mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

manual_inherit

Browse Source
This commit is contained in:
mjallen18
2026-04-05 19:10:23 -05:00
parent a363622659
commit ff469102ea
84 changed files with 248 additions and 329 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
modules/nixos/network/default.nix
View File

@@ -15,24 +15,20 @@ let
name: profile:
nameValuePair "${name}" {
connection = {
inherit (profile) type autoconnect autoconnect-retries;
id = name;
type = profile.type;
autoconnect = profile.autoconnect;
autoconnect-retries = profile.autoconnect-retries;
autoconnect-priority = profile.priority;
interface-name = profile.interface or cfg.ipv4.interface;
};
ipv4 = {
method = cfg.ipv4.method;
inherit (cfg.ipv4) method;
}
// (
if (cfg.ipv4.method == "auto") then
{ }
else
{
address = cfg.ipv4.address;
gateway = cfg.ipv4.gateway;
dns = cfg.ipv4.dns;
inherit (cfg.ipv4) address gateway dns;
}
);
ipv6 = {
@@ -40,13 +36,13 @@ let
method = "auto";
};
wifi = mkIf (profile.type == "wifi") {
inherit (profile) ssid;
mode = "infrastructure";
ssid = profile.ssid;
roaming = "allowed";
};
wifi-security = mkIf (profile.type == "wifi") {
inherit (profile) psk;
key-mgmt = profile.keyMgmt;
psk = profile.psk;
};
};
@@ -65,10 +61,8 @@ let
interface-name = cfg.ipv4.interface;
};
ipv4 = {
inherit (cfg.ipv4) address gateway dns;
method = "manual";
address = cfg.ipv4.address;
gateway = cfg.ipv4.gateway;
dns = cfg.ipv4.dns;
};
ipv6 = {
addr-gen-mode = "stable-privacy";
@@ -149,31 +143,29 @@ in
# Configure NAT if enabled
nat = lib.mkIf cfg.nat.enable {
inherit (cfg.nat) internalInterfaces externalInterface enableIPv6;
enable = true;
internalInterfaces = cfg.nat.internalInterfaces;
externalInterface = cfg.nat.externalInterface;
enableIPv6 = cfg.nat.enableIPv6;
};
# Configure firewall
firewall = {
enable = cfg.firewall.enable;
allowPing = cfg.firewall.allowPing;
allowedTCPPorts = cfg.firewall.allowedTCPPorts;
allowedUDPPorts = cfg.firewall.allowedUDPPorts;
trustedInterfaces = cfg.firewall.trustedInterfaces;
inherit (cfg.firewall)
enable
allowPing
allowedTCPPorts
allowedUDPPorts
trustedInterfaces
;
# Default port ranges for KDE Connect
allowedTCPPortRanges = lib.mkIf cfg.firewall.kdeConnect.enable [
{
from = cfg.firewall.kdeConnect.tcpRange.from;
to = cfg.firewall.kdeConnect.tcpRange.to;
inherit (cfg.firewall.kdeConnect.tcpRange) from to;
}
];
allowedUDPPortRanges = lib.mkIf cfg.firewall.kdeConnect.enable [
{
from = cfg.firewall.kdeConnect.udpRange.from;
to = cfg.firewall.kdeConnect.udpRange.to;
inherit (cfg.firewall.kdeConnect.udpRange) from to;
}
];
@@ -185,14 +177,16 @@ in
# When iwd is enabled alongside NetworkManager, iwd acts as the WiFi
# backend for NM (iwd handles scanning/association; NM handles
# connection management). They are not mutually exclusive.
wireless.iwd = lib.mkIf cfg.iwd.enable {
enable = true;
settings = cfg.iwd.settings;
wireless.iwd = {
inherit (cfg.iwd)
enable
settings
;
};
# Configure NetworkManager when enabled
networkmanager = mkIf cfg.networkmanager.enable {
enable = true;
networkmanager = {
inherit (cfg.networkmanager) enable;
# Use iwd as the WiFi backend when iwd is also enabled
wifi.backend = mkIf cfg.iwd.enable "iwd";
wifi.powersave = cfg.networkmanager.powersave;
@@ -211,7 +205,7 @@ in
# Configure profiles if any are defined
ensureProfiles = mkIf (profiles != { }) {
environmentFiles = lib.optional (config.sops.secrets ? wifi) config.sops.secrets.wifi.path;
profiles = profiles;
inherit profiles;
};
};
};