aubergine: add wwan tools

[julm/julm-nix.git] / nixos / profiles / networking.nix

diff --git a/nixos/profiles/networking.nix b/nixos/profiles/networking.nix
index 717db111e4cefce68e9ba0b772d21c09a8fe6845..2dee8af207c82ebdbbe3fb8b9145f63ea20ac223 100644 (file)
--- a/nixos/profiles/networking.nix
+++ b/nixos/profiles/networking.nix
@@ -3,14 +3,28 @@ let
   wg-intra-peers = import wireguard/wg-intra/peers.nix;
 in
 {
+imports = [
+  networking/nftables.nix
+];
 networking = {
   hostName = hostName;
   domain = lib.mkDefault "localdomain";
-  search = [ "sourcephile.fr" ];
+  #search = [ "sourcephile.fr" ];
   firewall = {
     enable = lib.mkDefault true;
     allowPing = lib.mkDefault true;
   };
+  networkmanager = {
+    enable = lib.mkDefault config.services.xserver.enable;
+    #dhcp = "dhcpcd";
+    logLevel = lib.mkDefault "INFO";
+    wifi = {
+      #backend = "iwd";
+      #backend = "wpa_supplicant";
+      powersave = lib.mkDefault false;
+    };
+  };
+  usePredictableInterfaceNames = true;
 };
 
 programs.mtr.enable = true;
@@ -22,6 +36,19 @@ services.avahi = {
   openFirewall = lib.mkDefault false;
   publish.enable = lib.mkDefault false;
 };
+networking.nftables.ruleset = lib.mkIf config.services.avahi.enable (''
+  table inet filter {
+    chain output-lan {
+      skuid root udp sport mdns udp dport mdns comment "avahi: multicast DNS"
+    }
+  }
+'' + lib.optionalString config.services.avahi.openFirewall ''
+  table inet filter {
+    chain input-lan {
+      udp dport mdns comment "avahi: multicast DNS"
+    }
+  }
+'');
 
 services.openssh = {
   enable = lib.mkDefault true;