set router wlan channel; add home/{tmpfiles,nix-index.service}

This commit is contained in:
chayleaf 2023-07-21 01:51:34 +07:00
parent a6edc08515
commit ae8efef7b0
6 changed files with 195 additions and 39 deletions

View file

@ -164,11 +164,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1688951979, "lastModified": 1689556975,
"narHash": "sha256-5wGEXjNjlrVhP1tQUsBLjfT64uQ+b+jgc57MK/IvsW8=", "narHash": "sha256-0rft9zKuYa3dDpMywFHUTUl7+fKu7P9u8lsA1esMndA=",
"owner": "fufexan", "owner": "fufexan",
"repo": "nix-gaming", "repo": "nix-gaming",
"rev": "0bf7751f831cd2bd17b54805b96f91fadf00aca2", "rev": "779075ec32036efc14fbcaa9a328bba860e964c6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -202,7 +202,9 @@
"nixpkgs-22_11": [ "nixpkgs-22_11": [
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-23_05": "nixpkgs-23_05", "nixpkgs-23_05": [
"nixpkgs"
],
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
@ -255,21 +257,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-23_05": {
"locked": {
"lastModified": 1684782344,
"narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.05",
"type": "indirect"
}
},
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"dir": "lib", "dir": "lib",

View file

@ -38,7 +38,10 @@
nixos-mailserver = { nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
# prevent extra input from being in flake.lock
# (this doesn't affect any behavior)
inputs.nixpkgs-22_11.follows = "nixpkgs"; inputs.nixpkgs-22_11.follows = "nixpkgs";
inputs.nixpkgs-23_05.follows = "nixpkgs";
}; };
flake-compat = { flake-compat = {
url = "github:edolstra/flake-compat"; url = "github:edolstra/flake-compat";

