From ad185ef5efb06526b9dcf415498e21f02228e360 Mon Sep 17 00:00:00 2001 From: Swarsel Date: Wed, 17 Jul 2024 04:15:13 +0200 Subject: [PATCH] feat: make NetworkManager config declarative --- SwarselSystems.org | 207 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 205 insertions(+), 2 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 415250e..6b6470d 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -4629,7 +4629,210 @@ Here I only enable =networkmanager=. Most of the 'real' network config is done i #+begin_src nix :tangle profiles/common/nixos.nix - networking.networkmanager.enable = true; + networking.networkmanager = { + enable = true; + ensureProfiles = { + environmentFiles = [ + "${config.sops.templates."network-manager.env".path}" + ]; + profiles = { + "Ernest Routerford" = { + connection = { + id = "Ernest Routerford"; + permissions = ""; + type = "wifi"; + }; + ipv4 = { + dns-search = ""; + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + dns-search = ""; + method = "auto"; + }; + wifi = { + mac-address-blacklist = ""; + mode = "infrastructure"; + ssid = "Ernest Routerford"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$ERNEST"; + }; + }; + + LAN-Party = { + connection = { + autoconnect = "false"; + id = "LAN-Party"; + type = "ethernet"; + }; + ethernet = { + auto-negotiate = "true"; + cloned-mac-address = "preserve"; + mac-address = "90:2E:16:D0:A1:87"; + }; + ipv4 = { method = "shared"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + }; + + eduroam = { + "802-1x" = { + eap = "ttls;"; + identity = "$EDUID"; + password = "$EDUPASS"; + phase2-auth = "mschapv2"; + }; + connection = { + id = "eduroam"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "eduroam"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-eap"; + }; + }; + + local = { + connection = { + autoconnect = "false"; + id = "local"; + type = "ethernet"; + }; + ethernet = { }; + ipv4 = { + address1 = "10.42.1.1/24"; + method = "shared"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + }; + + HH40V_39F5 = { + connection = { + id = "HH40V_39F5"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + wifi = { + band = "bg"; + mode = "infrastructure"; + ssid = "HH40V_39F5"; + }; + wifi-security = { + key-mgmt = "wpa-psk"; + psk = "$FRAUNS"; + }; + }; + + magicant = { + connection = { + id = "magicant"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "magicant"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$HANDYHOTSPOT"; + }; + }; + + "sweden-aes-128-cbc-udp-dns" = { + connection = { + autoconnect = "false"; + id = "PIA Sweden"; + type = "vpn"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + vpn = { + auth = "sha1"; + ca = + "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem"; + challenge-response-flags = "2"; + cipher = "aes-128-cbc"; + compress = "yes"; + connection-type = "password"; + crl-verify-file = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem"; + dev = "tun"; + password-flags = "0"; + remote = "sweden.privacy.network:1198"; + remote-cert-tls = "server"; + reneg-seconds = "0"; + service-type = "org.freedesktop.NetworkManager.openvpn"; + username = "$VPNUSER"; + }; + vpn-secrets = { password = "$VPNPASS"; }; + }; + + Hotspot = { + connection = { + autoconnect = "false"; + id = "Hotspot"; + type = "wifi"; + }; + ipv4 = { method = "shared"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "ignore"; + }; + proxy = { }; + wifi = { + mode = "ap"; + ssid = "Hotspot-fourside"; + }; + wifi-security = { + group = "ccmp;"; + key-mgmt = "wpa-psk"; + pairwise = "ccmp;"; + proto = "rsn;"; + psk = "$HOTSPOT"; + }; + }; + + }; + }; + }; + + systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ]; #+end_src @@ -5935,7 +6138,7 @@ Here we set some aliases (some of them should be shellApplications instead) as w c="git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/"; passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;"; passpull = "cd ~/.local/share/password-store; git pull; cd -;"; - hotspot = "nmcli connection up local; nmcli device wifi hotspot password 12345678;"; + hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; cd="z"; cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\""; };