From 24a4b6d124513544bfba30225889279c16d4f78a Mon Sep 17 00:00:00 2001
From: Nydragon <contact@ccnlc.eu>
Date: Thu, 13 Jun 2024 21:39:06 +0900
Subject: [PATCH] feat(iwd): use iwd as networkmanager backend and put wg port
 in var

---
 modules/networking.nix | 66 ++++++++++++++++++++++++------------------
 1 file changed, 38 insertions(+), 28 deletions(-)

diff --git a/modules/networking.nix b/modules/networking.nix
index fe43004..c4bd1cf 100644
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -1,34 +1,44 @@
 { ... }:
 {
-  networking.firewall = {
-    enable = true;
+  networking = {
+    wireless.iwd.enable = true;
 
-    # Open ports in the firewall.
-    allowedTCPPorts = [ ];
-    allowedUDPPorts = [ 51820 ];
-    allowedTCPPortRanges = [
-      {
-        from = 1714;
-        to = 1764;
-      }
-    ];
-    allowedUDPPortRanges = [
-      {
-        from = 1714;
-        to = 1764;
-      }
-    ];
+    networkmanager.wifi.backend = "iwd";
 
-    # if packets are still dropped, they will show up in dmesg
-    logReversePathDrops = true;
-    # wireguard trips rpfilter up https://nixos.wiki/wiki/WireGuard#Setting_up_WireGuard_with_NetworkManager
-    extraCommands = ''
-      ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
-      ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
-    '';
-    extraStopCommands = ''
-      ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
-      ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
-    '';
+    firewall =
+      let
+        wgPort = 51820;
+      in
+      {
+        enable = true;
+
+        # Open ports in the firewall.
+        allowedTCPPorts = [ ];
+        allowedUDPPorts = [ wgPort ];
+        allowedTCPPortRanges = [
+          {
+            from = 1714;
+            to = 1764;
+          }
+        ];
+        allowedUDPPortRanges = [
+          {
+            from = 1714;
+            to = 1764;
+          }
+        ];
+
+        # if packets are still dropped, they will show up in dmesg
+        logReversePathDrops = true;
+        # wireguard trips rpfilter up https://nixos.wiki/wiki/WireGuard#Setting_up_WireGuard_with_NetworkManager
+        extraCommands = ''
+          ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport ${toString wgPort} -j RETURN
+          ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport ${toString wgPort} -j RETURN
+        '';
+        extraStopCommands = ''
+          ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport ${toString wgPort} -j RETURN || true
+          ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport ${toString wgPort} -j RETURN || true
+        '';
+      };
   };
 }