types.str "" "Extra commands for the firewall.";
};
}