View file

@ -16,6 +16,14 @@
s = "sudo -A"; s = "sudo -A";
se = "sudo -AE"; se = "sudo -AE";
l = "lsd"; l = "lsd";
g = "git";
gp = "git push";
gpuo = "git push -u origin";
gr = "git rebase";
gri = "git rebase -i";
gc = "git commit";
gca = "git commit --amend";
gm = "git merge";
}; };
programs = { programs = {
@ -90,7 +98,9 @@
package = pkgs.gitAndTools.gitFull; package = pkgs.gitAndTools.gitFull;
delta.enable = true; delta.enable = true;
extraConfig = { extraConfig = {
# disable the atrocious gui password prompt
core.askPass = ""; core.askPass = "";
# ...and prefer getting passwords from libsecret (and storing them there)
credential.helper = "${pkgs.gitAndTools.gitFull}/bin/git-credential-libsecret"; credential.helper = "${pkgs.gitAndTools.gitFull}/bin/git-credential-libsecret";
init.defaultBranch = "master"; init.defaultBranch = "master";
}; };
@ -130,16 +140,156 @@
mutableKeys = true; mutableKeys = true;
mutableTrust = true; mutableTrust = true;
}; };
nix-index.enable = true;
readline = { readline = {
enable = true; enable = true;
variables.editing-mode = "vi"; variables.editing-mode = "vi";
}; };
nix-index = {
enable = true;
# don't add pkgs.nix to PATH
# use the nix that's already in PATH
# (because I use nix plugins and plugins are nix version-specific)
package = pkgs.nix-index-unwrapped;
}; };
};
systemd.user.timers.nix-index = {
Install.WantedBy = [ "timers.target" ];
Unit = {
Description = "Update nix-index";
PartOf = [ "nix-index.service" ];
};
Timer = {
OnCalendar = "Mon *-*-* 00:00:00";
RandomizedDelaySec = 600;
Persistent = true;
};
};
systemd.user.services.nix-index = {
Unit.Description = "Update nix-index";
Service = {
Type = "oneshot";
ExecStart = "${config.programs.nix-index.package}/bin/nix-index";
Environment = [ "PATH=/home/${config.home.username}/.nix-profile/bin:/etc/profiles/per-user/${config.home.username}/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" ];
TimeoutStartSec = 1800;
};
};
systemd.user.tmpfiles.rules = builtins.map (file: "r! \"/home/${config.home.username}/${file}\"") [
".local/share/clipman.json"
".local/state/lesshst" # I don't need less search history to persist across boots...
".Xauthority"
".sqlite_history"
".local/share/krunnerstaterc"
".local/share/user-places.xbel.bak"
".local/share/user-places.xbel.tbcache"
".config/mimeapps.list"
".config/ncmpcpp/error.log"
".config/mozc/.server.lock"
".config/mozc/.session.ipc"
".config/mozc/.registry.db" # usage stats (seemingly disabled on my machine)
".config/looking-glass/imgui.ini"
".config/QtProject.conf"
".steampid"
".steampath"
".config/.xash_id"
".config/proton.conf"
".local/state/nvim/lsp.log" # this is never cleared...
".config/pavucontrol.ini"
] ++ builtins.map (dir: "e! \"/home/${config.home.username}/${dir}/\" - - - 60d") [
".cache"
".local/share/qalculate"
".local/share/nvfetcher"
".gradle"
".openjfx"
".mono"
".local/share/Trash"
".config/wireshark"
".config/qt5ct"
".config/procps"
".config/neofetch"
".config/matplotlib"
".local/share/arti"
# I use this dir as dumping grounds for random stuff
"tmp"
# games stuff
".local/share/vulkan"
".steam"
".paradoxlauncher"
".local/share/StardewValley" # only logs here
".local/share/GOG.com"
".local/share/Paradox Interactive/launcher-v2"
# faf
".com.faforever.client.FafClientApplication"
".org.testfx.toolkit.PrimaryStageApplication"
".faforever/logs"
# whatever this is (has a single file named cookie)
".config/pulse"
# Nextcloud logs
".config/Nextcloud/logs"
".local/share/Nextcloud"
# this might seem useful, but it's only for temporary dbus files actually
".config/fcitx"
".config/ibus"
# fcitx themes (come on would I ever theme something non-declaratively)
".local/share/fcitx5"
# RGB tooling that I barely use
".config/OpenRGB"
".config/ario"
# I don't use Firefox, I use Librewolf
".mozilla"
# dev stuff
".local/share/tvix"
".cargo"
".npm"
# just when I thought ~ pollution couldn't get worse...
"go"
# android studio and related
".local/share/android"
".local/share/Google"
".java"
".local/share/Sentry"
".android/cache"
".m2"
# chromium
".config/chromium"
".config/cef_user_data"
".pki"
# a lib used by glow
".local/share/charm"
# I barely use FreeCAD, don't need its files
".config/FreeCAD"
".local/share/FreeCAD"
# some useless gui config
".config/gtk-2.0"
".config/gtk-3.0"
".config/kde.org"
# QtWebEngine cache
".local/share/Anki"
# kde connect contacts
".local/share/kpeoplevcard"
# repl history
".local/share/nix"
# iwctl history
".local/share/iwctl"
# non-home-manager-managed files
".local/share/applications"
".local/share/icons"
".local/share/mime"
".config/autostart"
# logs
".local/share/xorg"
# if I forgot it, it probably wasn't important
"Downloads"
] ++ builtins.map (dir: "x \"/home/${config.home.username}/${dir}/\"") [
# WHY DOES THIS KEEP PART OF THE CONFIG
".cache/keepassxc"
];
home.packages = with pkgs; [ home.packages = with pkgs; [
rclone sshfs fuse rclone sshfs fuse
file jq python3Full killall file jq python3Full killall
appimage-run comma nix-output-monitor appimage-run comma nix-output-monitor
unzip p7zip unrar-wrapper
]; ];
} }

