set router wlan channel; add home/{tmpfiles,nix-index.service}

2023-07-21 01:51:34 +07:00 · 2023-07-21 01:51:34 +07:00 · ae8efef7b0
parent a6edc08515
commit ae8efef7b0
6 changed files with 195 additions and 39 deletions
--- a/flake.lock
+++ b/flake.lock
@ -164,11 +164,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1688951979,
-        "narHash": "sha256-5wGEXjNjlrVhP1tQUsBLjfT64uQ+b+jgc57MK/IvsW8=",
+        "lastModified": 1689556975,
+        "narHash": "sha256-0rft9zKuYa3dDpMywFHUTUl7+fKu7P9u8lsA1esMndA=",
        "owner": "fufexan",
        "repo": "nix-gaming",
-        "rev": "0bf7751f831cd2bd17b54805b96f91fadf00aca2",
+        "rev": "779075ec32036efc14fbcaa9a328bba860e964c6",
        "type": "github"
      },
      "original": {
@ -202,7 +202,9 @@
        "nixpkgs-22_11": [
          "nixpkgs"
        ],
-        "nixpkgs-23_05": "nixpkgs-23_05",
+        "nixpkgs-23_05": [
+          "nixpkgs"
+        ],
        "utils": "utils"
      },
      "locked": {
@ -255,21 +257,6 @@
        "type": "github"
      }
    },
-    "nixpkgs-23_05": {
-      "locked": {
-        "lastModified": 1684782344,
-        "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
-        "type": "github"
-      },
-      "original": {
-        "id": "nixpkgs",
-        "ref": "nixos-23.05",
-        "type": "indirect"
-      }
-    },
    "nixpkgs-lib": {
      "locked": {
        "dir": "lib",
--- a/flake.nix
+++ b/flake.nix
@ -38,7 +38,10 @@
    nixos-mailserver = {
      url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
      inputs.nixpkgs.follows = "nixpkgs";
+      # prevent extra input from being in flake.lock
+      # (this doesn't affect any behavior)
      inputs.nixpkgs-22_11.follows = "nixpkgs";
+      inputs.nixpkgs-23_05.follows = "nixpkgs";
    };
    flake-compat = {
      url = "github:edolstra/flake-compat";
--- a/home/common/general.nix
+++ b/home/common/general.nix
@ -16,6 +16,14 @@
    s = "sudo -A";
    se = "sudo -AE";
    l = "lsd";
+    g = "git";
+    gp = "git push";
+    gpuo = "git push -u origin";
+    gr = "git rebase";
+    gri = "git rebase -i";
+    gc = "git commit";
+    gca = "git commit --amend";
+    gm = "git merge";
  };

  programs = {
@ -90,7 +98,9 @@
      package = pkgs.gitAndTools.gitFull;
      delta.enable = true;
      extraConfig = {
+        # disable the atrocious gui password prompt
        core.askPass = "";
+        # ...and prefer getting passwords from libsecret (and storing them there)
        credential.helper = "${pkgs.gitAndTools.gitFull}/bin/git-credential-libsecret";
        init.defaultBranch = "master";
      };
@ -130,16 +140,156 @@
      mutableKeys = true;
      mutableTrust = true;
    };
-    nix-index.enable = true;
    readline = {
      enable = true;
      variables.editing-mode = "vi";
    };
+    nix-index = {
+      enable = true;
+      # don't add pkgs.nix to PATH
+      # use the nix that's already in PATH
+      # (because I use nix plugins and plugins are nix version-specific)
+      package = pkgs.nix-index-unwrapped;
    };
+  };
+
+  systemd.user.timers.nix-index = {
+    Install.WantedBy = [ "timers.target" ];
+    Unit = {
+      Description = "Update nix-index";
+      PartOf = [ "nix-index.service" ];
+    };
+    Timer = {
+      OnCalendar = "Mon *-*-* 00:00:00";
+      RandomizedDelaySec = 600;
+      Persistent = true;
+    };
+  };
+  systemd.user.services.nix-index = {
+    Unit.Description = "Update nix-index";
+    Service = {
+      Type = "oneshot";
+      ExecStart = "${config.programs.nix-index.package}/bin/nix-index";
+      Environment = [ "PATH=/home/${config.home.username}/.nix-profile/bin:/etc/profiles/per-user/${config.home.username}/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" ];
+      TimeoutStartSec = 1800;
+    };
+  };
+
+  systemd.user.tmpfiles.rules = builtins.map (file: "r!  \"/home/${config.home.username}/${file}\"") [
+    ".local/share/clipman.json"
+    ".local/state/lesshst" # I don't need less search history to persist across boots...
