{ lib, config, ... }: let cfg = config.nix-config.networking; in { options = { nix-config.networking.hostName = lib.mkOption { type = lib.types.str; default = "nixos"; }; nix-config.networking.vpn = lib.mkOption { type = lib.types.bool; default = true; }; }; config = { networking.hostName = cfg.hostName; networking.networkmanager.enable = true; networking.networkmanager.wifi.powersave = lib.mkDefault true; users.users.${config.nix-config.userName}.extraGroups = [ "networkmanager" ]; services.avahi.enable = true; services.avahi.openFirewall = true; # networking.firewall = { # enable = false; # }; # # VPN setup networking.networkmanager.ensureProfiles = { environmentFiles = [ config.sops.secrets.vpnEnvironment.path ]; profiles.wg-home = { connection = { id = "wg-home"; type = "wireguard"; interface-name = "wgh"; autoconnect = false; }; ipv4 = { address = "10.0.0.2/32"; method = "manual"; }; wireguard = { listen-port = 51820; private-key = "$HOME_PRIVATE_KEY"; }; "wireguard-peer.y/TBD/c0GkrRtekDkCb8TUnYYil8bSRPIjPDY650pz8=" = { endpoint = "$HOME_ENDPOINT"; allowed-ips = "192.168.1.0/16"; }; }; profiles.wg-fritzbox = { connection = { id = "wg-fritzbox"; type = "wireguard"; interface-name = "wgfb"; autoconnect = false; }; ipv4 = { address = "192.168.178.201/24"; dns = "192.168.178.1"; method = "manual"; }; wireguard = { listen-port = 51820; private-key = "$FRITZBOX_PRIVATE_KEY"; }; "wireguard-peer.Jf/seKAL7kWm2qX9gf5Ln8FiN7OlPQB3CyRovDIOEHw=" = { endpoint = "$FRITZBOX_ENDPOINT"; allowed-ips = "192.168.178.0/24;fd73:ea00:5841::/64"; preshared-key = "$FRITZBOX_PRESHARED_KEY"; }; }; }; }; }