waffentrager, valkyrie: change wg port

configurations/host/Old-materusPC/configuration.nix

@@ -9,6 +9,7 @@
     [
       # Include the results of the hardware scan.
       ./hardware-configuration.nix
+      ./network.nix
     ];
   boot.supportedFilesystems = [ "ntfs" ];
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
@@ -38,10 +39,6 @@
   services.flatpak.enable = true;
   services.gvfs.enable = true;
 
-  networking.hostName = "Old-materusPC"; # Define your hostname.
-  # Pick only one of the below networking options.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-  networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
 
   # Set your time zone.
   time.timeZone = "Europe/Warsaw";
@@ -103,7 +100,13 @@
     jack.enable = true;
   };
   hardware.pulseaudio.enable = false;
-
+  services.udev = {
+    extraRules = ''
+      KERNEL=="rtc0", GROUP="audio"
+      KERNEL=="hpet", GROUP="audio"
+      DEVPATH=="/devices/virtual/misc/cpu_dma_latency", OWNER="root", GROUP="audio", MODE="0660"
+    '';
+  };
 
 
   virtualisation.podman = {
@@ -115,7 +118,7 @@
 
   users.users.materus = {
     isNormalUser = true;
-    extraGroups = [ "wheel" "networkmanager" "kvm" "input" "libvirt" "libvirtd" "podman" ];
+    extraGroups = [ "wheel" "networkmanager" "kvm" "input" "libvirt" "libvirtd" "podman" "audio" "pipewire" ];
     shell = pkgs.zsh;
     description = "Mateusz Słodkowicz";
 
@@ -177,6 +180,7 @@
     xz
     zip
     gzip
+    sops
 
     tree
     mc
@@ -285,11 +289,7 @@
   services.openssh.enable = true;
 
 
-  # Open ports in the firewall.
+
-  networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656 ];
-  networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656 ];
-  # Or disable the firewall altogether.
-  networking.firewall.enable = true;
 
   # Copy the NixOS configuration file and link it from the resulting system
   # (/run/current-system/configuration.nix). This is useful in case you

configurations/host/Old-materusPC/home/materus/default.nix

@@ -71,9 +71,56 @@
     editor.emacs.enable = false;
 
   };
+  xdg.desktopEntries.brave-browser = let env = lib.concatStringsSep " " [
+    ''VK_ICD_FILENAMES=''$VK_ICD_FILENAMES:/run/opengl-driver/share/vulkan/icd.d/nvidia_icd.x86_64.json:/run/opengl-driver-32/share/vulkan/icd.d/nvidia_icd.i686.json''
+    ''__NV_PRIME_RENDER_OFFLOAD="1"''
+    ''__NV_PRIME_RENDER_OFFLOAD_PROVIDER="NVIDIA-G0"''
+    ''__GLX_VENDOR_LIBRARY_NAME="nvidia"''
+    ''__VK_LAYER_NV_optimus="NVIDIA_only"''
+  ]; 
+  script = pkgs.writeShellScript "brave" ''
+  ${env} brave "$@"
+  '';
   
+  in
+  {
+    name = "Brave Web Browser";
+    genericName = "Przeglądarka WWW";
+    comment = "Skorzystaj z internetu";
+    exec = "${script} %U";
+    icon = "brave-browser";
+    terminal = false;
+    categories = [ "Application" "Network" "WebBrowser" ];
+    mimeType = [
+      "application/pdf"
+      "application/rdf+xml"
+      "application/rss+xml"
+      "application/xhtml+xml"
+      "application/xhtml_xml"
+      "application/xml"
+      "image/gif"
+      "image/jpeg"
+      "image/png"
+      "image/webp"
+      "text/html"
+      "text/xml"
+      "x-scheme-handler/http"
+      "x-scheme-handler/https"
+      "x-scheme-handler/ipfs"
+      "x-scheme-handler/ipns"
+    ];
+    actions.new-windows = {
+      exec = "${script}";
+      name = "Nowe okno";
+    };
+    actions.new-private-windows = {
+      exec = "${script} --incognito";
+      name = "Nowe okno incognito";
+    };
+  };
   home.packages = [
     pkgs.papirus-icon-theme
+    (materusArg.pkgs.polymc.wrap { extraJDKs = [ pkgs.graalvm-ce ]; })
   ];
 
 }

configurations/host/Old-materusPC/network.nix

@@ -0,0 +1,52 @@
+{ config, pkgs, lib, materusArg, ... }:
+{
+  sops.templates."networkmanager.env".content = ''
+    WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wg-key}"
+  '';
+
+  networking.useDHCP = lib.mkDefault true;
+  networking.hostName = "Old-materusPC";
+  networking.wireless.iwd.enable = true;
+  networking.networkmanager.enable = true;
+  # Open ports in the firewall.
+  networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656 ];
+  networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656 ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = true;
+  networking.networkmanager.settings = {
+    connectivity = {
+      uri = "http://nmcheck.gnome.org/check_network_status.txt";
+    };
+  };
+
+  networking.networkmanager.ensureProfiles.environmentFiles = [
+    config.sops.templates."networkmanager.env".path
+  ];
+  networking.networkmanager.ensureProfiles.profiles = {
+    wg0 = {
+      connection = {
+        id = "wg0";
+        type = "wireguard";
+        interface-name = "wg0";
+      };
+      wireguard = {
+        private-key = "$WIREGUARD_PRIVATEKEY";
+      };
+      "wireguard-peer.${materusArg.wireguard.pubKeys.valkyrie}" = {
+        endpoint = "${materusArg.ips.valkyrie}:${materusArg.wireguard.port}";
+        allowed-ips = "${materusArg.ip-masks.wireguard.general};";
+      };
+      ipv4 = {
+        address1 = "${materusArg.ips.wireguard.Old-materusPC}/23";
+        dns = "${materusArg.ips.wireguard.valkyrie};";
+        method = "manual";
+        never-default = "true";
+      };
+      ipv6 = {
+        addr-gen-mode = "stable-privacy";
+        method = "disabled";
+      };
+      proxy = { };
+    };
+  };
+}

configurations/host/Old-materusPC/nvidia.nix

@@ -28,5 +28,9 @@
   ];
   materus.profile.steam.extraEnv = {
     VK_ICD_FILENAMES=''''$VK_ICD_FILENAMES:/run/opengl-driver/share/vulkan/icd.d/nvidia_icd.x86_64.json:/run/opengl-driver-32/share/vulkan/icd.d/nvidia_icd.i686.json'';
+    __NV_PRIME_RENDER_OFFLOAD="1";
+    __NV_PRIME_RENDER_OFFLOAD_PROVIDER="NVIDIA-G0";
+    __GLX_VENDOR_LIBRARY_NAME="nvidia";
+    __VK_LAYER_NV_optimus="NVIDIA_only";
   };
 }

configurations/host/materusPC/audio.nix

@@ -40,6 +40,7 @@
     extraRules = ''
       KERNEL=="rtc0", GROUP="audio"
       KERNEL=="hpet", GROUP="audio"
+      DEVPATH=="/devices/virtual/misc/cpu_dma_latency", OWNER="root", GROUP="audio", MODE="0660"
     '';
   };
   environment.systemPackages = with pkgs; [