nixos-dots

nixos dots
git clone git://popovic.xyz/nixos-dots.git
Log | Files | Refs

nm.nix (5697B)

      1 { pkgs, config, ... }:
      2 {
      3   sops = {
      4     secrets = {
      5       "networking/gajba" = {};
      6       "networking/wg0_ponnect_prv" = {};
      7       "networking/wg0_ponnect_pre" = {};
      8       "networking/wg0_router_prv" = {};
      9       "networking/wg0_server_prv" = {};
     10       "networking/wg0_server_pre" = {};
     11     };
     12     templates.wifi = {
     13       content = ''
     14         Gajba=${config.sops.placeholder."networking/gajba"}
     15         wg0_ponnect_prv=${config.sops.placeholder."networking/wg0_ponnect_prv"}
     16         wg0_ponnect_pre=${config.sops.placeholder."networking/wg0_ponnect_pre"}
     17         wg0_router_prv=${config.sops.placeholder."networking/wg0_router_prv"}
     18         wg0_server_prv=${config.sops.placeholder."networking/wg0_server_prv"}
     19         wg0_server_pre=${config.sops.placeholder."networking/wg0_server_pre"}
     20       '';
     21     };
     22   };
     23 
     24   networking.networkmanager = {
     25     enable = true;
     26     dispatcherScripts = [
     27       {
     28         source = pkgs.writeShellScriptBin "09-timezone" ''
     29           #!/bin/sh
     30           INTERFACE="$1"
     31           ACTION="$2"
     32 
     33           case "$2" in
     34             up)
     35               if [[ $INTERFACE == "wlan0" ]]; then
     36                   timedatectl set-timezone "$(curl --fail https://ipapi.co/timezone)"
     37               fi
     38               ;;
     39             down)
     40               if [[ $INTERFACE == "wlan0" ]]; then
     41                   ./home/mika/.local/bin/scripts/vpn stop
     42               fi
     43               ;;
     44           esac
     45         '';
     46       }
     47     ];
     48     ensureProfiles = {
     49       environmentFiles = [ config.sops.templates.wifi.path ];
     50       profiles = {
     51 
     52         Gajba = {
     53           connection = {
     54             id = "Gajba";
     55             interface-name = "wlan0";
     56             type = "wifi";
     57             uuid = "34880767-ea49-4b44-8f7f-22d0d3fc8cc1";
     58           };
     59           ipv4 = {
     60             method = "auto";
     61           };
     62           ipv6 = {
     63             addr-gen-mode = "default";
     64             method = "auto";
     65           };
     66           proxy = { };
     67           wifi = {
     68             mode = "infrastructure";
     69             ssid = "Gajba";
     70           };
     71           wifi-security = {
     72             auth-alg = "open";
     73             key-mgmt = "wpa-psk";
     74             psk = "$Gajba";
     75           };
     76         };
     77 
     78         Gajba_5G = {
     79           connection = {
     80             id = "Gajba_5G";
     81             interface-name = "wlan0";
     82             timestamp = "1765067220";
     83             type = "wifi";
     84             uuid = "3fffdcbb-a859-4eb9-bd3e-55cd74403267";
     85           };
     86           ipv4 = {
     87             method = "auto";
     88           };
     89           ipv6 = {
     90             addr-gen-mode = "default";
     91             method = "auto";
     92           };
     93           proxy = { };
     94           wifi = {
     95             mode = "infrastructure";
     96             ssid = "Gajba_5G";
     97           };
     98           wifi-security = {
     99             auth-alg = "open";
    100             key-mgmt = "wpa-psk";
    101             psk = "$Gajba";
    102           };
    103         };
    104 
    105         wg0-ponnect = {
    106           connection = {
    107             autoconnect = "false";
    108             id = "wg0-ponnect";
    109             interface-name = "wg0-ponnect";
    110             type = "wireguard";
    111             uuid = "b60f69f7-8e2a-4e7f-93ec-027d5a1a1f96";
    112           };
    113           ipv4 = {
    114             address1 = "10.0.0.2/32";
    115             dns = "8.8.4.4;8.8.8.8;";
    116             dns-search = "~;";
    117             method = "manual";
    118           };
    119           ipv6 = {
    120             addr-gen-mode = "default";
    121             address1 = "fd42:42:42::2/128";
    122             method = "manual";
    123           };
    124           proxy = { };
    125           wireguard = {
    126             private-key = "$wg0_ponnect_prv";
    127           };
    128           "wireguard-peer.vadaAF6n58daN9sqQ7o2yUjy8CmKXbXSWzIrzVqHUCs=" = {
    129             allowed-ips = "0.0.0.0/0;::/0;";
    130             endpoint = "ponnect.rs:1194";
    131             persistent-keepalive = "25";
    132             preshared-key = "$wg0_ponnect_pre";
    133             preshared-key-flags = "0";
    134           };
    135         };
    136 
    137         wg0-router = {
    138           connection = {
    139             autoconnect = "false";
    140             id = "wg0-router";
    141             interface-name = "wg0-router";
    142             timestamp = "1765706206";
    143             type = "wireguard";
    144             uuid = "62cc1ad0-18b9-4405-afec-ae086652510e";
    145           };
    146           ipv4 = {
    147             address1 = "10.0.0.2/32";
    148             method = "manual";
    149           };
    150           ipv6 = {
    151             addr-gen-mode = "default";
    152             address1 = "fd42:42:42::2/128";
    153             method = "manual";
    154           };
    155           proxy = { };
    156           wireguard = {
    157             private-key = "$wg0_router_prv";
    158           };
    159           "wireguard-peer.M1KoNQqQ3zK4hYnblqwJw34x8R46jAJaJlXJKOKxg2g=" = {
    160             allowed-ips = "0.0.0.0/0;::/0;";
    161             endpoint = "gajbapt.duckdns.org:51820";
    162             persistent-keepalive = "25";
    163           };
    164         };
    165 
    166         wg0-server = {
    167           connection = {
    168             autoconnect = "false";
    169             id = "wg0-server";
    170             interface-name = "wg0-server";
    171             timestamp = "1765706207";
    172             type = "wireguard";
    173             uuid = "45a4463f-a008-4c40-be45-5585452959ee";
    174           };
    175           ipv4 = {
    176             address1 = "10.8.0.6/32";
    177             method = "manual";
    178           };
    179           ipv6 = {
    180             addr-gen-mode = "default";
    181             address1 = "fd42:42:42::6/128";
    182             method = "manual";
    183           };
    184           proxy = { };
    185           wireguard = {
    186             private-key = "$wg0_server_prv";
    187           };
    188           "wireguard-peer.HLNNBQypzLWhWE4UFB2zd7bk9pmAC4iWM8qpDeDGwDw=" = {
    189             allowed-ips = "0.0.0.0/0;::/0;";
    190             endpoint = "213.136.71.18:1194";
    191             preshared-key = "$wg0_server_pre";
    192             preshared-key-flags = "0";
    193           };
    194 
    195         };
    196       };
    197     };
    198   };
    199 }