nixos-config/common/components/networking.nix

{config, ...}: {
  age.secrets.nm-secrets = {
    file = ../../crypto/nm-secrets.age;
    owner = "root";
    group = "root";
  };

  networking = {
    networkmanager = {
      enable = true;

      # Randomize MAC for every ethernet connetion
      ethernet.macAddress = "random";
      connectionConfig = {
        # IPv6 Privacy Extensions
        "ipv6.ip6-privacy" = 2;

        # unique DUID per connection
        "ipv6.dhcp-duid" = "stable-uuid";
      };

      ensureProfiles = {
        environmentFiles = [
          config.age.secrets.nm-secrets.path
        ];

        profiles = {
          Starlink = {
            connection = {
              id = "Starlink";
              type = "wifi";
            };
            ipv4 = {
              method = "auto";
            };
            ipv6 = {
              addr-gen-mode = "stable-privacy";
              method = "auto";
            };
            wifi = {
              mode = "infrastructure";
              ssid = "Starlink";
            };
            wifi-security = {
              key-mgmt = "wpa-psk";
              psk = "$STARLINK_PSK";
            };
          };
        };
      };
    };

    firewall = {
      enable = true;
      trustedInterfaces = ["tailscale0"];
    };
  };
}
age secrets wifi 2024-08-07 16:33:11 +02:00			`{config, ...}: {`
			`age.secrets.nm-secrets = {`
			`file = ../../crypto/nm-secrets.age;`
			`owner = "root";`
			`group = "root";`
			`};`

a 2024-04-22 21:01:29 +02:00			`networking = {`
			`networkmanager = {`
			`enable = true;`
b 2024-04-22 21:24:54 +02:00
a 2024-04-22 21:01:29 +02:00			`# Randomize MAC for every ethernet connetion`
			`ethernet.macAddress = "random";`
			`connectionConfig = {`
			`# IPv6 Privacy Extensions`
			`"ipv6.ip6-privacy" = 2;`

			`# unique DUID per connection`
			`"ipv6.dhcp-duid" = "stable-uuid";`
			`};`
age secrets wifi 2024-08-07 16:33:11 +02:00
			`ensureProfiles = {`
			`environmentFiles = [`
			`config.age.secrets.nm-secrets.path`
			`];`

			`profiles = {`
			`Starlink = {`
			`connection = {`
			`id = "Starlink";`
			`type = "wifi";`
			`};`
			`ipv4 = {`
			`method = "auto";`
			`};`
			`ipv6 = {`
			`addr-gen-mode = "stable-privacy";`
			`method = "auto";`
			`};`
			`wifi = {`
			`mode = "infrastructure";`
			`ssid = "Starlink";`
			`};`
			`wifi-security = {`
			`key-mgmt = "wpa-psk";`
			`psk = "$STARLINK_PSK";`
			`};`
			`};`
			`};`
			`};`
a 2024-04-22 21:01:29 +02:00			`};`

			`firewall = {`
			`enable = true;`
			`trustedInterfaces = ["tailscale0"];`
			`};`
			`};`
			`}`