From 739033c5211ea4611e86f45790f3ae859d303a77 Mon Sep 17 00:00:00 2001 From: Kjetil Orbekk Date: Fri, 4 Sep 2020 15:24:36 -0400 Subject: various fixes --- config/ap.nix | 24 +++++++++++++++++------- config/common.nix | 2 ++ config/desktop.nix | 43 +++++++++++++++++-------------------------- config/users.nix | 2 +- config/yubikey.nix | 20 ++++++++++++++++++++ machines/x1-pincer.nix | 1 + machines/x220-aji.nix | 1 + 7 files changed, 59 insertions(+), 34 deletions(-) diff --git a/config/ap.nix b/config/ap.nix index af98095..18c0c6e 100644 --- a/config/ap.nix +++ b/config/ap.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - wan-dev = "enp0s25"; - lan-dev = "wlp4s0"; + wan-dev = "enp37s0"; + lan-dev = "wlp39s0"; in { networking.networkmanager.enable = lib.mkForce false; @@ -38,8 +38,17 @@ in interface lo ACCEPT; proto icmp icmp-type echo-request ACCEPT; + interface $DEV_WAN { + # RTMP + # proto (tcp udp) dport 1935 ACCEPT; + + # Factorio + proto udp dport 34197 ACCEPT; + } + interface $DEV_LAN @subchain "services" { - proto (tcp udp) dport (ssh domain bootps) ACCEPT; + # 1935 for rtmp testing + proto (tcp udp) dport (ssh domain bootps 1935 4317 5353) ACCEPT; # Chromecast # proto udp dport 32768:61000 ACCEPT; @@ -96,7 +105,6 @@ in services.hostapd = { enable = true; - # driver = "iwlwifi"; ssid = "2c"; wpaPassphrase = "mintchip"; interface = "${lan-dev}"; @@ -109,17 +117,20 @@ in ''; }; + networking.useDHCP = true; networking.dhcpcd = { + enable = true; + denyInterfaces = [ lan-dev ]; extraConfig = '' # debug noipv6rs - denyinterfaces ${lan-dev} interface ${wan-dev} dhcp ipv6rs ia_na 1 ia_pd 1/::/56 ${lan-dev}/0/64 ''; + wait = "background"; }; services.dnsmasq = { @@ -132,7 +143,7 @@ in dhcp-option=option:dns-server,10.64.30.1 dhcp-option=option:netmask,255.255.255.0 - dhcp-range=::,constructor:${lan-dev},slaac + #dhcp-range=::,constructor:${lan-dev},slaac ''; }; @@ -145,7 +156,6 @@ in networking.interfaces.${wan-dev} = { macAddress = "3c:97:0e:19:7e:5c"; - useDHCP = true; }; networking.interfaces."${lan-dev}" = { diff --git a/config/common.nix b/config/common.nix index ee70548..faa4501 100644 --- a/config/common.nix +++ b/config/common.nix @@ -58,4 +58,6 @@ }; boot.cleanTmpDir = true; + + nixpkgs.config.allowUnfree = true; } diff --git a/config/desktop.nix b/config/desktop.nix index 6b26b07..58fbbdd 100644 --- a/config/desktop.nix +++ b/config/desktop.nix @@ -5,42 +5,30 @@ location.latitude = 40.0; location.longitude = -74.0; + sound.enable = true; + hardware = { opengl = { enable = true; driSupport32Bit = true; + extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; }; bluetooth.enable = true; pulseaudio = { enable = true; + support32Bit = true; package = pkgs.pulseaudioFull; zeroconf.discovery.enable = true; zeroconf.publish.enable = true; + tcp.enable = true; + tcp.anonymousClients.allowAll = true; }; }; - console.earlySetup = true; - console.keyMap = "dvorak"; - - boot = { - - loader = { - systemd-boot.enable = true; - # systemd-boot.memtest86.enable = true; - timeout = 0; - efi.canTouchEfiVariables = true; - }; - }; - - networking = { - networkmanager.enable = lib.mkDefault true; - firewall.enable = lib.mkDefault true; - }; - fonts = { enableDefaultFonts = true; - fonts = [ pkgs.fira-code pkgs.dejavu_fonts pkgs.steamPackages.steam-fonts ]; + fonts = with pkgs; [ fira-code dejavu_fonts steamPackages.steam-fonts wqy_microhei ]; }; environment.systemPackages = with pkgs; [ @@ -61,6 +49,11 @@ xss-lock ]; + i18n.inputMethod = { + enabled = "fcitx"; + fcitx.engines = with pkgs.fcitx-engines; [cloudpinyin]; + }; + services = { avahi.enable = true; @@ -70,10 +63,11 @@ enable = true; layout = "us"; # xkbVariant = "dvorak"; + xkbOptions = "caps:ctrl_modifier"; - desktopManager.mate = { - enable = true; - }; + # desktopManager.plasma5 = { + # enable = true; + # }; windowManager.xmonad = { enable = true; @@ -85,10 +79,7 @@ enable = true; }; - synaptics = { - enable = true; - twoFingerScroll = true; - }; + libinput.enable = true; }; redshift = { diff --git a/config/users.nix b/config/users.nix index c1c6cbe..4261ea2 100644 --- a/config/users.nix +++ b/config/users.nix @@ -9,7 +9,7 @@ in { home = "/home/orbekk"; uid = 1000; description = "KJ"; - extraGroups = ["wheel" "networkmanager" "dialout" "uucp" "audio" "plugdev" "lxd" "readonly" "input"]; + extraGroups = ["wheel" "networkmanager" "dialout" "uucp" "audio" "plugdev" "lxd" "readonly" "input" "vboxusers" "video" "sound" "tty" ]; openssh.authorizedKeys.keyFiles = [ ../data/pincer_rsa.pub ../data/yubikey_rsa.pub diff --git a/config/yubikey.nix b/config/yubikey.nix index 3029d90..d10bb57 100644 --- a/config/yubikey.nix +++ b/config/yubikey.nix @@ -17,6 +17,7 @@ in libu2f-host yubikey-personalization ]; + services.gnome3.gnome-keyring.enable = lib.mkForce false; programs.gnupg.agent = { enable = true; @@ -28,4 +29,23 @@ in environment = { systemPackages = yubikey-pkgs; }; + + security.sudo.extraRules = [ + { + groups = [ "wheel" ]; + commands = [ { command = "${pkgs.systemd}/bin/systemctl restart pcscd"; options = [ "NOPASSWD" ]; } ]; + } + ]; + + systemd.user.services.restart-pcscd = { + description = "Redshift colour temperature adjuster"; + wantedBy = [ "graphical-session.target" ]; + partOf = [ "graphical-session.target" ]; + serviceConfig = { + ExecStart = '' + sudo systemctl restart pcscd + ''; + Type = "oneshot"; + }; + }; } diff --git a/machines/x1-pincer.nix b/machines/x1-pincer.nix index 8f887a8..eb037a9 100644 --- a/machines/x1-pincer.nix +++ b/machines/x1-pincer.nix @@ -3,6 +3,7 @@ networking.firewall.allowedTCPPorts = [ ]; # socks proxy imports = [ ../config/desktop.nix + ../config/laptop.nix ../config/yubikey.nix ../config/thinkpad.nix # ../config/ap.nix diff --git a/machines/x220-aji.nix b/machines/x220-aji.nix index 5319d26..eb41e3c 100644 --- a/machines/x220-aji.nix +++ b/machines/x220-aji.nix @@ -2,6 +2,7 @@ { imports = [ ../config/desktop.nix + ../config/laptop.nix ../config/thinkpad.nix ../config/yubikey.nix ../config/postgresql.nix -- cgit v1.2.3