nix-config/modules/networking.nix

{ config, lib, ... }:

let
  inherit (lib) mkEnableOption mkOption mkIf;
  inherit (lib.types) str;

  cfg = config.modules.networking;
in
{
  options.modules.networking = {
    mullvad = mkEnableOption "mullvad vpn";

    hostName = mkOption {
      type = str;
      default = "nixos";
    };

    allowSRB2Port = mkEnableOption "port for srb2";
    allowZolaPort = mkEnableOption "port for zola";
  };

  config = with cfg; {
    networking = {
      inherit hostName;

      networkmanager = {
        enable = true;
        wifi.macAddress = "random";
        ethernet.macAddress = "random";

        unmanaged = [ "interface-name:ve-*" ];
      };

      useHostResolvConf = true;

      resolvconf.enable = mkIf mullvad false;

      nat = mkIf mullvad {
        enable = true;
        internalInterfaces = [ "ve-+" ];
        externalInterface = "wg-mullvad";
      };

      firewall = {
        allowedUDPPorts = mkIf allowSRB2Port [
          5029
        ];

        allowedTCPPorts = mkIf allowZolaPort [
          1111
        ];
      };
    };

    services.resolved.llmnr = "false";

    services.mullvad-vpn = mkIf mullvad {
      enable = true;
      enableExcludeWrapper = false;
    };
  };
}
meta: Add options for networking module Now it's possible to use the system without mullvad vpn. 2024-04-04 11:28:50 +02:00			`{ config, lib, ... }:`
nix: Continue modularization of system modules 2023-06-18 21:51:52 +02:00
meta: Add options for networking module Now it's possible to use the system without mullvad vpn. 2024-04-04 11:28:50 +02:00			`let`
			`inherit (lib) mkEnableOption mkOption mkIf;`
chore: Replace lib.types.string with str "string" is deprecated. 2024-04-04 13:58:31 +02:00			`inherit (lib.types) str;`
meta: Add options for networking module Now it's possible to use the system without mullvad vpn. 2024-04-04 11:28:50 +02:00
			`cfg = config.modules.networking;`
			`in`
			`{`
			`options.modules.networking = {`
			`mullvad = mkEnableOption "mullvad vpn";`
nix: Continue modularization of system modules 2023-06-18 21:51:52 +02:00
meta: Add options for networking module Now it's possible to use the system without mullvad vpn. 2024-04-04 11:28:50 +02:00			`hostName = mkOption {`
chore: Replace lib.types.string with str "string" is deprecated. 2024-04-04 13:58:31 +02:00			`type = str;`
meta: Add options for networking module Now it's possible to use the system without mullvad vpn. 2024-04-04 11:28:50 +02:00			`default = "nixos";`
nix: Continue modularization of system modules 2023-06-18 21:51:52 +02:00			`};`

meta: Add options for networking module Now it's possible to use the system without mullvad vpn. 2024-04-04 11:28:50 +02:00			`allowSRB2Port = mkEnableOption "port for srb2";`
			`allowZolaPort = mkEnableOption "port for zola";`
			`};`
nix: Continue modularization of system modules 2023-06-18 21:51:52 +02:00
meta: Add options for networking module Now it's possible to use the system without mullvad vpn. 2024-04-04 11:28:50 +02:00			`config = with cfg; {`
			`networking = {`
			`inherit hostName;`
networking: Disable resolvconf Fixes an issue where newer versions of the Mullvad module would cause websites to not resolve. See: https://discourse.nixos.org/t/connected-to-mullvadvpn-but-no-internet-connection/35803 2023-12-01 05:02:50 +01:00
meta: Add options for networking module Now it's possible to use the system without mullvad vpn. 2024-04-04 11:28:50 +02:00			`networkmanager = {`
			`enable = true;`
			`wifi.macAddress = "random";`
			`ethernet.macAddress = "random";`
networking: Allow srb2 port 2023-07-15 23:02:55 +02:00
meta: Add options for networking module Now it's possible to use the system without mullvad vpn. 2024-04-04 11:28:50 +02:00			`unmanaged = [ "interface-name:ve-*" ];`
			`};`
networking: Allow zola port 2023-09-12 21:20:43 +02:00
meta: Add options for networking module Now it's possible to use the system without mullvad vpn. 2024-04-04 11:28:50 +02:00			`useHostResolvConf = true;`

			`resolvconf.enable = mkIf mullvad false;`

			`nat = mkIf mullvad {`
			`enable = true;`
			`internalInterfaces = [ "ve-+" ];`
			`externalInterface = "wg-mullvad";`
			`};`

			`firewall = {`
			`allowedUDPPorts = mkIf allowSRB2Port [`
			`5029`
			`];`

			`allowedTCPPorts = mkIf allowZolaPort [`
			`1111`
			`];`
			`};`
networking: Allow srb2 port 2023-07-15 23:02:55 +02:00			`};`
meta: Merge services.resolved.llmnr with networking Link-Local Multicast Name Resolution is networking related and should be of interest to users that are also interested in the networking module. 2024-04-03 12:19:01 +02:00
meta: Add options for networking module Now it's possible to use the system without mullvad vpn. 2024-04-04 11:28:50 +02:00			`services.resolved.llmnr = "false";`
meta: Merge mullvad module with networking It should be fairly straight-forward to add an option that explicitly enables mullvad and the associated networking rules. 2024-04-04 10:24:54 +02:00
meta: Add options for networking module Now it's possible to use the system without mullvad vpn. 2024-04-04 11:28:50 +02:00			`services.mullvad-vpn = mkIf mullvad {`
			`enable = true;`
			`enableExcludeWrapper = false;`
			`};`
meta: Merge mullvad module with networking It should be fairly straight-forward to add an option that explicitly enables mullvad and the associated networking rules. 2024-04-04 10:24:54 +02:00			`};`
nix: Continue modularization of system modules 2023-06-18 21:51:52 +02:00			`}`