diff options
| author | aristote <quentin.aristote@irif.fr> | 2024-03-27 19:27:15 +0100 |
|---|---|---|
| committer | aristote <quentin.aristote@irif.fr> | 2024-03-27 19:30:55 +0100 |
| commit | 205a0e825de6456a0d14cee6bc1978aae30f9d9e (patch) | |
| tree | 36f59aa39d1b54a1b340ed1eb045086980fec54f /modules/nixos/personal/networking | |
| parent | 2139072efb4c4d0c6e4458b536ee2a7702336ab4 (diff) | |
nixos: networking: add personal db of wifi networks
Diffstat (limited to 'modules/nixos/personal/networking')
| -rw-r--r-- | modules/nixos/personal/networking/default.nix | 79 | ||||
| -rw-r--r-- | modules/nixos/personal/networking/wifi.nix | 62 |
2 files changed, 141 insertions, 0 deletions
diff --git a/modules/nixos/personal/networking/default.nix b/modules/nixos/personal/networking/default.nix new file mode 100644 index 0000000..eec4195 --- /dev/null +++ b/modules/nixos/personal/networking/default.nix @@ -0,0 +1,79 @@ +{ + config, + lib, + pkgs, + options, + ... +}: let + cfg = config.personal.networking; + mkFirewallEnableOption = name: + lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to open ports for ${name}."; + }; +in { + imports = [./wifi.nix]; + + options.personal.networking = { + enable = lib.mkEnableOption "networking"; + bluetooth.enable = lib.mkEnableOption "bluetooth"; + networkmanager.enable = lib.mkEnableOption "NetworkManager"; + ssh.enable = lib.mkEnableOption "SSH server"; + firewall = { + syncthing = mkFirewallEnableOption "Syncthing"; + kdeconnect = mkFirewallEnableOption "KDE Connect"; + http = mkFirewallEnableOption "HTTP and HTTPS (incoming)"; + }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = + lib.optional cfg.networkmanager.enable pkgs.networkmanager; + networking = { + networkmanager = lib.mkIf cfg.networkmanager.enable { + enable = true; + unmanaged = ["interface-name:ve-*"]; + }; + firewall = { + enable = true; + allowedTCPPorts = + lib.optional cfg.firewall.syncthing 22000 + ++ lib.optionals cfg.firewall.http [80 443]; + allowedUDPPorts = lib.optionals cfg.firewall.syncthing [22000 21027]; + allowedTCPPortRanges = lib.optional cfg.firewall.kdeconnect { + from = 1714; + to = 1764; + }; + allowedUDPPortRanges = lib.optional cfg.firewall.kdeconnect { + from = 1714; + to = 1764; + }; + }; + }; + services = lib.mkIf cfg.ssh.enable { + openssh = + { + enable = true; + extraConfig = '' + AcceptEnv PS1 + ''; + } + // ( + if options.services.openssh ? settings + then { + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + } + else { + permitRootLogin = "no"; + passwordAuthentication = false; + } + ); + fail2ban.enable = true; + }; + hardware.bluetooth.enable = cfg.bluetooth.enable; + }; +} diff --git a/modules/nixos/personal/networking/wifi.nix b/modules/nixos/personal/networking/wifi.nix new file mode 100644 index 0000000..2df8f6e --- /dev/null +++ b/modules/nixos/personal/networking/wifi.nix @@ -0,0 +1,62 @@ +{ + config, + lib, + ... +}: let + cfg = config.personal.networking.wifi; + mkWifiProfile = { + id, + uuid, + ssid, + }: { + "${id}" = { + connection = { + inherit id uuid; + type = "wifi"; + }; + wifi = { + inherit ssid; + mode = "infrastructure"; + }; + wifi-security = { + key-mgmt = "wpa-psk"; + # fill-in password on first connection + }; + ipv4 = { + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { + }; + }; + }; +in { + options.personal.networking.wifi = { + enable = lib.mkEnableOption "personal WiFi networks"; + networks = lib.mkOption { + type = with lib.types; listOf (attrsOf str); + default = [ + { + id = "home-private"; + ssid = "Quentintranet"; + uuid = "e1e7e428-cf9f-4123-ac5b-641e6458d7e5"; + } + { + id = "hotspot"; + ssid = "Quentinternational"; + uuid = "e18bf2e0-e9b6-454c-b7f3-e264c29f4e88"; + } + { + id = "home-cercier"; + ssid = "ARISTOTE"; + uuid = "6ca53030-e03b-46ac-8a11-00b0787b3fa9"; + } + ]; + }; + }; + + config.networking.networkmanager.ensureProfiles.profiles = lib.mkIf cfg.enable (lib.mergeAttrsList (builtins.map mkWifiProfile cfg.networks)); +} |