Update

2025-05-18 11:17:59 +02:00 · 2025-05-18 11:17:59 +02:00 · 0e60e2517f
parent f4a22eb9a6
commit 0e60e2517f
4 changed files with 45 additions and 32 deletions
--- a/nix/common.nix
+++ b/nix/common.nix
@ -8,6 +8,7 @@
 }:
 {
  imports = [
+    (if mkkArg.isDecrypted then ./variables-private.nix else {})
 # * NIX & NIXPKGS
    {
      nixpkgs.config = {
@ -186,12 +187,6 @@
      ];
    }
 # * Args
-
-    (
-      let
-       
-
-      in
    {
      options.konfig = lib.mkOption { default = { }; };
      config = {
@ -212,12 +207,12 @@

          arg = mkkArg;
          rootFlake = (builtins.getFlake mkkArg.configRootPath);
-            vars = lib.mkDefault { };
+          vars = { };
        };
        _module.args.konfig = config.konfig;
      };
    }
-    )
+
 # * common.nix END
  ];

--- a/nix/default.nix
+++ b/nix/default.nix
@ -44,9 +44,8 @@ in
              mkkArg
              // {
                current = (if isStable then stable else unstable);
-              }
-              // {
                isDecrypted = (isDecrypted (if isStable then stable else unstable).nixpkgs system);
+                isStable = isStable;
              }
              // extraArgs;
          };
--- a/nix/hosts/materusPC.nix
+++ b/nix/hosts/materusPC.nix
@ -18,6 +18,25 @@
 # ** Network
    {
      networking.hostName = "materusPC";
+      networking.useDHCP = lib.mkDefault true;
+      networking.wireless.iwd.enable = true;
+      networking.networkmanager.enable = true;
+      #networking.networkmanager.wifi.backend = "iwd";
+      networking.firewall.enable = true;
+
+      networking.firewall = {
+        logReversePathDrops = false;
+        # wireguard trips rpfilter up
+        extraCommands = ''
+          ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport ${konfig.vars.wireguard.ports.materusPC} -j RETURN
+          ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport ${konfig.vars.wireguard.ports.materusPC} -j RETURN
+        '';
+        extraStopCommands = ''
+          ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport ${konfig.vars.wireguard.ports.materusPC} -j RETURN || true
+          ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport ${konfig.vars.wireguard.ports.materusPC} -j RETURN || true
+        '';
+      };
+
    }
 # ** Hardware
 # *** Filesystems
--- a/nix/variables-private.nix
+++ b/nix/variables-private.nix