From 0e60e2517f8e772c10588eff52124a3b7e94e444 Mon Sep 17 00:00:00 2001
From: materus <materus@podkos.pl>
Date: Sun, 18 May 2025 11:17:59 +0200
Subject: [PATCH] Update

---
 nix/common.nix            |  55 +++++++++++++++++---------------------
 nix/default.nix           |   3 +--
 nix/hosts/materusPC.nix   |  19 +++++++++++++
 nix/variables-private.nix | Bin 0 -> 986 bytes
 4 files changed, 45 insertions(+), 32 deletions(-)
 create mode 100644 nix/variables-private.nix

diff --git a/nix/common.nix b/nix/common.nix
index 63fabdd..9f0bb62 100644
--- a/nix/common.nix
+++ b/nix/common.nix
@@ -8,6 +8,7 @@
 }:
 {
   imports = [
+    (if mkkArg.isDecrypted then ./variables-private.nix else {})
 # * NIX & NIXPKGS
     {
       nixpkgs.config = {
@@ -186,38 +187,32 @@
       ];
     }
 # * Args
+    {
+      options.konfig = lib.mkOption { default = { }; };
+      config = {
+        konfig = {
+          unstable = mkkArg.unstable;
+          stable = mkkArg.stable;
+          current = mkkArg.current;
+          nixerusPkgs =
+            (import mkkArg.current.nixerus { inherit pkgs; })
+            // (
+              if (pkgs.system == "x86_64-linux") then
+                {
+                  i686Linux = import mkkArg.current.nixerus { pkgs = pkgs.pkgsi686Linux; };
+                }
+              else
+                { }
+            );
 
-    (
-      let
-       
-
-      in
-      {
-        options.konfig = lib.mkOption { default = { }; }; 
-        config = {
-          konfig = {
-            unstable = mkkArg.unstable;
-            stable = mkkArg.stable;
-            current = mkkArg.current;
-            nixerusPkgs =
-              (import mkkArg.current.nixerus { inherit pkgs; })
-              // (
-                if (pkgs.system == "x86_64-linux") then
-                  {
-                    i686Linux = import mkkArg.current.nixerus { pkgs = pkgs.pkgsi686Linux; };
-                  }
-                else
-                  { }
-              );
-
-            arg = mkkArg;
-            rootFlake = (builtins.getFlake mkkArg.configRootPath);
-            vars = lib.mkDefault { };
-          };
-          _module.args.konfig = config.konfig;
+          arg = mkkArg;
+          rootFlake = (builtins.getFlake mkkArg.configRootPath);
+          vars = { };
         };
-      }
-    )
+        _module.args.konfig = config.konfig;
+      };
+    }
+
 # * common.nix END
   ];
 
