From 067c14f36f4152021dedfa1bee07120f7322ecb2 Mon Sep 17 00:00:00 2001 From: victor Date: Sat, 20 Aug 2022 15:49:40 +0200 Subject: [PATCH] things --- flake.lock | 18 ++++++++--------- .../hosts/olympus/wireguard/configuration.nix | 5 +++++ nixos/hosts/other/null/configuration.nix | 20 +++++++++++++++++++ nixos/hosts/other/null/home.nix | 1 + 4 files changed, 35 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 8bbfed5..179407d 100644 --- a/flake.lock +++ b/flake.lock @@ -11,11 +11,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1660720183, - "narHash": "sha256-ijhji1zWZgrdhiMG2GhsGpom/wXSr7tfowj9cKmEmew=", + "lastModified": 1660758990, + "narHash": "sha256-1vmRcG7JAR3KMVpn2z5LQYoAQlY6cWUYSIP77gfpHbo=", "owner": "zhaofengli", "repo": "colmena", - "rev": "797297b609457a1a85e18fb00b609df9d9436916", + "rev": "3fbc5eeb11e6b9abf66e38ab32d85a2edf9f76e1", "type": "github" }, "original": { @@ -240,11 +240,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1660631203, - "narHash": "sha256-F4jZRBJHwynDYoSQ6Dbzgi5sYaoZZ8jKgwle0N3oB4E=", + "lastModified": 1660873686, + "narHash": "sha256-yVGakhnCi9NmTrErFDw29aeqIIRGdza4ql/0KJdWpeA=", "owner": "jyooru", "repo": "nix-minecraft-servers", - "rev": "0858887b08d32e61e88b4bc75675f6362bc5d771", + "rev": "241c330c28241fc1a9c7ee22708ed0b2dde1ae80", "type": "github" }, "original": { @@ -314,11 +314,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1660639432, - "narHash": "sha256-2WDiboOCfB0LhvnDVMXOAr8ZLDfm3WdO54CkoDPwN1A=", + "lastModified": 1660941658, + "narHash": "sha256-yY6hu6IT+OwFrozJSUTkEpR7MoENdLOl/p4YDTluczg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6c6409e965a6c883677be7b9d87a95fab6c3472e", + "rev": "6039648c50c7c0858b5e506c6298773a98e0f066", "type": "github" }, "original": { diff --git a/nixos/hosts/olympus/wireguard/configuration.nix b/nixos/hosts/olympus/wireguard/configuration.nix index 16ffd62..36b4175 100644 --- a/nixos/hosts/olympus/wireguard/configuration.nix +++ b/nixos/hosts/olympus/wireguard/configuration.nix @@ -55,6 +55,11 @@ let vs = config.vault-secrets.secrets; in publicKey = "ZWIaDGrASlTkEK75j10VeGCvrIGfpk4GPobmqcYX2D0="; allowedIPs = [ "10.100.0.3/32" ]; } + { + # Laptop + publicKey = "L8myt2bcdja7M+i+9eatdQRW8relPUoZZ9lEKSLe+m8="; + allowedIPs = [ "10.100.0.4/32" ]; + } ]; }; } diff --git a/nixos/hosts/other/null/configuration.nix b/nixos/hosts/other/null/configuration.nix index 815c0a4..558ade7 100644 --- a/nixos/hosts/other/null/configuration.nix +++ b/nixos/hosts/other/null/configuration.nix @@ -57,6 +57,7 @@ in # Enable the GNOME Desktop Environment. services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; + services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ]; services.xserver = { layout = "us"; @@ -101,6 +102,10 @@ in pciutils nvidia-offload vim + wireguard-tools + + gnomeExtensions.appindicator + gnomeExtensions.wireguard-indicator ]; programs.steam = { @@ -111,6 +116,21 @@ in services.fstrim.enable = true; + # Allow reverse path for wireguard + networking.firewall = { + # if packets are still dropped, they will show up in dmesg + logReversePathDrops = true; + # wireguard trips rpfilter up + extraCommands = '' + ip46tables -t raw -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN + ip46tables -t raw -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN + ''; + extraStopCommands = '' + ip46tables -t raw -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true + ip46tables -t raw -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true + ''; + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/nixos/hosts/other/null/home.nix b/nixos/hosts/other/null/home.nix index 5d5f49f..14cdec7 100644 --- a/nixos/hosts/other/null/home.nix +++ b/nixos/hosts/other/null/home.nix @@ -6,6 +6,7 @@ home.packages = with pkgs; [ discord rnix-lsp + fusee-launcher ]; programs.home-manager.enable = true;