set router wlan channel; add home/{tmpfiles,nix-index.service}
This commit is contained in:
parent
a6edc08515
commit
ae8efef7b0
25
flake.lock
25
flake.lock
|
@ -164,11 +164,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1688951979,
|
||||
"narHash": "sha256-5wGEXjNjlrVhP1tQUsBLjfT64uQ+b+jgc57MK/IvsW8=",
|
||||
"lastModified": 1689556975,
|
||||
"narHash": "sha256-0rft9zKuYa3dDpMywFHUTUl7+fKu7P9u8lsA1esMndA=",
|
||||
"owner": "fufexan",
|
||||
"repo": "nix-gaming",
|
||||
"rev": "0bf7751f831cd2bd17b54805b96f91fadf00aca2",
|
||||
"rev": "779075ec32036efc14fbcaa9a328bba860e964c6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -202,7 +202,9 @@
|
|||
"nixpkgs-22_11": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-23_05": "nixpkgs-23_05",
|
||||
"nixpkgs-23_05": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
|
@ -255,21 +257,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-23_05": {
|
||||
"locked": {
|
||||
"lastModified": 1684782344,
|
||||
"narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-23.05",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"dir": "lib",
|
||||
|
|
|
@ -38,7 +38,10 @@
|
|||
nixos-mailserver = {
|
||||
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
# prevent extra input from being in flake.lock
|
||||
# (this doesn't affect any behavior)
|
||||
inputs.nixpkgs-22_11.follows = "nixpkgs";
|
||||
inputs.nixpkgs-23_05.follows = "nixpkgs";
|
||||
};
|
||||
flake-compat = {
|
||||
url = "github:edolstra/flake-compat";
|
||||
|
|
|
@ -16,6 +16,14 @@
|
|||
s = "sudo -A";
|
||||
se = "sudo -AE";
|
||||
l = "lsd";
|
||||
g = "git";
|
||||
gp = "git push";
|
||||
gpuo = "git push -u origin";
|
||||
gr = "git rebase";
|
||||
gri = "git rebase -i";
|
||||
gc = "git commit";
|
||||
gca = "git commit --amend";
|
||||
gm = "git merge";
|
||||
};
|
||||
|
||||
programs = {
|
||||
|
@ -90,7 +98,9 @@
|
|||
package = pkgs.gitAndTools.gitFull;
|
||||
delta.enable = true;
|
||||
extraConfig = {
|
||||
# disable the atrocious gui password prompt
|
||||
core.askPass = "";
|
||||
# ...and prefer getting passwords from libsecret (and storing them there)
|
||||
credential.helper = "${pkgs.gitAndTools.gitFull}/bin/git-credential-libsecret";
|
||||
init.defaultBranch = "master";
|
||||
};
|
||||
|
@ -130,16 +140,156 @@
|
|||
mutableKeys = true;
|
||||
mutableTrust = true;
|
||||
};
|
||||
nix-index.enable = true;
|
||||
readline = {
|
||||
enable = true;
|
||||
variables.editing-mode = "vi";
|
||||
};
|
||||
nix-index = {
|
||||
enable = true;
|
||||
# don't add pkgs.nix to PATH
|
||||
# use the nix that's already in PATH
|
||||
# (because I use nix plugins and plugins are nix version-specific)
|
||||
package = pkgs.nix-index-unwrapped;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.user.timers.nix-index = {
|
||||
Install.WantedBy = [ "timers.target" ];
|
||||
Unit = {
|
||||
Description = "Update nix-index";
|
||||
PartOf = [ "nix-index.service" ];
|
||||
};
|
||||
Timer = {
|
||||
OnCalendar = "Mon *-*-* 00:00:00";
|
||||
RandomizedDelaySec = 600;
|
||||
Persistent = true;
|
||||
};
|
||||
};
|
||||
systemd.user.services.nix-index = {
|
||||
Unit.Description = "Update nix-index";
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${config.programs.nix-index.package}/bin/nix-index";
|
||||
Environment = [ "PATH=/home/${config.home.username}/.nix-profile/bin:/etc/profiles/per-user/${config.home.username}/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" ];
|
||||
TimeoutStartSec = 1800;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.user.tmpfiles.rules = builtins.map (file: "r! \"/home/${config.home.username}/${file}\"") [
|
||||
".local/share/clipman.json"
|
||||
".local/state/lesshst" # I don't need less search history to persist across boots...