diff --git a/nix/default.nix b/nix/default.nix
index 703869b..747bc14 100644
--- a/nix/default.nix
+++ b/nix/default.nix
@@ -44,9 +44,8 @@ in
               mkkArg
               // {
                 current = (if isStable then stable else unstable);
-              }
-              // {
                 isDecrypted = (isDecrypted (if isStable then stable else unstable).nixpkgs system);
+                isStable = isStable;
               }
               // extraArgs;
           };
diff --git a/nix/hosts/materusPC.nix b/nix/hosts/materusPC.nix
index 2c3437e..11e1754 100644
--- a/nix/hosts/materusPC.nix
+++ b/nix/hosts/materusPC.nix
@@ -18,6 +18,25 @@
 # ** Network
     {
       networking.hostName = "materusPC";
+      networking.useDHCP = lib.mkDefault true;
+      networking.wireless.iwd.enable = true;
+      networking.networkmanager.enable = true;
+      #networking.networkmanager.wifi.backend = "iwd";
+      networking.firewall.enable = true;
+
+      networking.firewall = {
+        logReversePathDrops = false;
+        # wireguard trips rpfilter up
+        extraCommands = ''
+          ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport ${konfig.vars.wireguard.ports.materusPC} -j RETURN
+          ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport ${konfig.vars.wireguard.ports.materusPC} -j RETURN
+        '';
+        extraStopCommands = ''
+          ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport ${konfig.vars.wireguard.ports.materusPC} -j RETURN || true
+          ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport ${konfig.vars.wireguard.ports.materusPC} -j RETURN || true
+        '';
+      };
+
     }
 # ** Hardware
 # *** Filesystems
diff --git a/nix/variables-private.nix b/nix/variables-private.nix
new file mode 100644
index 0000000000000000000000000000000000000000..95a556e2776af6f49360c5f5a56ac347b041085b
GIT binary patch
literal 986
zcmV<0110<bM@dveQdv+`00ajA7GqmFccwMeF|j3&3XdArHdFZ{t7kZXPSVdV0TOgE
z-wrZOgTznFMUbAN!lYv#l%klmKy0EeRD>#`?DP6<ZtP27{F-q*#}O*ft1}xcqsJ;}
zsPf#+v<47m)hZBK0Ity@QK_PU3RYGTbwDEb%D=(NG#AYY)}qQKXJ%%9{v!U05=E4w
ze`b}KIe0F^sny?+s+|WwM_jlsT;Q-sr}r;%VTu~9pR{FKGq%4R(x(z){rHzhq4wr>
zERi{w8i;H<v3_P|b77&@=htGwmwT`W8X)1cUO}Tk?>v4<nv8vqENByDqbIN{JTU_j
zX{w-}9l2_RI%9(2!`1Ve?}?PDBF+AAhA*9aiE?+p62Kg$s!Uq1F<~!T9)ygPaJxKe
ztCB|u%q77R%SSohJ80eKqj)PW9+*;z$*c5{kryo~!Wm&am<ewbXeTXL>-IQTDR*yR
zd$7-dt=`ynX(Z7|C92ep$Wxm=u^JxEnq=A4=b)4{V<l0YkjBsMwJpeN&^VWQ@4~dd
z#`N+eo&KV8Yh+Aq!9NHN4S8L-GtG?$QtXSP@(-K!A6N|1tZJVg51^oS`<SbhiHT;u
zEhJj&f+T`O&C>kTq4J)oFtT`fn+s)7YU)HV?@@!*TJ0w?q&~0Vn$k>GW~9;qZqs~Y
zT?IIu)~m*urjWSkHEMrECM8XTt@%L?W=<%l#=J3$@b!&1%rLaJ(u5GPD0)V{TR<EM
zaLqvKbqSV>HSDr$4zVs+R(XAa9L7niL+eFNAA!^?B+cXpzEvQhEnx~({Lr|12y?UZ
zxiSTlDz54HXJVHB%po;`MuZy<D%L>pg->gFfyGT4U?{{f%V;mSYy2rJ*?OT4z#z<?
zD4L9mq{DQ!JuD6LkM+&NZ+?;QX2Jd2x{9~&hL>MT!xVxzV2JrQ6~qvDVANo>4-=8y
zVpcroNJZ9F(#woaARq8jygl!oKOk~gm2m|MH7vj2cper`2@ZDna$L2uq&^Y4Gtwg~
zcd>$HVeiJ?&!<|7tfph^t<&Yny@~YLPNDpo(sPS_&z6-3!ZFd4n4nuLN<&}vt}ldU
zidzRa@z2a$oY~<vyBz*huGR4k)lYh#9nv#NDNns~MEg&+CUR`hsdVph<l@Hq1C_Ea
zVpWu=yRI?+*l*H>e8thUwZyz!<iTxL6%x95owPxs$)oHEB*La1-CWjsDQm1`0cKXR
zsRqX7HI@5#&_lgp%Y%-B7#;*P)im-c)erQGZnm^0tVQ4K9zA;J{7^1N>G=+eTp}Qw
I0X`F8Dw3n+r2qf`

literal 0
HcmV?d00001