From 205a0e825de6456a0d14cee6bc1978aae30f9d9e Mon Sep 17 00:00:00 2001 From: aristote Date: Wed, 27 Mar 2024 19:27:15 +0100 Subject: nixos: networking: add personal db of wifi networks --- modules/nixos/personal/default.nix | 6 +- modules/nixos/personal/networking.nix | 66 ---------------------- modules/nixos/personal/networking/default.nix | 79 +++++++++++++++++++++++++++ modules/nixos/personal/networking/wifi.nix | 62 +++++++++++++++++++++ 4 files changed, 143 insertions(+), 70 deletions(-) delete mode 100644 modules/nixos/personal/networking.nix create mode 100644 modules/nixos/personal/networking/default.nix create mode 100644 modules/nixos/personal/networking/wifi.nix (limited to 'modules/nixos/personal') diff --git a/modules/nixos/personal/default.nix b/modules/nixos/personal/default.nix index ffaa97f..064260a 100644 --- a/modules/nixos/personal/default.nix +++ b/modules/nixos/personal/default.nix @@ -1,13 +1,11 @@ -{ ... }: - -{ +{...}: { imports = [ ./boot.nix ./environment.nix ./gui.nix ./hardware.nix ./monitoring.nix - ./networking.nix + ./networking ./nix.nix ./user.nix ]; diff --git a/modules/nixos/personal/networking.nix b/modules/nixos/personal/networking.nix deleted file mode 100644 index 2385abd..0000000 --- a/modules/nixos/personal/networking.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ config, lib, pkgs, options, ... }: - -let - cfg = config.personal.networking; - mkFirewallEnableOption = name: - lib.mkOption { - type = lib.types.bool; - default = false; - description = "Whether to open ports for ${name}."; - }; -in { - options.personal.networking = { - enable = lib.mkEnableOption "networking"; - bluetooth.enable = lib.mkEnableOption "bluetooth"; - networkmanager.enable = lib.mkEnableOption "NetworkManager"; - ssh.enable = lib.mkEnableOption "SSH server"; - firewall = { - syncthing = mkFirewallEnableOption "Syncthing"; - kdeconnect = mkFirewallEnableOption "KDE Connect"; - http = mkFirewallEnableOption "HTTP and HTTPS (incoming)"; - }; - }; - - config = lib.mkIf cfg.enable { - environment.systemPackages = - lib.optional cfg.networkmanager.enable pkgs.networkmanager; - networking = { - networkmanager = lib.mkIf cfg.networkmanager.enable { - enable = true; - unmanaged = [ "interface-name:ve-*" ]; - }; - firewall = { - enable = true; - allowedTCPPorts = lib.optional cfg.firewall.syncthing 22000 - ++ lib.optionals cfg.firewall.http [ 80 443 ]; - allowedUDPPorts = lib.optionals cfg.firewall.syncthing [ 22000 21027 ]; - allowedTCPPortRanges = lib.optional cfg.firewall.kdeconnect { - from = 1714; - to = 1764; - }; - allowedUDPPortRanges = lib.optional cfg.firewall.kdeconnect { - from = 1714; - to = 1764; - }; - }; - }; - services = lib.mkIf cfg.ssh.enable { - openssh = { - enable = true; - extraConfig = '' - AcceptEnv PS1 - ''; - } // (if options.services.openssh ? settings then { - settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - }; - } else { - permitRootLogin = "no"; - passwordAuthentication = false; - }); - fail2ban.enable = true; - }; - hardware.bluetooth.enable = cfg.bluetooth.enable; - }; -} diff --git a/modules/nixos/personal/networking/default.nix b/modules/nixos/personal/networking/default.nix new file mode 100644 index 0000000..eec4195 --- /dev/null +++ b/modules/nixos/personal/networking/default.nix @@ -0,0 +1,79 @@ +{ + config, + lib, + pkgs, + options, + ... +}: let + cfg = config.personal.networking; + mkFirewallEnableOption = name: + lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to open ports for ${name}."; + }; +in { + imports = [./wifi.nix]; + + options.personal.networking = { + enable = lib.mkEnableOption "networking"; + bluetooth.enable = lib.mkEnableOption "bluetooth"; + networkmanager.enable = lib.mkEnableOption "NetworkManager"; + ssh.enable = lib.mkEnableOption "SSH server"; + firewall = { + syncthing = mkFirewallEnableOption "Syncthing"; + kdeconnect = mkFirewallEnableOption "KDE Connect"; + http = mkFirewallEnableOption "HTTP and HTTPS (incoming)"; + }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = + lib.optional cfg.networkmanager.enable pkgs.networkmanager; + networking = { + networkmanager = lib.mkIf cfg.networkmanager.enable { + enable = true; + unmanaged = ["interface-name:ve-*"]; + }; + firewall = { + enable = true; + allowedTCPPorts = + lib.optional cfg.firewall.syncthing 22000 + ++ lib.optionals cfg.firewall.http [80 443]; + allowedUDPPorts = lib.optionals cfg.firewall.syncthing [22000 21027]; + allowedTCPPortRanges = lib.optional cfg.firewall.kdeconnect { + from = 1714; + to = 1764; + }; + allowedUDPPortRanges = lib.optional cfg.firewall.kdeconnect { + from = 1714; + to = 1764; + }; + }; + }; + services = lib.mkIf cfg.ssh.enable { + openssh = + { + enable = true; + extraConfig = '' + AcceptEnv PS1 + ''; + } + // ( + if options.services.openssh ? settings + then { + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + } + else { + permitRootLogin = "no"; + passwordAuthentication = false; + } + ); + fail2ban.enable = true; + }; + hardware.bluetooth.enable = cfg.bluetooth.enable; + }; +} diff --git a/modules/nixos/personal/networking/wifi.nix b/modules/nixos/personal/networking/wifi.nix new file mode 100644 index 0000000..2df8f6e --- /dev/null +++ b/modules/nixos/personal/networking/wifi.nix @@ -0,0 +1,62 @@ +{ + config, + lib, + ... +}: let + cfg = config.personal.networking.wifi; + mkWifiProfile = { + id, + uuid, + ssid, + }: { + "${id}" = { + connection = { + inherit id uuid; + type = "wifi"; + }; + wifi = { + inherit ssid; + mode = "infrastructure"; + }; + wifi-security = { + key-mgmt = "wpa-psk"; + # fill-in password on first connection + }; + ipv4 = { + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { + }; + }; + }; +in { + options.personal.networking.wifi = { + enable = lib.mkEnableOption "personal WiFi networks"; + networks = lib.mkOption { + type = with lib.types; listOf (attrsOf str); + default = [ + { + id = "home-private"; + ssid = "Quentintranet"; + uuid = "e1e7e428-cf9f-4123-ac5b-641e6458d7e5"; + } + { + id = "hotspot"; + ssid = "Quentinternational"; + uuid = "e18bf2e0-e9b6-454c-b7f3-e264c29f4e88"; + } + { + id = "home-cercier"; + ssid = "ARISTOTE"; + uuid = "6ca53030-e03b-46ac-8a11-00b0787b3fa9"; + } + ]; + }; + }; + + config.networking.networkmanager.ensureProfiles.profiles = lib.mkIf cfg.enable (lib.mergeAttrsList (builtins.map mkWifiProfile cfg.networks)); +} -- cgit v1.2.3