+    ".Xauthority"
+    ".sqlite_history"
+    ".local/share/krunnerstaterc"
+    ".local/share/user-places.xbel.bak"
+    ".local/share/user-places.xbel.tbcache"
+    ".config/mimeapps.list"
+    ".config/ncmpcpp/error.log"
+    ".config/mozc/.server.lock"
+    ".config/mozc/.session.ipc"
+    ".config/mozc/.registry.db" # usage stats (seemingly disabled on my machine)
+    ".config/looking-glass/imgui.ini"
+    ".config/QtProject.conf"
+    ".steampid"
+    ".steampath"
+    ".config/.xash_id"
+    ".config/proton.conf"
+    ".local/state/nvim/lsp.log" # this is never cleared...
+    ".config/pavucontrol.ini"
+  ] ++ builtins.map (dir: "e!  \"/home/${config.home.username}/${dir}/\" - - - 60d") [
+    ".cache"
+    ".local/share/qalculate"
+    ".local/share/nvfetcher"
+    ".gradle"
+    ".openjfx"
+    ".mono"
+    ".local/share/Trash"
+    ".config/wireshark"
+    ".config/qt5ct"
+    ".config/procps"
+    ".config/neofetch"
+    ".config/matplotlib"
+    ".local/share/arti"
+    # I use this dir as dumping grounds for random stuff
+    "tmp"
+    # games stuff
+    ".local/share/vulkan"
+    ".steam"
+    ".paradoxlauncher"
+    ".local/share/StardewValley" # only logs here
+    ".local/share/GOG.com"
+    ".local/share/Paradox Interactive/launcher-v2"
+    # faf
+    ".com.faforever.client.FafClientApplication"
+    ".org.testfx.toolkit.PrimaryStageApplication"
+    ".faforever/logs"
+    # whatever this is (has a single file named cookie)
+    ".config/pulse"
+    # Nextcloud logs
+    ".config/Nextcloud/logs"
+    ".local/share/Nextcloud"
+    # this might seem useful, but it's only for temporary dbus files actually
+    ".config/fcitx"
+    ".config/ibus"
+    # fcitx themes (come on would I ever theme something non-declaratively)
+    ".local/share/fcitx5"
+    # RGB tooling that I barely use
+    ".config/OpenRGB"
+    ".config/ario"
+    # I don't use Firefox, I use Librewolf
+    ".mozilla"
+    # dev stuff
+    ".local/share/tvix"
+    ".cargo"
+    ".npm"
+    # just when I thought ~ pollution couldn't get worse...
