nixos: networking: add personal db of wifi networks

author: aristote <quentin.aristote@irif.fr> 2024-03-27 19:27:15 +0100
committer: aristote <quentin.aristote@irif.fr> 2024-03-27 19:30:55 +0100
commit: 205a0e825de6456a0d14cee6bc1978aae30f9d9e (patch)
tree: 36f59aa39d1b54a1b340ed1eb045086980fec54f /modules/nixos/personal
parent: 2139072efb4c4d0c6e4458b536ee2a7702336ab4 (diff)
3 files changed, 98 insertions, 25 deletions
diff --git a/modules/nixos/personal/default.nix b/modules/nixos/personal/default.nix
index ffaa97f..064260a 100644
--- a/modules/nixos/personal/default.nix
+++ b/modules/nixos/personal/default.nix
@@ -1,13 +1,11 @@
-{ ... }:
-
-{
+{...}: {
   imports = [
     ./boot.nix
     ./environment.nix
     ./gui.nix
     ./hardware.nix
     ./monitoring.nix
-    ./networking.nix
+    ./networking
     ./nix.nix
     ./user.nix
   ];
diff --git a/modules/nixos/personal/networking.nix b/modules/nixos/personal/networking/default.nix
index 2385abd..eec4195 100644
--- a/modules/nixos/personal/networking.nix
+++ b/modules/nixos/personal/networking/default.nix
@@ -1,6 +1,10 @@
-{ config, lib, pkgs, options, ... }:
-
-let
+{
+  config,
+  lib,
+  pkgs,
+  options,
+  ...
+}: let
   cfg = config.personal.networking;
   mkFirewallEnableOption = name:
     lib.mkOption {
@@ -9,6 +13,8 @@ let
       description = "Whether to open ports for ${name}.";
     };
 in {
+  imports = [./wifi.nix];
+
   options.personal.networking = {
     enable = lib.mkEnableOption "networking";
     bluetooth.enable = lib.mkEnableOption "bluetooth";
@@ -27,13 +33,14 @@ in {
     networking = {
       networkmanager = lib.mkIf cfg.networkmanager.enable {
         enable = true;
-        unmanaged = [ "interface-name:ve-*" ];
+        unmanaged = ["interface-name:ve-*"];
       };
       firewall = {
         enable = true;
-        allowedTCPPorts = lib.optional cfg.firewall.syncthing 22000
-          ++ lib.optionals cfg.firewall.http [ 80 443 ];
-        allowedUDPPorts = lib.optionals cfg.firewall.syncthing [ 22000 21027 ];
+        allowedTCPPorts =
+          lib.optional cfg.firewall.syncthing 22000
+          ++ lib.optionals cfg.firewall.http [80 443];
+        allowedUDPPorts = lib.optionals cfg.firewall.syncthing [22000 21027];
         allowedTCPPortRanges = lib.optional cfg.firewall.kdeconnect {
           from = 1714;
           to = 1764;
@@ -45,20 +52,26 @@ in {
       };
     };
     services = lib.mkIf cfg.ssh.enable {
-      openssh = {
-        enable = true;
-        extraConfig = ''
-          AcceptEnv PS1
-        '';
-      } // (if options.services.openssh ? settings then {
-        settings = {
-          PermitRootLogin = "no";
-          PasswordAuthentication = false;
-        };
-      } else {
-        permitRootLogin = "no";
-        passwordAuthentication = false;
-      });
+      openssh =
+        {
+          enable = true;
+          extraConfig = ''
+            AcceptEnv PS1
+          '';
+        }
+        // (
+          if options.services.openssh ? settings
+          then {
+            settings = {
+              PermitRootLogin = "no";
+              PasswordAuthentication = false;
+            };
+          }
+          else {
+            permitRootLogin = "no";
+            passwordAuthentication = false;
+          }
+        );
       fail2ban.enable = true;
     };
     hardware.bluetooth.enable = cfg.bluetooth.enable;
diff --git a/modules/nixos/personal/networking/wifi.nix b/modules/nixos/personal/networking/wifi.nix
new file mode 100644
index 0000000..2df8f6e
--- /dev/null
+++ b/modules/nixos/personal/networking/wifi.nix
@@ -0,0 +1,62 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.personal.networking.wifi;
+  mkWifiProfile = {
+    id,
+    uuid,
+    ssid,
+  }: {
+    "${id}" = {
+      connection = {
+        inherit id uuid;
+        type = "wifi";
+      };
+      wifi = {
+        inherit ssid;
+        mode = "infrastructure";
+      };
+      wifi-security = {
+        key-mgmt = "wpa-psk";
+        # fill-in password on first connection
+      };
+      ipv4 = {
+        method = "auto";
+      };
+      ipv6 = {
+        addr-gen-mode = "stable-privacy";
+        method = "auto";
+      };
+      proxy = {
+      };
+    };
+  };
+in {
+  options.personal.networking.wifi = {
+    enable = lib.mkEnableOption "personal WiFi networks";
+    networks = lib.mkOption {
+      type = with lib.types; listOf (attrsOf str);
+      default = [
+        {
+          id = "home-private";
+          ssid = "Quentintranet";
+          uuid = "e1e7e428-cf9f-4123-ac5b-641e6458d7e5";
+        }
+        {
+          id = "hotspot";
+          ssid = "Quentinternational";
+          uuid = "e18bf2e0-e9b6-454c-b7f3-e264c29f4e88";
+        }
+        {
+          id = "home-cercier";
+          ssid = "ARISTOTE";
+          uuid = "6ca53030-e03b-46ac-8a11-00b0787b3fa9";
+        }
+      ];
+    };
+  };
+
+  config.networking.networkmanager.ensureProfiles.profiles = lib.mkIf cfg.enable (lib.mergeAttrsList (builtins.map mkWifiProfile cfg.networks));
+}
author	aristote <quentin.aristote@irif.fr>	2024-03-27 19:27:15 +0100
committer	aristote <quentin.aristote@irif.fr>	2024-03-27 19:30:55 +0100
commit	205a0e825de6456a0d14cee6bc1978aae30f9d9e (patch)
tree	36f59aa39d1b54a1b340ed1eb045086980fec54f /modules/nixos/personal
parent	2139072efb4c4d0c6e4458b536ee2a7702336ab4 (diff)