163 lines
4.2 KiB
Nix
163 lines
4.2 KiB
Nix
{
|
|
lib,
|
|
namespace,
|
|
...
|
|
}:
|
|
with lib;
|
|
{
|
|
options.${namespace}.network = with types; {
|
|
hostName = lib.mkOption {
|
|
type = str;
|
|
default = "nixos";
|
|
description = "The hostname of the system.";
|
|
};
|
|
|
|
ipv4 = {
|
|
method = mkOption {
|
|
type = types.str;
|
|
default = "auto";
|
|
description = "Method for IPv4 configuration (auto or manual).";
|
|
};
|
|
address = lib.mkOption {
|
|
type = types.str;
|
|
default = "10.0.1.1/24";
|
|
description = "IPv4 address with subnet mask (e.g., 10.0.1.1/24).";
|
|
};
|
|
gateway = lib.mkOption {
|
|
type = types.str;
|
|
default = "10.0.1.1";
|
|
description = "IPv4 default gateway.";
|
|
};
|
|
interface = lib.mkOption {
|
|
type = types.str;
|
|
default = "";
|
|
description = "Interface for the default gateway (required when using networkd).";
|
|
};
|
|
dns = lib.mkOption {
|
|
type = types.str;
|
|
default = "10.0.1.1";
|
|
description = "IPv4 DNS server.";
|
|
};
|
|
};
|
|
|
|
useNetworkd = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = "Whether to use systemd-networkd for networking.";
|
|
};
|
|
|
|
nat = {
|
|
enable = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = "Whether to enable NAT.";
|
|
};
|
|
internalInterfaces = mkOption {
|
|
type = types.listOf types.str;
|
|
default = [ ];
|
|
description = "List of internal interfaces for NAT.";
|
|
};
|
|
externalInterface = mkOption {
|
|
type = types.str;
|
|
default = "";
|
|
description = "External interface for NAT.";
|
|
};
|
|
enableIPv6 = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = "Whether to enable IPv6 NAT.";
|
|
};
|
|
};
|
|
|
|
firewall = {
|
|
enable = mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
description = "Whether to enable the firewall.";
|
|
};
|
|
allowPing = mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
description = "Whether to allow ICMP ping.";
|
|
};
|
|
allowedTCPPorts = mkOption {
|
|
type = types.listOf types.port;
|
|
default = [ ];
|
|
description = "List of allowed TCP ports.";
|
|
};
|
|
allowedUDPPorts = mkOption {
|
|
type = types.listOf types.port;
|
|
default = [ ];
|
|
description = "List of allowed UDP ports.";
|
|
};
|
|
trustedInterfaces = mkOption {
|
|
type = types.listOf types.str;
|
|
default = [ ];
|
|
description = "List of trusted interfaces.";
|
|
};
|
|
};
|
|
|
|
wifi = {
|
|
enable = mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
description = "Whether to enable WiFi configuration.";
|
|
};
|
|
powersave = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = "Whether to enable WiFi power saving.";
|
|
};
|
|
profiles = mkOption {
|
|
type = types.attrsOf (
|
|
types.submodule {
|
|
options = {
|
|
ssid = mkOption {
|
|
type = types.str;
|
|
description = "SSID of the WiFi network.";
|
|
};
|
|
psk = mkOption {
|
|
type = types.str;
|
|
default = "$PSK";
|
|
description = "PSK environment variable for the WiFi password.";
|
|
};
|
|
keyMgmt = mkOption {
|
|
type = types.str;
|
|
default = "sae";
|
|
description = "Key management type (e.g., sae, wpa-psk).";
|
|
};
|
|
};
|
|
}
|
|
);
|
|
default = { };
|
|
description = "WiFi network profiles.";
|
|
};
|
|
};
|
|
|
|
hostId = mkOption {
|
|
type = types.str;
|
|
default = "";
|
|
description = "Host ID for ZFS and other services.";
|
|
};
|
|
|
|
iwd = {
|
|
enable = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = "Whether to enable iwd for wireless networking.";
|
|
};
|
|
settings = mkOption {
|
|
type = types.attrs;
|
|
default = { };
|
|
description = "Settings for iwd.";
|
|
};
|
|
};
|
|
|
|
extraFirewallCommands = mkOption {
|
|
type = types.str;
|
|
default = "";
|
|
description = "Extra commands for the firewall.";
|
|
};
|
|
};
|
|
}
|