View file

@ -265,6 +265,8 @@ in rec {
COMMON_CLK_MEDIATEK_FHCTL = yes; COMMON_CLK_MEDIATEK_FHCTL = yes;
COMMON_CLK_MT7986 = yes; COMMON_CLK_MT7986 = yes;
COMMON_CLK_MT7986_ETHSYS = yes; COMMON_CLK_MT7986_ETHSYS = yes;
CPU_THERMAL = yes;
THERMAL_OF = yes;
EINT_MTK = yes; EINT_MTK = yes;
MEDIATEK_GE_PHY = yes; MEDIATEK_GE_PHY = yes;
MEDIATEK_WATCHDOG = yes; MEDIATEK_WATCHDOG = yes;

View file

@ -282,8 +282,8 @@ in {
hostapd.settings = { hostapd.settings = {
inherit (cfg) ssid; inherit (cfg) ssid;
hw_mode = "g"; hw_mode = "g";
channel = 1; channel = 3;
chanlist = [ 1 ]; chanlist = [ 3 ];
supported_rates = [ 60 90 120 180 240 360 480 540 ]; supported_rates = [ 60 90 120 180 240 360 480 540 ];
basic_rates = [ 60 120 240 ]; basic_rates = [ 60 120 240 ];
ht_capab = "[LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-7935]"; ht_capab = "[LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-7935]";
@ -297,8 +297,8 @@ in {
ssid = "${cfg.ssid}_5G"; ssid = "${cfg.ssid}_5G";
ieee80211h = true; ieee80211h = true;
hw_mode = "a"; hw_mode = "a";
channel = 36; channel = 60;
chanlist = [ 36 ]; chanlist = [ 60 ];
tx_queue_data2_burst = 2; tx_queue_data2_burst = 2;
ht_capab = "[HT40+][LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-7935]"; ht_capab = "[HT40+][LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-7935]";
vht_oper_chwidth = 1; # 80mhz ch width vht_oper_chwidth = 1; # 80mhz ch width
@ -344,7 +344,20 @@ in {
]; ];
systemdLinkLinkConfig.MACAddressPolicy = "none"; systemdLinkLinkConfig.MACAddressPolicy = "none";
systemdLinkLinkConfig.MACAddress = cfg.routerMac; systemdLinkLinkConfig.MACAddress = cfg.routerMac;
dhcpcd.enable = true; dhcpcd = {
enable = true;
# technically this should be assigned to br0 instead of veth-wan-b
# however, br0 is in a different namespace!
# Considering this doesn't work at all because my ISP doesn't offer IPv6,
# I'd say this is "good enough" since it might still work in the wan
# namespace, though I can't test it.
extraConfig = ''
interface wan
ipv6rs
ia_na 0
ia_pd 1 veth-wan-b/0
'';
};
networkNamespace = "wan"; networkNamespace = "wan";
}; };
# disable default firewall as it uses iptables # disable default firewall as it uses iptables
@ -465,8 +478,9 @@ in {
allow_iot4 = add set { type = f: f.ipv4_addr; flags = f: with f; [ interval ]; }; allow_iot4 = add set { type = f: f.ipv4_addr; flags = f: with f; [ interval ]; };
allow_iot6 = add set { type = f: f.ipv6_addr; flags = f: with f; [ interval ]; }; allow_iot6 = add set { type = f: f.ipv6_addr; flags = f: with f; [ interval ]; };
# TODO: is type=route hook=output better? it might help get rid of the routing inconsistency # TODO: is type=route hook=output better? It might help get rid of the routing inconsistency
# between router-originated and forwarded traffic # between router-originated and forwarded traffic. The problem is type=route is only supported
# for family=inet, so I don't care enough to test it right now.
prerouting = add chain { type = f: f.filter; hook = f: f.prerouting; prio = f: f.filter; policy = f: f.accept; } ([ prerouting = add chain { type = f: f.filter; hook = f: f.prerouting; prio = f: f.filter; policy = f: f.accept; } ([
[(mangle meta.mark ct.mark)] [(mangle meta.mark ct.mark)]
[(is.ne meta.mark 0) accept] [(is.ne meta.mark 0) accept]