dotfiles/nixos/systems/omen/networking.nix
magic_rb aff0158ef7
Reformat the whole flake using alejandra
Signed-off-by: magic_rb <magic_rb@redalder.org>
2024-03-02 22:17:03 +01:00

119 lines
2.9 KiB
Nix

{
pkgs,
lib,
inputs',
secret,
notnft,
...
}: let
inherit
(lib)
concatStringsSep
;
in {
systemd.network.enable = true;
networking = {
hostName = "omen";
hostId = "10c7ffc5";
nameservers = [(secret.network.ips.blowhole.ip or "")];
firewall.enable = false;
wireguard.interfaces."wg0" =
secret.wireguard."omen" or {privateKey = "";};
useDHCP = false;
};
networking.notnft.rules = with notnft.dsl;
with payload;
ruleset {
filter = add table {family = f: f.inet;} {
trace =
add chain
[(is.eq ip.protocol (f: f.icmp)) (mangle meta.nftrace 1)];
};
};
services.networkd-dispatcher = {
enable = true;
rules.wlan-eth-switch = {
onState = ["no-carrier" "configured"];
script = ''
#!${pkgs.runtimeShell}
export PATH=$PATH:${pkgs.iwd}/bin
echo "entered state: '$STATE' on interface '$IFACE' with IPs '$IP_ADDRS'"
case $IFACE in
eth0)
echo $IP_ADDRS | ${lib.getExe' pkgs.grepcidr "grepcidr"} ${secret.network.networks.home.amsterdam or ""} > /dev/null
home_net=$?
case $STATE in
no-carrier)
if [ "$(iwctl station wlan0 show | grep -i State | tr -s ' ' | cut -f 3 -d ' ')" == "disconnected" ] ; then
iwctl device wlan0 set-property Powered off
iwctl device wlan0 set-property Powered on
fi
;;
configured)
if [ "$home_net" == "0" ] ; then
iwctl station wlan0 disconnect
fi
;;
*)
;;
esac
;;
*)
;;
esac
'';
};
};
systemd.network.links."50-eth0" = {
matchConfig.MACAddress = secret.network.mac.usbc-omen or "";
linkConfig.Name = "eth0";
};
systemd.network.networks."50-eth0" = {
matchConfig.Name = "eth0";
networkConfig.DHCP = "ipv4";
linkConfig.RequiredForOnline = "no";
};
systemd.network.networks."50-wlan0" = {
matchConfig.Name = "wlan0";
linkConfig.RequiredForOnline = "no";
# networkConfig.DHCP = "ipv4";
# networkConfig.DNS = "${secret.network.ips.blowhole.ip}";
# dhcpV4Config.UseDNS = false;
# dhcpV6Config.UseDNS = false;
};
services.resolved.enable = false;
environment.etc."resolv.conf".text = ''
nameserver ${secret.network.ips.blowhole.ip or ""}
'';
services.resolved.extraConfig = ''
[Resolve]
DNS=${secret.network.ips.blowhole.ip or ""}
FallbackDNS=
'';
networking.wireless.iwd.enable = true;
networking.wireless.iwd.settings = {
General.EnableNetworkConfiguration = true;
};
hardware.bluetooth = {
enable = true;
settings = {
General.Enable = concatStringsSep "," ["Control" "Gateway" "Headset" "Media" "Sink" "Socket" "Source"];
};
};
}