+    "go"
+    # android studio and related
+    ".local/share/android"
+    ".local/share/Google"
+    ".java"
+    ".local/share/Sentry"
+    ".android/cache"
+    ".m2"
+    # chromium
+    ".config/chromium"
+    ".config/cef_user_data"
+    ".pki"
+    # a lib used by glow
+    ".local/share/charm"
+    # I barely use FreeCAD, don't need its files
+    ".config/FreeCAD"
+    ".local/share/FreeCAD"
+    # some useless gui config
+    ".config/gtk-2.0"
+    ".config/gtk-3.0"
+    ".config/kde.org"
+    # QtWebEngine cache
+    ".local/share/Anki"
+    # kde connect contacts
+    ".local/share/kpeoplevcard"
+    # repl history
+    ".local/share/nix"
+    # iwctl history
+    ".local/share/iwctl"
+    # non-home-manager-managed files
+    ".local/share/applications"
+    ".local/share/icons"
+    ".local/share/mime"
+    ".config/autostart"
+    # logs
+    ".local/share/xorg"
+    # if I forgot it, it probably wasn't important
+    "Downloads"
+  ] ++ builtins.map (dir: "x  \"/home/${config.home.username}/${dir}/\"") [
+    # WHY DOES THIS KEEP PART OF THE CONFIG
+    ".cache/keepassxc"
+  ];

  home.packages = with pkgs; [
    rclone sshfs fuse
    file jq python3Full killall
    appimage-run comma nix-output-monitor
+    unzip p7zip unrar-wrapper
  ];
 }
--- a/system/hardware/bpi-r3/pkgs.nix
+++ b/system/hardware/bpi-r3/pkgs.nix
@ -265,6 +265,8 @@ in rec {
      COMMON_CLK_MEDIATEK_FHCTL = yes;
      COMMON_CLK_MT7986 = yes;
      COMMON_CLK_MT7986_ETHSYS = yes;
+      CPU_THERMAL = yes;
+      THERMAL_OF = yes;
      EINT_MTK = yes;
      MEDIATEK_GE_PHY = yes;
      MEDIATEK_WATCHDOG = yes;
--- a/system/hosts/router/default.nix
+++ b/system/hosts/router/default.nix
@ -282,8 +282,8 @@ in {
    hostapd.settings = {
      inherit (cfg) ssid;
      hw_mode = "g";
-      channel = 1;
-      chanlist = [ 1 ];
+      channel = 3;
+      chanlist = [ 3 ];
      supported_rates = [ 60 90 120 180 240 360 480 540 ];
      basic_rates = [ 60 120 240 ];
      ht_capab = "[LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-7935]";
@ -297,8 +297,8 @@ in {
      ssid = "${cfg.ssid}_5G";
      ieee80211h = true;
      hw_mode = "a";
-      channel = 36;
-      chanlist = [ 36 ];
+      channel = 60;
+      chanlist = [ 60 ];
      tx_queue_data2_burst = 2;
      ht_capab = "[HT40+][LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-7935]";
      vht_oper_chwidth = 1; # 80mhz ch width
@ -344,7 +344,20 @@ in {
    ];
    systemdLinkLinkConfig.MACAddressPolicy = "none";
    systemdLinkLinkConfig.MACAddress = cfg.routerMac;
-    dhcpcd.enable = true;
+    dhcpcd = {
+      enable = true;
+      # technically this should be assigned to br0 instead of veth-wan-b
+      # however, br0 is in a different namespace!
+      # Considering this doesn't work at all because my ISP doesn't offer IPv6,
+      # I'd say this is "good enough" since it might still work in the wan
+      # namespace, though I can't test it.
+      extraConfig = ''
+        interface wan
+          ipv6rs
+          ia_na 0
+          ia_pd 1 veth-wan-b/0
+      '';
+    };
    networkNamespace = "wan";
  };
  # disable default firewall as it uses iptables
@ -465,8 +478,9 @@ in {
        allow_iot4 = add set { type = f: f.ipv4_addr; flags = f: with f; [ interval ]; };
        allow_iot6 = add set { type = f: f.ipv6_addr; flags = f: with f; [ interval ]; };

-        # TODO: is type=route hook=output better? it might help get rid of the routing inconsistency
-        # between router-originated and forwarded traffic
+        # TODO: is type=route hook=output better? It might help get rid of the routing inconsistency
+        # between router-originated and forwarded traffic. The problem is type=route is only supported
+        # for family=inet, so I don't care enough to test it right now.
        prerouting = add chain { type = f: f.filter; hook = f: f.prerouting; prio = f: f.filter; policy = f: f.accept; } ([
          [(mangle meta.mark ct.mark)]
          [(is.ne meta.mark 0) accept]