swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: cleanup

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-07-14 01:08:22 +02:00
parent a8daed1d10
commit e9da090c2a
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
67 changed files with 4146 additions and 2727 deletions
Download patch file Download diff file Expand all files Collapse all files

403
modules/nixos/client/network.nix
View file

@ -1,11 +1,10 @@
{ self, lib, pkgs, config, ... }:
let
certsSopsFile = self + /secrets/certs/secrets.yaml;
clientSopsFile = self + /secrets/${config.networking.hostName}/secrets.yaml;
clientSopsFile = self + /secrets/${config.node.name}/secrets.yaml;
inherit (config.swarselsystems) mainUser;
inherit (config.repo.secrets.common.network) wlan1 wlan2 mobile1 vpn1-location vpn1-cipher vpn1-address eduroam-anon;
inherit (config.repo.secrets.local.network) home-wireguard-address home-wireguard-allowed-ips;
iwd = config.networking.networkmanager.wifi.backend == "iwd";
in
@ -91,222 +90,226 @@ in
environmentFiles = [
"${config.sops.templates."network-manager.env".path}"
];
profiles = {
${wlan1} = {
connection = {
id = wlan1;
permissions = "";
type = "wifi";
profiles =
let
inherit (config.repo.secrets.local.network) home-wireguard-address home-wireguard-allowed-ips;
in
{
${wlan1} = {
connection = {
id = wlan1;
permissions = "";
type = "wifi";
};
ipv4 = {
dns-search = "";
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
dns-search = "";
method = "auto";
};
wifi = {
mac-address-blacklist = "";
mode = "infrastructure";
ssid = wlan1;
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "WLAN1_PW";
};
};
ipv4 = {
dns-search = "";
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
dns-search = "";
method = "auto";
};
wifi = {
mac-address-blacklist = "";
mode = "infrastructure";
ssid = wlan1;
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "WLAN1_PW";
};
};
LAN-Party = {
connection = {
autoconnect = "false";
id = "LAN-Party";
type = "ethernet";
LAN-Party = {
connection = {
autoconnect = "false";
id = "LAN-Party";
type = "ethernet";
};
ethernet = {
auto-negotiate = "true";
cloned-mac-address = "preserve";
};
ipv4 = { method = "shared"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
};
ethernet = {
auto-negotiate = "true";
cloned-mac-address = "preserve";
};
ipv4 = { method = "shared"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
};
eduroam = {
"802-1x" = {
eap = if (!iwd) then "ttls;" else "peap;";
identity = "$EDUROAM_USER";
password = "$EDUROAM_PW";
phase2-auth = "mschapv2";
anonymous-identity = lib.mkIf iwd eduroam-anon;
eduroam = {
"802-1x" = {
eap = if (!iwd) then "ttls;" else "peap;";
identity = "$EDUROAM_USER";
password = "$EDUROAM_PW";
phase2-auth = "mschapv2";
anonymous-identity = lib.mkIf iwd eduroam-anon;
};
connection = {
id = "eduroam";
type = "wifi";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
proxy = { };
wifi = {
mode = "infrastructure";
ssid = "eduroam";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-eap";
};
};
connection = {
id = "eduroam";
type = "wifi";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
proxy = { };
wifi = {
mode = "infrastructure";
ssid = "eduroam";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-eap";
};
};
local = {
connection = {
autoconnect = "false";
id = "local";
type = "ethernet";
local = {
connection = {
autoconnect = "false";
id = "local";
type = "ethernet";
};
ethernet = { };
ipv4 = {
address1 = "10.42.1.1/24";
method = "shared";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
};
ethernet = { };
ipv4 = {
address1 = "10.42.1.1/24";
method = "shared";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
};
${wlan2} = {
connection = {
id = wlan2;
type = "wifi";
${wlan2} = {
connection = {
id = wlan2;
type = "wifi";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
