2024-07-26 22:12:48 +02:00
|
|
|
{ config, ... }:
|
|
|
|
|
{
|
2024-08-29 16:27:24 +02:00
|
|
|
environment.persistence."/state".directories = [ "/var/lib/iwd" ];
|
2023-12-27 00:44:45 +01:00
|
|
|
age.secrets.eduroam = {
|
|
|
|
|
rekeyFile = ./secrets/iwd/eduroam.8021x.age;
|
|
|
|
|
path = "/var/lib/iwd/eduroam.8021x";
|
|
|
|
|
};
|
|
|
|
|
age.secrets = {
|
|
|
|
|
devoloog-psk.rekeyFile = ./secrets/iwd/devoloog-psk.age;
|
|
|
|
|
devoloog-pass.rekeyFile = ./secrets/iwd/devoloog-pass.age;
|
|
|
|
|
devoloog-sae19.rekeyFile = ./secrets/iwd/devoloog-sae19.age;
|
|
|
|
|
devoloog-sae20.rekeyFile = ./secrets/iwd/devoloog-sae20.age;
|
|
|
|
|
};
|
2024-03-15 17:57:23 +01:00
|
|
|
wireguard.samba-patrick.client.via = "elisabeth-samba";
|
2024-07-26 22:12:48 +02:00
|
|
|
networking.nftables.firewall.zones.untrusted.interfaces = [
|
|
|
|
|
"lan01"
|
|
|
|
|
"lan02"
|
|
|
|
|
"wlan01"
|
|
|
|
|
];
|
2023-05-18 06:57:58 +02:00
|
|
|
networking = {
|
2023-05-27 07:12:18 +02:00
|
|
|
inherit (config.secrets.secrets.local.networking) hostId;
|
2023-12-27 00:44:45 +01:00
|
|
|
wireless.iwd = {
|
|
|
|
|
enable = true;
|
|
|
|
|
networks = {
|
2023-12-27 14:13:55 +01:00
|
|
|
devolo-og.settings = {
|
2023-12-27 00:44:45 +01:00
|
|
|
Security = {
|
|
|
|
|
PreSharedKey = config.age.secrets.devoloog-psk.path;
|
|
|
|
|
Passphrase = config.age.secrets.devoloog-pass.path;
|
|
|
|
|
SAE-PT-Group19 = config.age.secrets.devoloog-sae19.path;
|
|
|
|
|
SAE-PT-Group20 = config.age.secrets.devoloog-sae20.path;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2023-05-18 06:57:58 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.network.networks = {
|
2023-05-26 17:30:37 +02:00
|
|
|
"01-lan1" = {
|
2024-01-30 10:48:48 +01:00
|
|
|
DHCP = "yes";
|
2024-07-13 16:57:59 +02:00
|
|
|
matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.lan01.mac;
|
2023-08-30 14:25:52 +02:00
|
|
|
networkConfig = {
|
|
|
|
|
IPv6PrivacyExtensions = "yes";
|
|
|
|
|
MulticastDNS = true;
|
|
|
|
|
};
|
2024-07-26 22:12:48 +02:00
|
|
|
dns = [ "1.1.1.1" ];
|
2023-08-30 14:25:52 +02:00
|
|
|
dhcpV4Config.RouteMetric = 10;
|
|
|
|
|
dhcpV6Config.RouteMetric = 10;
|
2023-05-18 06:57:58 +02:00
|
|
|
};
|
2023-10-06 22:01:50 +02:00
|
|
|
"02-lan1" = {
|
|
|
|
|
DHCP = "yes";
|
2024-07-13 16:57:59 +02:00
|
|
|
matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.lan02.mac;
|
2023-10-06 22:01:50 +02:00
|
|
|
networkConfig = {
|
|
|
|
|
IPv6PrivacyExtensions = "yes";
|
|
|
|
|
MulticastDNS = true;
|
|
|
|
|
};
|
2024-07-26 22:12:48 +02:00
|
|
|
dns = [ "1.1.1.1" ];
|
2023-10-06 22:01:50 +02:00
|
|
|
dhcpV4Config.RouteMetric = 10;
|
|
|
|
|
dhcpV6Config.RouteMetric = 10;
|
|
|
|
|
};
|
2023-05-26 17:30:37 +02:00
|
|
|
"01-wlan1" = {
|
2024-01-30 10:48:48 +01:00
|
|
|
DHCP = "yes";
|
2024-07-13 16:57:59 +02:00
|
|
|
matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.wlan01.mac;
|
2023-08-30 14:25:52 +02:00
|
|
|
networkConfig = {
|
|
|
|
|
IPv6PrivacyExtensions = "yes";
|
|
|
|
|
MulticastDNS = true;
|
|
|
|
|
};
|
2024-07-26 22:12:48 +02:00
|
|
|
dns = [ "1.1.1.1" ];
|
2023-08-30 14:25:52 +02:00
|
|
|
dhcpV4Config.RouteMetric = 40;
|
|
|
|
|
dhcpV6Config.RouteMetric = 40;
|
2023-05-18 06:57:58 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
