Update

2025-05-18 11:17:59 +02:00 · 2025-05-18 11:17:59 +02:00 · 0e60e2517f
parent f4a22eb9a6
commit 0e60e2517f
4 changed files with 45 additions and 32 deletions
--- a/nix/common.nix
+++ b/nix/common.nix
@ -8,6 +8,7 @@
 }:
 {
  imports = [
+    (if mkkArg.isDecrypted then ./variables-private.nix else {})
 # * NIX & NIXPKGS
    {
      nixpkgs.config = {
@ -186,38 +187,32 @@
      ];
    }
 # * Args
+    {
+      options.konfig = lib.mkOption { default = { }; };
+      config = {
+        konfig = {
+          unstable = mkkArg.unstable;
+          stable = mkkArg.stable;
+          current = mkkArg.current;
+          nixerusPkgs =
+            (import mkkArg.current.nixerus { inherit pkgs; })
+            // (
+              if (pkgs.system == "x86_64-linux") then
+                {
+                  i686Linux = import mkkArg.current.nixerus { pkgs = pkgs.pkgsi686Linux; };
+                }
+              else
+                { }
+            );

-    (
-      let
-       
-
-      in
-      {
-        options.konfig = lib.mkOption { default = { }; }; 
-        config = {
-          konfig = {
-            unstable = mkkArg.unstable;
-            stable = mkkArg.stable;
-            current = mkkArg.current;
-            nixerusPkgs =
-              (import mkkArg.current.nixerus { inherit pkgs; })
-              // (
-                if (pkgs.system == "x86_64-linux") then
-                  {
-                    i686Linux = import mkkArg.current.nixerus { pkgs = pkgs.pkgsi686Linux; };
-                  }
-                else
-                  { }
-              );
-
-            arg = mkkArg;
-            rootFlake = (builtins.getFlake mkkArg.configRootPath);
-            vars = lib.mkDefault { };
-          };
-          _module.args.konfig = config.konfig;
+          arg = mkkArg;
+          rootFlake = (builtins.getFlake mkkArg.configRootPath);
+          vars = { };
        };
-      }
-    )
+        _module.args.konfig = config.konfig;
+      };
+    }
+
 # * common.nix END
  ];

--- a/nix/default.nix
+++ b/nix/default.nix
@ -44,9 +44,8 @@ in
              mkkArg
              // {
                current = (if isStable then stable else unstable);
-              }
-              // {
                isDecrypted = (isDecrypted (if isStable then stable else unstable).nixpkgs system);
+                isStable = isStable;
              }
              // extraArgs;
          };
--- a/nix/hosts/materusPC.nix
+++ b/nix/hosts/materusPC.nix
@ -18,6 +18,25 @@
 # ** Network
    {
      networking.hostName = "materusPC";
+      networking.useDHCP = lib.mkDefault true;
+      networking.wireless.iwd.enable = true;
+      networking.networkmanager.enable = true;
+      #networking.networkmanager.wifi.backend = "iwd";
+      networking.firewall.enable = true;
+
+      networking.firewall = {
+        logReversePathDrops = false;
+        # wireguard trips rpfilter up
+        extraCommands = ''
+          ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport ${konfig.vars.wireguard.ports.materusPC} -j RETURN
+          ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport ${konfig.vars.wireguard.ports.materusPC} -j RETURN
+        '';
+        extraStopCommands = ''
+          ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport ${konfig.vars.wireguard.ports.materusPC} -j RETURN || true
+          ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport ${konfig.vars.wireguard.ports.materusPC} -j RETURN || true
+        '';
+      };
+
    }
 # ** Hardware
 # *** Filesystems
--- a/nix/variables-private.nix
+++ b/nix/variables-private.nix