diff options
| author | Kjetil Orbekk <kj@orbekk.com> | 2021-03-08 17:39:28 -0500 |
|---|---|---|
| committer | Kjetil Orbekk <kj@orbekk.com> | 2021-03-08 17:39:28 -0500 |
| commit | f605c9c843c5033e325931ed2dc3664e0cbcbf5d (patch) | |
| tree | b87b74d5894f276fa9b13a60b7f22392701d7503 | |
| parent | 3138a1b27624be2d6afce53fc41ca9406b4b2168 (diff) | |
Disable jack audio on firelink
| -rw-r--r-- | machines/firelink.nix | 34 | ||||
| -rw-r--r-- | modules/simple-firewall.nix | 11 |
2 files changed, 23 insertions, 22 deletions
diff --git a/machines/firelink.nix b/machines/firelink.nix index 6276ffe..ca35fc9 100644 --- a/machines/firelink.nix +++ b/machines/firelink.nix @@ -58,11 +58,11 @@ in enable = true; extraModules = [ pkgs.pulseaudio-modules-bt ]; package = lib.mkForce pkgs.pulseaudioFull; - extraConfig = '' - load-module module-dbus-protocol - load-module module-jack-sink channels=2 - load-module module-jack-source channels=1 - ''; + # extraConfig = '' + # load-module module-dbus-protocol + # load-module module-jack-sink channels=2 + # load-module module-jack-source channels=1 + # ''; systemWide = true; # configFile = pkgs.writeText "default.pa" '' # load-module module-bluetooth-policy @@ -75,12 +75,12 @@ in # ''; }; systemd.services.pulseaudio = { - environment."JACK_PROMISCUOUS_SERVER" = "jackaudio"; + # environment."JACK_PROMISCUOUS_SERVER" = "jackaudio"; serviceConfig = { LimitMEMLOCK = "infinity"; }; }; - users.extraUsers.pulse.extraGroups = [ "jackaudio" ]; + # users.extraUsers.pulse.extraGroups = [ "jackaudio" ]; networking.firewall.allowedTCPPorts = [ 22 4713 ]; networking.networkmanager.enable = true; @@ -104,18 +104,18 @@ in value = "1048576"; }]; - virtualisation.libvirtd.enable = true; + # virtualisation.libvirtd.enable = true; # virtualisation.virtualbox.host.enable = true; - virtualisation.virtualbox.host.enableExtensionPack = true; + # virtualisation.virtualbox.host.enableExtensionPack = true; - services.jack = { - jackd.enable = true; - jackd.extraOptions = [ "-dalsa" "-dhw:M2" ]; - alsa.enable = false; - loopback.enable = true; - }; - users.extraUsers.guest.extraGroups = [ "jackaudio" ]; - users.extraUsers.orbekk.extraGroups = [ "jackaudio" ]; + # services.jack = { + # jackd.enable = true; + # jackd.extraOptions = [ "-dalsa" "-dhw:M2" ]; + # alsa.enable = false; + # loopback.enable = true; + # }; + # users.extraUsers.guest.extraGroups = [ "jackaudio" ]; + # users.extraUsers.orbekk.extraGroups = [ "jackaudio" ]; # Streaming test # services.nginx.enable = true; diff --git a/modules/simple-firewall.nix b/modules/simple-firewall.nix index 2585a5d..f2b4405 100644 --- a/modules/simple-firewall.nix +++ b/modules/simple-firewall.nix @@ -24,6 +24,7 @@ in config = lib.mkIf cfg.enable { networking.firewall.enable = lib.mkForce false; + boot.blacklistedKernelModules = ["ip_tables"]; networking.nftables.enable = true; networking.nftables.ruleset = @@ -51,13 +52,13 @@ in ct state {established, related} accept - ip protocol icmp limit rate 4/second counter accept - ip6 nexthdr ipv6-icmp limit rate 4/second counter accept + ip protocol icmp limit rate 4/second counter name icmp-allowed accept + ip6 nexthdr ipv6-icmp limit rate 4/second counter name icmp6-allowed accept - tcp dport @allowed_tcp_ports counter accept - udp dport @allowed_udp_ports counter accept + tcp dport @allowed_tcp_ports counter name tcp-allowed accept + udp dport @allowed_udp_ports counter name udp-allowed accept - counter drop + counter name dropped drop } chain output { |