155 lines
4.3 KiB
Nix
155 lines
4.3 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
namespace,
|
|
...
|
|
}:
|
|
with lib;
|
|
let
|
|
cfg = config.${namespace}.network;
|
|
|
|
profiles =
|
|
let
|
|
make =
|
|
name: profile:
|
|
nameValuePair "${name}" {
|
|
connection = {
|
|
id = name;
|
|
type = profile.type;
|
|
autoconnect = profile.autoconnect;
|
|
autoconnect-retries = profile.autoconnect-retries;
|
|
autoconnect-priority = profile.priority;
|
|
interface-name = cfg.ipv4.interface;
|
|
};
|
|
ipv4 = {
|
|
method = cfg.ipv4.method;
|
|
}
|
|
// (
|
|
if (cfg.ipv4.method == "auto") then
|
|
{ }
|
|
else
|
|
{
|
|
address = "${cfg.ipv4.address}\\24";
|
|
gateway = cfg.ipv4.gateway;
|
|
dns = cfg.ipv4.dns;
|
|
}
|
|
);
|
|
ipv6 = {
|
|
addr-gen-mode = "stable-privacy";
|
|
method = "auto";
|
|
};
|
|
wifi = mkIf (profile.type == "wifi") {
|
|
mode = "infrastructure";
|
|
ssid = profile.ssid;
|
|
};
|
|
wifi-security = mkIf (profile.type == "wifi") {
|
|
key-mgmt = profile.keyMgmt;
|
|
psk = profile.psk;
|
|
};
|
|
};
|
|
in
|
|
mapAttrs' make cfg.networkmanager.profiles;
|
|
in
|
|
{
|
|
imports = [
|
|
./options.nix
|
|
];
|
|
|
|
config = {
|
|
systemd = {
|
|
services = {
|
|
NetworkManager-wait-online.enable = false;
|
|
systemd-networkd.stopIfChanged = false;
|
|
systemd-resolved.stopIfChanged = false;
|
|
};
|
|
network.wait-online.enable = false;
|
|
};
|
|
|
|
networking = {
|
|
hostName = lib.mkForce cfg.hostName;
|
|
|
|
# Use networkd if enabled
|
|
useNetworkd = lib.mkDefault true;
|
|
|
|
# Set default gateway and nameservers if in manual mode
|
|
defaultGateway = lib.mkIf (cfg.ipv4.method == "manual") {
|
|
address = cfg.ipv4.gateway;
|
|
interface = lib.mkIf (cfg.ipv4.interface != "") cfg.ipv4.interface;
|
|
};
|
|
|
|
nameservers = lib.mkIf (cfg.ipv4.method == "manual") [ cfg.ipv4.dns ];
|
|
|
|
# Set hostId if provided
|
|
hostId = lib.mkIf (cfg.hostId != "") cfg.hostId;
|
|
|
|
# Configure NAT if enabled
|
|
nat = lib.mkIf cfg.nat.enable {
|
|
enable = true;
|
|
internalInterfaces = cfg.nat.internalInterfaces;
|
|
externalInterface = cfg.nat.externalInterface;
|
|
enableIPv6 = cfg.nat.enableIPv6;
|
|
};
|
|
|
|
# Configure firewall
|
|
firewall = {
|
|
enable = cfg.firewall.enable;
|
|
allowPing = cfg.firewall.allowPing;
|
|
allowedTCPPorts = cfg.firewall.allowedTCPPorts;
|
|
allowedUDPPorts = cfg.firewall.allowedUDPPorts;
|
|
trustedInterfaces = cfg.firewall.trustedInterfaces;
|
|
|
|
# Default port ranges for KDE Connect
|
|
allowedTCPPortRanges = [
|
|
{
|
|
from = 1714;
|
|
to = 1764;
|
|
}
|
|
];
|
|
allowedUDPPortRanges = config.networking.firewall.allowedTCPPortRanges;
|
|
|
|
# Extra firewall commands
|
|
extraCommands = lib.mkIf (cfg.extraFirewallCommands != "") cfg.extraFirewallCommands;
|
|
};
|
|
|
|
# Configure iwd if enabled
|
|
wireless.iwd = lib.mkIf cfg.iwd.enable {
|
|
enable = true;
|
|
settings = cfg.iwd.settings;
|
|
};
|
|
|
|
# Configure NetworkManager
|
|
networkmanager = mkMerge [
|
|
# Disable NetworkManager when iwd is enabled
|
|
(mkIf cfg.iwd.enable {
|
|
enable = mkForce false;
|
|
wifi.backend = mkForce "iwd";
|
|
})
|
|
|
|
# Enable NetworkManager when wifi is enabled and iwd is disabled
|
|
(mkIf (cfg.networkmanager.enable && !cfg.iwd.enable) {
|
|
enable = true;
|
|
wifi.powersave = cfg.networkmanager.powersave;
|
|
settings.connectivity.uri = mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
|
|
plugins = with pkgs; [
|
|
networkmanager-fortisslvpn
|
|
networkmanager-iodine
|
|
networkmanager-l2tp
|
|
networkmanager-openconnect
|
|
networkmanager-openvpn
|
|
networkmanager-sstp
|
|
networkmanager-strongswan
|
|
networkmanager-vpnc
|
|
];
|
|
|
|
# Configure WiFi profiles if any are defined
|
|
ensureProfiles = mkIf (cfg.networkmanager.profiles != { }) {
|
|
environmentFiles = lib.optional (config.sops.secrets ? wifi) config.sops.secrets.wifi.path;
|
|
profiles = profiles;
|
|
};
|
|
})
|
|
];
|
|
};
|
|
};
|
|
}
|