hd/cfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor

Browse source
This commit is contained in:
Henri Dohmen 2025-05-30 22:46:27 +02:00
parent a992a7b701
commit b61bb970a5
30 changed files with 69 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

89
mod/pc-common/network.nix
View file

@ -1,89 +0,0 @@
{
host,
var,
lib,
...
}:
{
hardware.bluetooth.enable = true;
systemd.network.wait-online.enable = false;
services = {
tailscale = {
enable = true;
useRoutingFeatures = "client";
};
mullvad-vpn.enable = true;
blueman.enable = true;
resolved = {
enable = true;
dnssec = "true";
dnsovertls = "true";
fallbackDns = [ ];
};
};
networking = {
nameservers = [
"1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one"
];
enableIPv6 = true;
wireguard.enable = true;
wg-quick = {
interfaces = {
"onet" = {
address = var.wg.wireguard-network.${host}.ips;
privateKeyFile = var.wg.keyFile;
peers = [ (lib.removeAttrs var.wg.wireguard-network."roam" [ "ips" ]) ];
};
};
};
firewall = {
allowedUDPPorts = [ 51820 ];
};
networkmanager = {
enable = true;
wifi.macAddress = "random";
ensureProfiles.profiles = {
"tuda-vpn" = {
connection = {
autoconnect = "false";
id = "tuda-vpn";
type = "vpn";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
vpn = {
authtype = "password";
autoconnect-flags = "0";
certsigs-flags = "0";
cookie-flags = "2";
disable_udp = "no";
enable_csd_trojan = "no";
gateway = "vpn.hrz.tu-darmstadt.de";
gateway-flags = "2";
gwcert-flags = "2";
lasthost-flags = "0";
pem_passphrase_fsid = "no";
prevent_invalid_cert = "no";
protocol = "anyconnect";
resolve-flags = "2";
service-type = "org.freedesktop.NetworkManager.openconnect";
stoken_source = "disabled";
xmlconfig-flags = "0";
password-flags = 0;
};
};
};
};
};
}