95 lines
2.1 KiB
Nix
95 lines
2.1 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.nix-config.networking;
|
|
in
|
|
{
|
|
|
|
options = {
|
|
nix-config.networking.hostName = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "nixos";
|
|
};
|
|
|
|
nix-config.networking.vpn = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = true;
|
|
};
|
|
};
|
|
|
|
config = {
|
|
networking.hostName = cfg.hostName;
|
|
|
|
networking.networkmanager.enable = true;
|
|
networking.networkmanager.wifi.powersave = lib.mkDefault true;
|
|
users.users.${config.nix-config.userName}.extraGroups = [
|
|
"networkmanager"
|
|
];
|
|
services.avahi.enable = true;
|
|
services.avahi.openFirewall = true;
|
|
|
|
# networking.firewall = {
|
|
# enable = false;
|
|
# };
|
|
|
|
# # VPN setup
|
|
networking.networkmanager.ensureProfiles = {
|
|
environmentFiles = [ config.sops.secrets.vpnEnvironment.path ];
|
|
profiles.wg-home = {
|
|
connection = {
|
|
id = "wg-home";
|
|
type = "wireguard";
|
|
interface-name = "wgh";
|
|
autoconnect = false;
|
|
};
|
|
|
|
ipv4 = {
|
|
address = "10.0.0.2/32";
|
|
method = "manual";
|
|
};
|
|
|
|
wireguard = {
|
|
listen-port = 51820;
|
|
private-key = "$HOME_PRIVATE_KEY";
|
|
};
|
|
|
|
"wireguard-peer.y/TBD/c0GkrRtekDkCb8TUnYYil8bSRPIjPDY650pz8=" = {
|
|
endpoint = "$HOME_ENDPOINT";
|
|
allowed-ips = "192.168.1.0/16";
|
|
};
|
|
};
|
|
|
|
|
|
|
|
profiles.wg-fritzbox = {
|
|
connection = {
|
|
id = "wg-fritzbox";
|
|
type = "wireguard";
|
|
interface-name = "wgfb";
|
|
autoconnect = false;
|
|
};
|
|
|
|
ipv4 = {
|
|
address = "192.168.178.201/24";
|
|
dns = "192.168.178.1";
|
|
method = "manual";
|
|
};
|
|
|
|
wireguard = {
|
|
listen-port = 51820;
|
|
private-key = "$FRITZBOX_PRIVATE_KEY";
|
|
};
|
|
|
|
"wireguard-peer.Jf/seKAL7kWm2qX9gf5Ln8FiN7OlPQB3CyRovDIOEHw=" = {
|
|
endpoint = "$FRITZBOX_ENDPOINT";
|
|
allowed-ips = "192.168.178.0/24;fd73:ea00:5841::/64";
|
|
preshared-key = "$FRITZBOX_PRESHARED_KEY";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|