yep, more dotfiles
wiro.world
1{ pkgs
2, config
3, lib
4, ...
5}:
6
7let
8 cfg = config.local.fragment.wireless;
9in
10{
11 options.local.fragment.wireless.enable = lib.mkEnableOption ''
12 Virtualisation related
13 - Docker
14 '';
15
16 config = lib.mkIf cfg.enable {
17 # Wifi
18 networking.nameservers = [ "1.1.1.1" "8.8.8.8" "9.9.9.9" ];
19 networking.networkmanager.enable = true;
20
21 # Firewall
22 networking.firewall = {
23 enable = true;
24
25 # TIP: locally redirect ports with socat
26 # socat tcp-listen:4242,reuseaddr,fork tcp:localhost:8000
27
28 # Open arbitrary ports to share things on local networks
29 allowedTCPPorts = [ 4242 ];
30 allowedTCPPortRanges = [
31 { from = 42420; to = 42429; }
32 ];
33 allowedUDPPorts = [ 4242 ];
34 allowedUDPPortRanges = [
35 { from = 42420; to = 42429; }
36 ];
37
38 # Allow packets from Docker containers
39 # TODO: check if it actually works
40 extraCommands = ''
41 iptables -I INPUT 1 -s 172.16.0.0/12 -p tcp -d 172.17.0.1 -j ACCEPT
42 iptables -I INPUT 2 -s 172.16.0.0/12 -p udp -d 172.17.0.1 -j ACCEPT
43 '';
44 };
45
46 # Bluetooth
47 hardware.bluetooth.enable = true;
48 services.blueman.enable = true;
49
50 # Avahi is a service that takes care of advertising the current machine on
51 # the network. AKA `Bonjour` in macOS lingua franca.
52 services.avahi = {
53 enable = true;
54
55 nssmdns4 = true;
56 openFirewall = true;
57
58 # Advertise the machine, so we can be found as `<hostname>.local`
59 publish = {
60 enable = true;
61 addresses = true;
62 workstation = true;
63 };
64 };
65
66 # Printing
67 # Administration interface available at <http://localhost:631>
68 services.printing = {
69 enable = true;
70 drivers = [ pkgs.hplipWithPlugin ];
71 };
72 };
73}