From cff5051f75bd89aabeebed3d980ed944d9ff6d85 Mon Sep 17 00:00:00 2001
From: materus <materus@podkos.pl>
Date: Thu, 2 May 2024 08:50:39 +0200
Subject: [PATCH] Old-materusPC: network and audio update

---
 .../host/Old-materusPC/configuration.nix      | 22 ++++----
 .../Old-materusPC/home/materus/default.nix    |  1 +
 configurations/host/Old-materusPC/network.nix | 52 +++++++++++++++++++
 configurations/host/materusPC/audio.nix       |  1 +
 4 files changed, 65 insertions(+), 11 deletions(-)
 create mode 100644 configurations/host/Old-materusPC/network.nix

diff --git a/configurations/host/Old-materusPC/configuration.nix b/configurations/host/Old-materusPC/configuration.nix
index 564f9ee..4a600db 100755
--- a/configurations/host/Old-materusPC/configuration.nix
+++ b/configurations/host/Old-materusPC/configuration.nix
@@ -9,6 +9,7 @@
     [
       # Include the results of the hardware scan.
       ./hardware-configuration.nix
+      ./network.nix
     ];
   boot.supportedFilesystems = [ "ntfs" ];
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
@@ -38,10 +39,6 @@
   services.flatpak.enable = true;
   services.gvfs.enable = true;
 
-  networking.hostName = "Old-materusPC"; # Define your hostname.
-  # Pick only one of the below networking options.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-  networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
 
   # Set your time zone.
   time.timeZone = "Europe/Warsaw";
@@ -103,7 +100,13 @@
     jack.enable = true;
   };
   hardware.pulseaudio.enable = false;
-
+  services.udev = {
+    extraRules = ''
+      KERNEL=="rtc0", GROUP="audio"
+      KERNEL=="hpet", GROUP="audio"
+      DEVPATH=="/devices/virtual/misc/cpu_dma_latency", OWNER="root", GROUP="audio", MODE="0660"
+    '';
+  };
 
 
   virtualisation.podman = {
@@ -115,7 +118,7 @@
 
   users.users.materus = {
     isNormalUser = true;
-    extraGroups = [ "wheel" "networkmanager" "kvm" "input" "libvirt" "libvirtd" "podman" ];
+    extraGroups = [ "wheel" "networkmanager" "kvm" "input" "libvirt" "libvirtd" "podman" "audio" "pipewire" ];
     shell = pkgs.zsh;
     description = "Mateusz Słodkowicz";
 
@@ -177,6 +180,7 @@
     xz
     zip
     gzip
+    sops
 
     tree
     mc
@@ -285,11 +289,7 @@
   services.openssh.enable = true;
 
 
-  # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656 ];
-  networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656 ];
-  # Or disable the firewall altogether.
-  networking.firewall.enable = true;
+
 
   # Copy the NixOS configuration file and link it from the resulting system
   # (/run/current-system/configuration.nix). This is useful in case you
diff --git a/configurations/host/Old-materusPC/home/materus/default.nix b/configurations/host/Old-materusPC/home/materus/default.nix
index de89f4d..946a26c 100644
--- a/configurations/host/Old-materusPC/home/materus/default.nix
+++ b/configurations/host/Old-materusPC/home/materus/default.nix
@@ -74,6 +74,7 @@
 
   home.packages = [
     pkgs.papirus-icon-theme
+    (materusArg.pkgs.polymc.wrap { extraJDKs = [ pkgs.graalvm-ce ]; })
   ];
 
 }
diff --git a/configurations/host/Old-materusPC/network.nix b/configurations/host/Old-materusPC/network.nix
new file mode 100644
index 0000000..8525971
--- /dev/null
+++ b/configurations/host/Old-materusPC/network.nix
@@ -0,0 +1,52 @@
+{ config, pkgs, lib, materusArg, ... }:
+{
+  sops.templates."networkmanager.env".content = ''
+    WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wg-key}"
+  '';
+
+  networking.useDHCP = lib.mkDefault true;
+  networking.hostName = "Old-materusPC";
+  networking.wireless.iwd.enable = true;
+  networking.networkmanager.enable = true;
+  # Open ports in the firewall.
+  networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656 ];
+  networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656 ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = true;
+  networking.networkmanager.settings = {
+    connectivity = {
+      uri = "http://nmcheck.gnome.org/check_network_status.txt";
+    };
+  };
+
+  networking.networkmanager.ensureProfiles.environmentFiles = [
+    config.sops.templates."networkmanager.env".path
+  ];
+  networking.networkmanager.ensureProfiles.profiles = {
+    wg0 = {
+      connection = {
+        id = "wg0";
+        type = "wireguard";
+        interface-name = "wg0";
+      };
+      wireguard = {
+        private-key = "$WIREGUARD_PRIVATEKEY";
+      };
+      "wireguard-peer.${materusArg.wireguard.pubKeys.valkyrie}" = {
+        endpoint = "${materusArg.ips.valkyrie}:${materusArg.wireguard.port}";
+        allowed-ips = "${materusArg.ip-masks.wireguard.general};";
+      };
+      ipv4 = {
+        address1 = "${materusArg.ips.wireguard.Old-materusPC}/23";
+        dns = "${materusArg.ips.wireguard.valkyrie};";
+        method = "manual";
+        never-default = "true";
+      };
+      ipv6 = {
+        addr-gen-mode = "stable-privacy";
+        method = "disabled";
+      };
+      proxy = { };
+    };
+  };
+}
\ No newline at end of file
diff --git a/configurations/host/materusPC/audio.nix b/configurations/host/materusPC/audio.nix
index 5c861b9..4b137fe 100644
--- a/configurations/host/materusPC/audio.nix
+++ b/configurations/host/materusPC/audio.nix
@@ -40,6 +40,7 @@
     extraRules = ''
       KERNEL=="rtc0", GROUP="audio"
       KERNEL=="hpet", GROUP="audio"
+      DEVPATH=="/devices/virtual/misc/cpu_dma_latency", OWNER="root", GROUP="audio", MODE="0660"
     '';
   };
   environment.systemPackages = with pkgs; [