wifi = {
band = "bg";
mode = "infrastructure";
ssid = wlan2;
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = "$WLAN2_PW";
};
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
wifi = {
band = "bg";
mode = "infrastructure";
ssid = wlan2;
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = "$WLAN2_PW";
};
};
${mobile1} = {
connection = {
id = mobile1;
type = "wifi";
${mobile1} = {
connection = {
id = mobile1;
type = "wifi";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
proxy = { };
wifi = {
mode = "infrastructure";
ssid = mobile1;
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "$MOBILE_HOTSPOT_PW";
};
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
proxy = { };
wifi = {
mode = "infrastructure";
ssid = mobile1;
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "$MOBILE_HOTSPOT_PW";
};
};
home-wireguard = {
connection = {
id = "HomeVPN";
type = "wireguard";
autoconnect = "false";
interface-name = "wg1";
home-wireguard = {
connection = {
id = "HomeVPN";
type = "wireguard";
autoconnect = "false";
interface-name = "wg1";
};
wireguard = { private-key = "$HOME_WIREGUARD_CLIENT_PRIVATE_KEY"; };
"wireguard-peer.$HOME_WIREGURARD_SERVER_PUBLIC_KEY" = {
endpoint = "$HOME_WIREGUARD_ENDPOINT";
allowed-ips = home-wireguard-allowed-ips;
};
ipv4 = {
method = "ignore";
address1 = home-wireguard-address;
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "ignore";
};
proxy = { };
};
wireguard = { private-key = "$HOME_WIREGUARD_CLIENT_PRIVATE_KEY"; };
"wireguard-peer.$HOME_WIREGURARD_SERVER_PUBLIC_KEY" = {
endpoint = "$HOME_WIREGUARD_ENDPOINT";
allowed-ips = home-wireguard-allowed-ips;
};
ipv4 = {
method = "ignore";
address1 = home-wireguard-address;
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "ignore";
};
proxy = { };
};
pia-vpn1 = {
connection = {
autoconnect = "false";
id = "PIA ${vpn1-location}";
type = "vpn";
pia-vpn1 = {
connection = {
autoconnect = "false";
id = "PIA ${vpn1-location}";
type = "vpn";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
vpn = {
auth = "sha1";
ca = config.sops.secrets."pia-vpn1-ca-pem".path;
challenge-response-flags = "2";
cipher = vpn1-cipher;
compress = "yes";
connection-type = "password";
crl-verify-file = config.sops.secrets."pia-vpn1-crl-pem".path;
dev = "tun";
password-flags = "0";
remote = vpn1-address;
remote-cert-tls = "server";
reneg-seconds = "0";
service-type = "org.freedesktop.NetworkManager.openvpn";
username = "$PIA_VPN_USER";
};
vpn-secrets = { password = "$PIA_VPN_PW"; };
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
vpn = {
auth = "sha1";
ca = config.sops.secrets."pia-vpn1-ca-pem".path;
challenge-response-flags = "2";
cipher = vpn1-cipher;
compress = "yes";
connection-type = "password";
crl-verify-file = config.sops.secrets."pia-vpn1-crl-pem".path;
dev = "tun";
password-flags = "0";
remote = vpn1-address;
remote-cert-tls = "server";
reneg-seconds = "0";
service-type = "org.freedesktop.NetworkManager.openvpn";
username = "$PIA_VPN_USER";
};
vpn-secrets = { password = "$PIA_VPN_PW"; };
};
Hotspot = {
connection = {
autoconnect = "false";
id = "Hotspot";
type = "wifi";
Hotspot = {
connection = {
autoconnect = "false";
id = "Hotspot";
type = "wifi";
};
ipv4 = { method = "shared"; };
ipv6 = {
addr-gen-mode = "default";
method = "ignore";
};
proxy = { };
wifi = {
mode = "ap";
ssid = "Hotspot-${config.swarselsystems.mainUser}";
};
wifi-security = {
group = "ccmp;";
key-mgmt = "wpa-psk";
pairwise = "ccmp;";
proto = "rsn;";
psk = "$MOBILE_HOTSPOT_PW";
};
};
ipv4 = { method = "shared"; };
ipv6 = {
addr-gen-mode = "default";
method = "ignore";
};
proxy = { };
wifi = {
mode = "ap";
ssid = "Hotspot-${config.swarselsystems.mainUser}";
};
wifi-security = {
group = "ccmp;";
key-mgmt = "wpa-psk";
pairwise = "ccmp;";
proto = "rsn;";
psk = "$MOBILE_HOTSPOT_PW";
};
};
};
};
};
};
};