|
||||
".Xauthority"
|
||||
".sqlite_history"
|
||||
".local/share/krunnerstaterc"
|
||||
".local/share/user-places.xbel.bak"
|
||||
".local/share/user-places.xbel.tbcache"
|
||||
".config/mimeapps.list"
|
||||
".config/ncmpcpp/error.log"
|
||||
".config/mozc/.server.lock"
|
||||
".config/mozc/.session.ipc"
|
||||
".config/mozc/.registry.db" # usage stats (seemingly disabled on my machine)
|
||||
".config/looking-glass/imgui.ini"
|
||||
".config/QtProject.conf"
|
||||
".steampid"
|
||||
".steampath"
|
||||
".config/.xash_id"
|
||||
".config/proton.conf"
|
||||
".local/state/nvim/lsp.log" # this is never cleared...
|
||||
".config/pavucontrol.ini"
|
||||
] ++ builtins.map (dir: "e! \"/home/${config.home.username}/${dir}/\" - - - 60d") [
|
||||
".cache"
|
||||
".local/share/qalculate"
|
||||
".local/share/nvfetcher"
|
||||
".gradle"
|
||||
".openjfx"
|
||||
".mono"
|
||||
".local/share/Trash"
|
||||
".config/wireshark"
|
||||
".config/qt5ct"
|
||||
".config/procps"
|
||||
".config/neofetch"
|
||||
".config/matplotlib"
|
||||
".local/share/arti"
|
||||
# I use this dir as dumping grounds for random stuff
|
||||
"tmp"
|
||||
# games stuff
|
||||
".local/share/vulkan"
|
||||
".steam"
|
||||
".paradoxlauncher"
|
||||
".local/share/StardewValley" # only logs here
|
||||
".local/share/GOG.com"
|
||||
".local/share/Paradox Interactive/launcher-v2"
|
||||
# faf
|
||||
".com.faforever.client.FafClientApplication"
|
||||
".org.testfx.toolkit.PrimaryStageApplication"
|
||||
".faforever/logs"
|
||||
# whatever this is (has a single file named cookie)
|
||||
".config/pulse"
|
||||
# Nextcloud logs
|
||||
".config/Nextcloud/logs"
|
||||
".local/share/Nextcloud"
|
||||
# this might seem useful, but it's only for temporary dbus files actually
|
||||
".config/fcitx"
|
||||
".config/ibus"
|
||||
# fcitx themes (come on would I ever theme something non-declaratively)
|
||||
".local/share/fcitx5"
|
||||
# RGB tooling that I barely use
|
||||
".config/OpenRGB"
|
||||
".config/ario"
|
||||
# I don't use Firefox, I use Librewolf
|
||||
".mozilla"
|
||||
# dev stuff
|
||||
".local/share/tvix"
|
||||
".cargo"
|
||||
".npm"
