christoph/flake-nixinator
1
Fork 0
Code Activity

System: Declaratively define networkmanager profiles

Browse Source
This commit is contained in:
Christoph Urlacher
2025-06-10 20:58:18 +02:00
parent 10b389a72f
commit a4b389d652
4 changed files with 52 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
system/default.nix
View File

@ -28,6 +28,7 @@ with mylib.networking; {
network = {
inherit hostname;
enable = true;
useNetworkManager = true;
networks = {
# Default wildcard ethernet network for all hosts

25
system/modules/network/default.nix
View File

@ -16,9 +16,18 @@ in {
services.resolved.enable = true;
services.resolved.llmnr = "false";
# Use the programs.nm-applet instead
# environment.systemPackages = with pkgs;
# builtins.concatLists [
# []
# (lib.optionals cfg.useNetworkManager [networkmanagerapplet]) # This is started by hyprland if enabled
# ];
programs.nm-applet.enable = cfg.useNetworkManager;
# Main Networks
systemd.network = {
enable = true;
enable = !cfg.useNetworkManager;
wait-online.timeout = 10;
# Don't wait for all networks to be configured, as e.g. wg0 will only be upon manual activation
@ -36,7 +45,7 @@ in {
};
# Wireguard VPNs
systemd.services = cfg.wireguard-tunnels;
systemd.services = mkIf (!cfg.useNetworkManager) cfg.wireguard-tunnels;
# NOTE: I can connect to TU Dortmund directly
# TODO: Use config with netns, like with wireguard
@ -50,11 +59,11 @@ in {
# TODO: Rewrite with lib.pipe
# Generate list of vpns for rofi menu
environment.etc."rofi-vpns".text = let
environment.etc."rofi-vpns" = let
names-list = attrNames cfg.wireguard-tunnels;
names = concatStringsSep "\n" names-list;
in
names;
mkIf (!cfg.useNetworkManager) {text = names;};
# Allow to enable/disable tunnels without root password
modules.polkit.allowed-system-services = let
@ -63,7 +72,7 @@ in {
(map (v: "${v}.service"))
];
in
vpn-services;
mkIf (!cfg.useNetworkManager) vpn-services;
# General Networking Settings
networking = {
@ -73,7 +82,8 @@ in {
# Disable a lot of stuff not needed for systemd-networkd
networkmanager = {
enable = true;
enable = cfg.useNetworkManager;
ensureProfiles.profiles = cfg.profiles;
insertNameservers = [
"192.168.86.26"
@ -89,10 +99,9 @@ in {
useNetworkd = false; # Only use this if the configuration can't be written in systemd.network completely. It translates some of the networking... options to systemd
# resolvconf.enable = true;
# TODO
wireless = {
enable = false; # Enables wireless support via wpa_supplicant.
iwd.enable = false; # Use iwd instead of NetworkManager
iwd.enable = true; # Use iwd instead of wpa_supplicant
};
# Open Ports

13
system/modules/network/options.nix
View File

@ -7,6 +7,8 @@ with lib;
with mylib.modules; {
enable = mkEnableOption "Systemd Network Configuration";
useNetworkManager = mkEnableOption "Use NetworkManager instead of systemd-networkd";
hostname = mkOption {
type = types.str;
description = "The System's Hostname";
@ -28,6 +30,17 @@ with mylib.modules; {
'';
};
profiles = mkOption {
type = types.attrs;
default = {};
description = "NetworkManager Profiles";
example = ''
"50-ether" = {
[...]
};
'';
};
wireguard-tunnels = mkOption {
type = types.attrs;
default = {};

21
system/nixinator/default.nix
View File

@ -12,6 +12,7 @@
modules = {
network = {
# Systemd-networkd configs
networks = {
# This should override the default network 50-ether
"10-ether-2_5G" = mylib.networking.mkStaticSystemdNetwork {
@ -31,6 +32,26 @@
# "10-ether-1G" = mylib.networking.mkStaticSystemdNetwork {...};
};
# NetworkManager profiles
profiles = {
"10-ether-2_5G" = mylib.networking.mkStaticNetworkManagerProfile {
id = "Wired 2.5G";
interface = "enp8s0";
ip = "192.168.86.50/24";
router = "192.168.86.5";
nameserver = "192.168.86.26";
autoconnect = true;
};
"10-ether-1G" = mylib.networking.mkStaticNetworkManagerProfile {
id = "Wired 1G";
interface = "enp5s0";
ip = "192.168.86.50/24";
router = "192.168.86.5";
nameserver = "192.168.86.26";
autoconnect = false;
};
};
allowedTCPPorts = [
# 7777 # AvaTalk
# 12777 # AvaTalk