panacea/modules/networking.nix

83 lines
1.9 KiB
Nix

{ config, lib, pkgs, ... }:
{
# Set hostname, hostid and enable WiFi
networking = {
hostName = "panacea";
hostId = "8feb0bb8";
wireless.iwd.enable = true;
};
# Enable systemd-networkd
networking = {
useDHCP = false;
interfaces = {
enp0s31f6.useDHCP = true;
wlan0.useDHCP = true;
};
useNetworkd = true;
dhcpcd.enable = false;
};
systemd.services."systemd-networkd-wait-online".enable = false;
# Disable DNSSEC
services.resolved.dnssec = "false";
# Prioritize ethernet over WiFi
systemd.network.networks."40-enp0s31f6".dhcpV4Config.RouteMetric = 10;
systemd.network.networks."40-wlan0".dhcpV4Config.RouteMetric = 20;
# Static IP for home network
systemd.network.networks."24-home" = {
name = "wlan0";
matchConfig = {
Name = "wlan0";
SSID = "WiFi-5.0-CE42";
};
address = [ "192.168.13.131/24" ];
gateway = [ "192.168.13.1" ];
dns = [ "192.168.13.2" ];
networkConfig.DNSSEC = "no";
};
# Enable zeroconf
services.avahi = {
enable = true;
nssmdns = true;
};
# VPN setup
systemd.network.netdevs."wg0" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg0";
};
wireguardConfig.PrivateKeyFile = config.age.secrets.wireguard.path;
wireguardPeers = [{
wireguardPeerConfig = {
PublicKey = "GN8lqPBZYOulh6xD4GhkoEWI65HMMCpSxJSH5871YnU=";
AllowedIPs = [ "0.0.0.0/0" ];
Endpoint = "coolneng.duckdns.org:1194";
};
}];
};
systemd.network.networks."wg0" = {
matchConfig.Name = "wg0";
networkConfig = {
Address = "10.8.0.2/32";
DNS = "10.8.0.1";
};
routes = [{ routeConfig.Destination = "10.8.0.1"; }];
};
# Firewall configuration
networking.firewall = {
allowedTCPPorts = [
9090 # Calibre Wireless
];
allowedUDPPorts = [
54982 # Calibre Wireless
];
};
}