|
||||
# just when I thought ~ pollution couldn't get worse...
|
||||
"go"
|
||||
# android studio and related
|
||||
".local/share/android"
|
||||
".local/share/Google"
|
||||
".java"
|
||||
".local/share/Sentry"
|
||||
".android/cache"
|
||||
".m2"
|
||||
# chromium
|
||||
".config/chromium"
|
||||
".config/cef_user_data"
|
||||
".pki"
|
||||
# a lib used by glow
|
||||
".local/share/charm"
|
||||
# I barely use FreeCAD, don't need its files
|
||||
".config/FreeCAD"
|
||||
".local/share/FreeCAD"
|
||||
# some useless gui config
|
||||
".config/gtk-2.0"
|
||||
".config/gtk-3.0"
|
||||
".config/kde.org"
|
||||
# QtWebEngine cache
|
||||
".local/share/Anki"
|
||||
# kde connect contacts
|
||||
".local/share/kpeoplevcard"
|
||||
# repl history
|
||||
".local/share/nix"
|
||||
# iwctl history
|
||||
".local/share/iwctl"
|
||||
# non-home-manager-managed files
|
||||
".local/share/applications"
|
||||
".local/share/icons"
|
||||
".local/share/mime"
|
||||
".config/autostart"
|
||||
# logs
|
||||
".local/share/xorg"
|
||||
# if I forgot it, it probably wasn't important
|
||||
"Downloads"
|
||||
] ++ builtins.map (dir: "x \"/home/${config.home.username}/${dir}/\"") [
|
||||
# WHY DOES THIS KEEP PART OF THE CONFIG
|
||||
".cache/keepassxc"
|
||||
];
|
||||
|
||||
home.packages = with pkgs; [
|
||||
rclone sshfs fuse
|
||||
file jq python3Full killall
|
||||
appimage-run comma nix-output-monitor
|
||||
unzip p7zip unrar-wrapper
|
||||
];
|
||||
}
|
||||
|
|
|
@ -265,6 +265,8 @@ in rec {
|
|||
COMMON_CLK_MEDIATEK_FHCTL = yes;
|
||||
COMMON_CLK_MT7986 = yes;
|
||||
COMMON_CLK_MT7986_ETHSYS = yes;
|
||||
CPU_THERMAL = yes;
|
||||
THERMAL_OF = yes;
|
||||
EINT_MTK = yes;
|
||||
MEDIATEK_GE_PHY = yes;
|
||||
MEDIATEK_WATCHDOG = yes;
|
||||
|
|
|
@ -282,8 +282,8 @@ in {
|
|||
hostapd.settings = {
|
||||
inherit (cfg) ssid;
|
||||
hw_mode = "g";
|
||||
channel = 1;
|
||||
chanlist = [ 1 ];
|
||||
channel = 3;
|
||||
chanlist = [ 3 ];
|
||||
supported_rates = [ 60 90 120 180 240 360 480 540 ];
|
||||
basic_rates = [ 60 120 240 ];
|
||||
ht_capab = "[LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-7935]";
|
||||
|
@ -297,8 +297,8 @@ in {
|
|||
ssid = "${cfg.ssid}_5G";
|
||||
ieee80211h = true;
|
||||
hw_mode = "a";
|
||||
channel = 36;
|
||||
chanlist = [ 36 ];
|
||||
channel = 60;
|
||||
chanlist = [ 60 ];
|
||||
tx_queue_data2_burst = 2;
|
||||
ht_capab = "[HT40+][LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-7935]";
|
||||
vht_oper_chwidth = 1; # 80mhz ch width
|
||||
|
@ -344,7 +344,20 @@ in {
|
|||
];
|
||||
systemdLinkLinkConfig.MACAddressPolicy = "none";
|
||||
systemdLinkLinkConfig.MACAddress = cfg.routerMac;
|
||||
dhcpcd.enable = true;
|
||||
dhcpcd = {
|
||||
enable = true;
|
||||
# technically this should be assigned to br0 instead of veth-wan-b
|
||||
# however, br0 is in a different namespace!
|
||||
# Considering this doesn't work at all because my ISP doesn't offer IPv6,
|
||||
# I'd say this is "good enough" since it might still work in the wan
|
||||
# namespace, though I can't test it.
|
||||
extraConfig = ''
|
||||
interface wan
|
||||
ipv6rs
|
||||
ia_na 0
|
||||
ia_pd 1 veth-wan-b/0
|
||||
'';
|
||||
};
|
||||
networkNamespace = "wan";
|
||||
};
|
||||
# disable default firewall as it uses iptables
|
||||
|
@ -465,8 +478,9 @@ in {
|
|||
allow_iot4 = add set { type = f: f.ipv4_addr; flags = f: with f; [ interval ]; };
|
||||
allow_iot6 = add set { type = f: f.ipv6_addr; flags = f: with f; [ interval ]; };
|
||||
|
||||
# TODO: is type=route hook=output better? it might help get rid of the routing inconsistency
|
||||
# between router-originated and forwarded traffic
|
||||
# TODO: is type=route hook=output better? It might help get rid of the routing inconsistency
|
||||
# between router-originated and forwarded traffic. The problem is type=route is only supported
|
||||
# for family=inet, so I don't care enough to test it right now.
|
||||
prerouting = add chain { type = f: f.filter; hook = f: f.prerouting; prio = f: f.filter; policy = f: f.accept; } ([
|
||||
[(mangle meta.mark ct.mark)]
|
||||
[(is.ne meta.mark 0) accept]
|
||||
|
|
Loading…
Reference in a new issue