.files/nix/configurations/vanadium/nixos/connectivity.nix

{
  config,
  pkgs,
  lib,
  ...
}: {
  # For nautilius and iOS
  services.gvfs.enable = true;
  # iOS
  services.usbmuxd.enable = true;
  environment.systemPackages = with pkgs; [libimobiledevice idevicerestore];

  # https://unix.stackexchange.com/questions/592775/how-can-i-enable-apple-ios-fast-charge-support
  services.udev.extraRules = ''
    SUBSYSTEM=="usb", ACTION=="add", DRIVER=="apple-mfi-fastcharge", RUN+="/bin/sh -c 'echo Fast > /sys/class/power_supply/apple_mfi_fastcharge/charge_type'"
  '';

  users.users.root.openssh.authorizedKeys.keys = let
    ids = import ../../../identities.nix;
  in
    builtins.concatMap builtins.attrValues (builtins.attrValues ids);

  networking = {
    networkmanager.enable = lib.mkForce false;

    firewall.allowedTCPPorts = [
      8080

      # For 'localsend'
      # https://github.com/localsend/localsend?tab=readme-ov-file#setup
      53317
    ];

    # To enable roaming https://wiki.archlinux.org/title/Wpa_supplicant#Roaming
    wireless = {
      enable = true;
      userControlled.enable = true;
      secretsFile = config.age.secrets.wpa_password.path;
      scanOnLowSignal = false;
      networks = let
        # wpa_supplicant uses `strchr` to seek to the first `=`, so the only forbidden character is `=`.
        escapePwdKey = lib.replaceStrings ["="] ["_"];

        fromList = ns: let
          go = networkArgs @ {
            ssid,
            # Custom fields wrapping nixpkgs module options
            hasPassword ? false,
            scanOnLowSignal ? false,
            randomizeMac ? false,
            ...
          }: {
            ${ssid} = lib.mkMerge [
              (builtins.removeAttrs networkArgs ["ssid" "hasPassword" "scanOnLowSignal" "randomizeMac"])
              (lib.optionalAttrs hasPassword {
                pskRaw = "ext:${escapePwdKey ssid}";
              })
              (lib.optionalAttrs scanOnLowSignal {
                extraConfig = ''
                  bgscan="simple:30:-70:3600"
                '';
              })
              (lib.optionalAttrs randomizeMac {
                extraConfig = ''
                  mac_addr=1
                '';
              })
            ];
          };
        in
          lib.mkMerge (map go ns);
      in
        fromList (import ../../../connectivity/networks.nix);
    };
  };

  networking = {
    hostFiles = [
      # Prevent building up reliance on chatbots
      # Gotta preserve that thinking ability of my smoof bwain
      "${pkgs.ai_blocklist}/share/hosts.txt"
      "${pkgs.hategroup_blocklist}/share/hosts.txt"

      # TODO: extraHosts option is overwritten by this
      # We should emit a warning because it trips me up and it shouldn't >:(
      (pkgs.writeText "etc-extra-hosts" ''
        #
        # Generated from nixos configuartion
        #

        # This is the fascist one, just block it because I can't tell
        nixos.wiki

        # Gotta purify my smoos brain for a while
        0.0.0.0 instagram.com
        0.0.0.0 www.instagram.com
        0.0.0.0 youtube.com
        0.0.0.0 www.youtube.com
      '')
    ];
  };

  services.mullvad-vpn.enable = true;

  hardware.bluetooth.enable = true;
}