2024-12-22 22:26:41 -08:00
|
|
|
{ lib, config, ... }:
|
2024-08-23 23:47:22 -07:00
|
|
|
let
|
2024-12-22 22:26:41 -08:00
|
|
|
cfg = config.liminalOS.system.networking;
|
2024-09-07 02:40:34 -07:00
|
|
|
|
2024-12-22 22:26:41 -08:00
|
|
|
universalAllowedPorts =
|
|
|
|
|
(lib.optionals cfg.firewallPresets.grimDawn [
|
|
|
|
|
27016 # grim dawn
|
|
|
|
|
42805 # grim dawn
|
|
|
|
|
42852 # grim dawn
|
|
|
|
|
42872 # grim dawn
|
|
|
|
|
27015 # grim dawn
|
|
|
|
|
27036 # grim dawn
|
|
|
|
|
])
|
|
|
|
|
++ (lib.optionals cfg.firewallPresets.vite [
|
|
|
|
|
5173 # vite test server
|
|
|
|
|
4173 # vite test server
|
|
|
|
|
]);
|
2024-09-07 02:40:34 -07:00
|
|
|
universalAllowedRanges = [ ];
|
2024-09-02 18:16:22 -07:00
|
|
|
in
|
|
|
|
|
{
|
2024-12-22 22:26:41 -08:00
|
|
|
options.liminalOS.system.networking = {
|
2024-12-25 19:47:59 -08:00
|
|
|
enable = lib.mkOption {
|
|
|
|
|
type = lib.types.bool;
|
|
|
|
|
default = config.liminalOS.enable;
|
|
|
|
|
description = ''
|
|
|
|
|
Whether to enable networking features.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2024-12-22 22:26:41 -08:00
|
|
|
firewallPresets = {
|
|
|
|
|
grimDawn = lib.mkEnableOption "firewall ports for Grim Dawn";
|
|
|
|
|
vite = lib.mkEnableOption "firewall ports for Vite";
|
|
|
|
|
};
|
|
|
|
|
cloudflareNameservers.enable = lib.mkEnableOption "Cloudflare DNS servers";
|
2024-12-26 02:20:00 -08:00
|
|
|
backend = lib.mkOption {
|
|
|
|
|
type = lib.types.enum [
|
|
|
|
|
"wpa_supplicant"
|
|
|
|
|
"iwd"
|
|
|
|
|
];
|
|
|
|
|
default = "wpa_supplicant";
|
|
|
|
|
description = ''
|
|
|
|
|
Which backend to use for networking. Default is wpa_supplicant with NetworkManager as a frontend. With iwd, iwctl is the frontend.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2024-12-22 22:26:41 -08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
|
services.openssh.enable = true;
|
2024-09-07 02:40:34 -07:00
|
|
|
|
2024-12-22 22:26:41 -08:00
|
|
|
networking.firewall = {
|
|
|
|
|
enable = true;
|
|
|
|
|
allowedTCPPorts = universalAllowedPorts;
|
|
|
|
|
allowedUDPPorts = universalAllowedPorts;
|
|
|
|
|
allowedUDPPortRanges =
|
|
|
|
|
universalAllowedRanges
|
|
|
|
|
++ (lib.optionals cfg.firewallPresets.grimDawn [
|
|
|
|
|
{
|
|
|
|
|
from = 27031;
|
|
|
|
|
to = 27036;
|
|
|
|
|
}
|
|
|
|
|
]);
|
|
|
|
|
allowedTCPPortRanges = universalAllowedRanges;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking.nameservers = lib.mkIf cfg.cloudflareNameservers.enable [
|
|
|
|
|
"1.1.1.1"
|
|
|
|
|
"1.0.0.1"
|
2024-09-07 02:40:34 -07:00
|
|
|
];
|
2024-12-26 02:20:00 -08:00
|
|
|
|
|
|
|
|
networking.networkmanager.enable = lib.mkIf (cfg.enable && cfg.backend == "wpa_supplicant") true;
|
|
|
|
|
|
|
|
|
|
systemd.services.NetworkManager-wait-online.enable = lib.mkIf (
|
|
|
|
|
cfg.enable && cfg.backend == "wpa_supplicant"
|
|
|
|
|
) false;
|
|
|
|
|
|
|
|
|
|
networking.wireless.iwd = lib.mkIf (cfg.enable && cfg.backend == "iwd") {
|
|
|
|
|
enable = true;
|
|
|
|
|
settings.General.EnableNetworkConfiguration = true;
|
|
|
|
|
};
|
|
|
|
|
|
2024-08-23 23:47:22 -07:00
|
|
|
};
|
2024-08-03 18:51:57 -07:00
|
|
|
}
|
