bennolor/SaugOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

support for captive portals

Browse Source
This commit is contained in:
Benno Lorenz
2026-03-25 09:34:49 +01:00
parent af4b10073b
commit c1f33ec5e1
1 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
modules/core/network.nix
View File

@@ -16,21 +16,32 @@ in {
networking = { networking = {
hostName = "${host}"; hostName = "${host}";
hostId = hostId; hostId = hostId;
networkmanager.enable = true; networkmanager = {
enable = true;
# Enable captive portal detection
wifi.scanRandMacAddress = true;
};
timeServers = options.networking.timeServers.default ++ ["pool.ntp.org"]; timeServers = options.networking.timeServers.default ++ ["pool.ntp.org"];
nameservers = ["1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one"];
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [ 22 80 443 8080 ]; allowedTCPPorts = [ 22 80 443 8080 ];
}; };
}; };
# Captive portal detection via NetworkManager connectivity checks
networking.networkmanager.settings.connectivity = {
uri = "http://nmcheck.gnome.org/check_network_status.txt";
interval = 300;
};
services.resolved = { services.resolved = {
enable = true; enable = true;
dnssec = "true"; # allow-downgrade: use DNSSEC when available, but don't fail on captive portals
dnssec = "allow-downgrade";
domains = ["~."]; domains = ["~."];
fallbackDns = ["1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one"]; fallbackDns = ["1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one"];
dnsovertls = "true"; # opportunistic: prefer DNS-over-TLS but fall back to plain DNS for captive portals
dnsovertls = "opportunistic";
}; };
environment.systemPackages = with pkgs; [networkmanagerapplet]; environment.systemPackages = with pkgs; [networkmanagerapplet];