summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKjetil Orbekk <kj@orbekk.com>2020-09-04 15:24:36 -0400
committerKjetil Orbekk <kj@orbekk.com>2020-09-04 15:24:40 -0400
commit739033c5211ea4611e86f45790f3ae859d303a77 (patch)
tree963c5af22dd5a6f5295454a27f080d5a9b31cd5a
parent3389cdb4e14732c21bc6b22336fd29cbb5200060 (diff)
various fixes
-rw-r--r--config/ap.nix24
-rw-r--r--config/common.nix2
-rw-r--r--config/desktop.nix43
-rw-r--r--config/users.nix2
-rw-r--r--config/yubikey.nix20
-rw-r--r--machines/x1-pincer.nix1
-rw-r--r--machines/x220-aji.nix1
7 files changed, 59 insertions, 34 deletions
diff --git a/config/ap.nix b/config/ap.nix
index af98095..18c0c6e 100644
--- a/config/ap.nix
+++ b/config/ap.nix
@@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
let
- wan-dev = "enp0s25";
- lan-dev = "wlp4s0";
+ wan-dev = "enp37s0";
+ lan-dev = "wlp39s0";
in
{
networking.networkmanager.enable = lib.mkForce false;
@@ -38,8 +38,17 @@ in
interface lo ACCEPT;
proto icmp icmp-type echo-request ACCEPT;
+ interface $DEV_WAN {
+ # RTMP
+ # proto (tcp udp) dport 1935 ACCEPT;
+
+ # Factorio
+ proto udp dport 34197 ACCEPT;
+ }
+
interface $DEV_LAN @subchain "services" {
- proto (tcp udp) dport (ssh domain bootps) ACCEPT;
+ # 1935 for rtmp testing
+ proto (tcp udp) dport (ssh domain bootps 1935 4317 5353) ACCEPT;
# Chromecast
# proto udp dport 32768:61000 ACCEPT;
@@ -96,7 +105,6 @@ in
services.hostapd = {
enable = true;
- # driver = "iwlwifi";
ssid = "2c";
wpaPassphrase = "mintchip";
interface = "${lan-dev}";
@@ -109,17 +117,20 @@ in
'';
};
+ networking.useDHCP = true;
networking.dhcpcd = {
+ enable = true;
+ denyInterfaces = [ lan-dev ];
extraConfig = ''
# debug
noipv6rs
- denyinterfaces ${lan-dev}
interface ${wan-dev}
dhcp
ipv6rs
ia_na 1
ia_pd 1/::/56 ${lan-dev}/0/64
'';
+ wait = "background";
};
services.dnsmasq = {
@@ -132,7 +143,7 @@ in
dhcp-option=option:dns-server,10.64.30.1
dhcp-option=option:netmask,255.255.255.0
- dhcp-range=::,constructor:${lan-dev},slaac
+ #dhcp-range=::,constructor:${lan-dev},slaac
'';
};
@@ -145,7 +156,6 @@ in
networking.interfaces.${wan-dev} = {
macAddress = "3c:97:0e:19:7e:5c";
- useDHCP = true;
};
networking.interfaces."${lan-dev}" = {
diff --git a/config/common.nix b/config/common.nix
index ee70548..faa4501 100644
--- a/config/common.nix
+++ b/config/common.nix
@@ -58,4 +58,6 @@
};
boot.cleanTmpDir = true;
+
+ nixpkgs.config.allowUnfree = true;
}
diff --git a/config/desktop.nix b/config/desktop.nix
index 6b26b07..58fbbdd 100644
--- a/config/desktop.nix
+++ b/config/desktop.nix
@@ -5,42 +5,30 @@
location.latitude = 40.0;
location.longitude = -74.0;
+ sound.enable = true;
+
hardware = {
opengl = {
enable = true;
driSupport32Bit = true;
+ extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
};
bluetooth.enable = true;
pulseaudio = {
enable = true;
+ support32Bit = true;
package = pkgs.pulseaudioFull;
zeroconf.discovery.enable = true;
zeroconf.publish.enable = true;
+ tcp.enable = true;
+ tcp.anonymousClients.allowAll = true;
};
};
- console.earlySetup = true;
- console.keyMap = "dvorak";
-
- boot = {
