hydrogen: init (#20)

Reviewed-on: https://codeberg.org/leana8959/.files/pulls/20 Co-authored-by: Léana 江 <leana.jiang+git@icloud.com> Co-committed-by: Léana 江 <leana.jiang+git@icloud.com>
2025-12-06 14:49:14 +00:00 · 2025-11-02 05:12:02 +01:00 · 2025-11-02 05:12:02 +01:00 · 006798d917
commit 006798d917
parent a1024668db
31 changed files with 481 additions and 141 deletions
--- a/nix/configurations/hydrogen/nixos/connectivity.nix
+++ b/nix/configurations/hydrogen/nixos/connectivity.nix
@ -0,0 +1,73 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  users.users.root.openssh.authorizedKeys.keys = let
+    ids = import ../../../identities.nix;
+  in
+    builtins.concatMap builtins.attrValues (builtins.attrValues ids);
+
+  networking = {
+    networkmanager.enable = lib.mkForce false;
+
+    firewall.allowedTCPPorts = [
+      8080
+
+      # For 'localsend'
+      # https://github.com/localsend/localsend?tab=readme-ov-file#setup
+      53317
+    ];
+
+    # To enable roaming https://wiki.archlinux.org/title/Wpa_supplicant#Roaming
+    wireless = {
+      enable = true;
+      userControlled.enable = true;
+      secretsFile = config.age.secrets.wpa_password.path;
+      scanOnLowSignal = false;
+      networks = let
+        # wpa_supplicant uses `strchr` to seek to the first `=`, so the only forbidden character is `=`.
+        escapePwdKey = lib.replaceStrings ["="] ["_"];
+
+        fromList = ns: let
+          go = networkArgs @ {
+            ssid,
+            # Custom fields wrapping nixpkgs module options
+            hasPassword ? false,
+            scanOnLowSignal ? false,
+            randomizeMac ? false,
+            ...
+          }: {
+            ${ssid} = lib.mkMerge [
+              (builtins.removeAttrs networkArgs ["ssid" "hasPassword" "scanOnLowSignal" "randomizeMac"])
+              (lib.optionalAttrs hasPassword {
+                pskRaw = "ext:${escapePwdKey ssid}";
+              })
+              (lib.optionalAttrs scanOnLowSignal {
+                extraConfig = ''
+                  bgscan="simple:30:-70:3600"
+                '';
+              })
+              (lib.optionalAttrs randomizeMac {
+                extraConfig = ''
+                  mac_addr=1
+                '';
+              })
+            ];
+          };
+        in
+          lib.mkMerge (map go ns);
+
+        allowList = builtins.filter (x: x.ssid == "~");
+      in
+        fromList (
+          # We only want to use my own network
+          allowList (
+            import ../../../connectivity/networks.nix
+          )
+        );
+    };
+  };
+
+  hardware.bluetooth.enable = true;
+}