-
- loader = {
- systemd-boot.enable = true;
- # systemd-boot.memtest86.enable = true;
- timeout = 0;
- efi.canTouchEfiVariables = true;
- };
- };
-
- networking = {
- networkmanager.enable = lib.mkDefault true;
- firewall.enable = lib.mkDefault true;
- };
-
fonts = {
enableDefaultFonts = true;
- fonts = [ pkgs.fira-code pkgs.dejavu_fonts pkgs.steamPackages.steam-fonts ];
+ fonts = with pkgs; [ fira-code dejavu_fonts steamPackages.steam-fonts wqy_microhei ];
};
environment.systemPackages = with pkgs; [
@@ -61,6 +49,11 @@
xss-lock
];
+ i18n.inputMethod = {
+ enabled = "fcitx";
+ fcitx.engines = with pkgs.fcitx-engines; [cloudpinyin];
+ };
+
services = {
avahi.enable = true;
@@ -70,10 +63,11 @@
enable = true;
layout = "us";
# xkbVariant = "dvorak";
+ xkbOptions = "caps:ctrl_modifier";
- desktopManager.mate = {
- enable = true;
- };
+ # desktopManager.plasma5 = {
+ # enable = true;
+ # };
windowManager.xmonad = {
enable = true;
@@ -85,10 +79,7 @@
enable = true;
};
- synaptics = {
- enable = true;
- twoFingerScroll = true;
- };
+ libinput.enable = true;
};
redshift = {
diff --git a/config/users.nix b/config/users.nix
index c1c6cbe..4261ea2 100644
--- a/config/users.nix
+++ b/config/users.nix
@@ -9,7 +9,7 @@ in {
home = "/home/orbekk";
uid = 1000;
description = "KJ";
- extraGroups = ["wheel" "networkmanager" "dialout" "uucp" "audio" "plugdev" "lxd" "readonly" "input"];
+ extraGroups = ["wheel" "networkmanager" "dialout" "uucp" "audio" "plugdev" "lxd" "readonly" "input" "vboxusers" "video" "sound" "tty" ];
openssh.authorizedKeys.keyFiles = [
../data/pincer_rsa.pub
../data/yubikey_rsa.pub
diff --git a/config/yubikey.nix b/config/yubikey.nix
index 3029d90..d10bb57 100644
--- a/config/yubikey.nix
+++ b/config/yubikey.nix
@@ -17,6 +17,7 @@ in
libu2f-host
yubikey-personalization
];
+ services.gnome3.gnome-keyring.enable = lib.mkForce false;
programs.gnupg.agent = {
enable = true;
@@ -28,4 +29,23 @@ in
environment = {
systemPackages = yubikey-pkgs;
};
+
+ security.sudo.extraRules = [
+ {
+ groups = [ "wheel" ];
+ commands = [ { command = "${pkgs.systemd}/bin/systemctl restart pcscd"; options = [ "NOPASSWD" ]; } ];
+ }
+ ];
+
+ systemd.user.services.restart-pcscd = {
+ description = "Redshift colour temperature adjuster";
+ wantedBy = [ "graphical-session.target" ];
+ partOf = [ "graphical-session.target" ];
+ serviceConfig = {
+ ExecStart = ''
+ sudo systemctl restart pcscd
+ '';
+ Type = "oneshot";
+ };
+ };
}
diff --git a/machines/x1-pincer.nix b/machines/x1-pincer.nix
index 8f887a8..eb037a9 100644
--- a/machines/x1-pincer.nix
+++ b/machines/x1-pincer.nix
@@ -3,6 +3,7 @@
networking.firewall.allowedTCPPorts = [ ]; # socks proxy
imports = [
../config/desktop.nix
+ ../config/laptop.nix
../config/yubikey.nix
../config/thinkpad.nix
# ../config/ap.nix
diff --git a/machines/x220-aji.nix b/machines/x220-aji.nix
index 5319d26..eb41e3c 100644
--- a/machines/x220-aji.nix
+++ b/machines/x220-aji.nix
@@ -2,6 +2,7 @@
{
imports = [
../config/desktop.nix
+ ../config/laptop.nix
../config/thinkpad.nix
../config/yubikey.nix
../config/postgresql.nix