diff options
-rw-r--r-- | accounts/gkleen@sif/default.nix | 3 | ||||
-rw-r--r-- | hosts/sif/default.nix | 110 | ||||
-rw-r--r-- | modules/ibus.nix | 79 | ||||
-rw-r--r-- | modules/network-interfaces-systemd.nix | 6 | ||||
-rw-r--r-- | modules/yggdrasil-wg/default.nix | 32 |
5 files changed, 67 insertions, 163 deletions
diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix index 05cfc2c8..5b463f12 100644 --- a/accounts/gkleen@sif/default.nix +++ b/accounts/gkleen@sif/default.nix | |||
@@ -83,9 +83,8 @@ in { | |||
83 | ]; | 83 | ]; |
84 | 84 | ||
85 | config = { | 85 | config = { |
86 | services.displayManager.defaultSession = "none+xmonad"; | ||
86 | services.xserver = { | 87 | services.xserver = { |
87 | displayManager.defaultSession = "none+xmonad"; | ||
88 | |||
89 | windowManager.session = [{ | 88 | windowManager.session = [{ |
90 | name = "xmonad"; | 89 | name = "xmonad"; |
91 | start = '' | 90 | start = '' |
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index 96cd66cc..610d990d 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix | |||
@@ -187,12 +187,10 @@ in { | |||
187 | # FirewallMark = 1; | 187 | # FirewallMark = 1; |
188 | }; | 188 | }; |
189 | wireguardPeers = [ | 189 | wireguardPeers = [ |
190 | { wireguardPeerConfig = { | 190 | { AllowedIPs = [ "10.200.116.1/32" "10.163.88.40/32" ] ++ mwnSubnetsPrivate ++ mwnSubnetsPublic; |
191 | AllowedIPs = [ "10.200.116.1/32" "10.163.88.40/32" ] ++ mwnSubnetsPrivate ++ mwnSubnetsPublic; | 191 | PublicKey = "YlRFLc+rD2k2KXl7pIJbOKbcPgdJCl8ZTsv0xlK4VEI="; |
192 | PublicKey = "YlRFLc+rD2k2KXl7pIJbOKbcPgdJCl8ZTsv0xlK4VEI="; | 192 | PersistentKeepalive = 25; |
193 | PersistentKeepalive = 25; | 193 | Endpoint = "wg.math.lmu.de:51820"; |
194 | Endpoint = "wg.math.lmu.de:51820"; | ||
195 | }; | ||
196 | } | 194 | } |
197 | ]; | 195 | ]; |
198 | }; | 196 | }; |
@@ -211,43 +209,34 @@ in { | |||
211 | Name = "wgrz"; | 209 | Name = "wgrz"; |
212 | }; | 210 | }; |
213 | address = ["10.200.116.128/24"]; | 211 | address = ["10.200.116.128/24"]; |
214 | routes = map (Destination: { routeConfig = { | 212 | routes = map (Destination: { |
215 | inherit Destination; | 213 | inherit Destination; |
216 | Gateway = "10.200.116.1"; | 214 | Gateway = "10.200.116.1"; |
217 | GatewayOnLink = true; | 215 | GatewayOnLink = true; |
218 | Table = "wgrz"; | 216 | Table = "wgrz"; |
219 | };}) (mwnSubnetsPrivate ++ mwnSubnetsPublic ++ ["10.163.88.40/32"]); | 217 | }) (mwnSubnetsPrivate ++ mwnSubnetsPublic ++ ["10.163.88.40/32"]); |
220 | routingPolicyRules = [ | 218 | routingPolicyRules = [ |
221 | { routingPolicyRuleConfig = { | 219 | { Table = "main"; |
222 | Table = "main"; | 220 | # FirewallMark = 1; |
223 | # FirewallMark = 1; | 221 | To = "129.187.111.225"; |
224 | To = "129.187.111.225"; | 222 | Priority = 100; |
225 | Priority = 100; | ||
226 | }; | ||
227 | } | 223 | } |
228 | { routingPolicyRuleConfig = { | 224 | { Table = "main"; |
229 | Table = "main"; | 225 | To = "10.153.91.204"; |
230 | To = "10.153.91.204"; | 226 | Priority = 100; |
231 | Priority = 100; | ||
232 | }; | ||
233 | } | 227 | } |
234 | { routingPolicyRuleConfig = { | 228 | { Table = "wgrz"; |
235 | Table = "wgrz"; | 229 | From = "10.200.116.128"; |
236 | From = "10.200.116.128"; | 230 | Priority = 200; |
237 | Priority = 200; | ||
238 | }; | ||
239 | } | 231 | } |
240 | { routingPolicyRuleConfig = { | 232 | { Table = "wgrz"; |
241 | Table = "wgrz"; | 233 | To = "10.163.88.40"; |
242 | To = "10.163.88.40"; | 234 | Priority = 200; |
243 | Priority = 200; | ||
244 | }; | ||
245 | } | 235 | } |
246 | ] ++ map (To: { routingPolicyRuleConfig = { | 236 | ] ++ map (To: { Table = "wgrz"; |
247 | Table = "wgrz"; | 237 | inherit To; |
248 | inherit To; | 238 | Priority = 200; |
249 | Priority = 200; | 239 | }) (mwnSubnetsPrivate ++ mwnSubnetsPublic); |
250 | };}) (mwnSubnetsPrivate ++ mwnSubnetsPublic); | ||
251 | linkConfig = { | 240 | linkConfig = { |
252 | RequiredForOnline = false; | 241 | RequiredForOnline = false; |
253 | }; | 242 | }; |
@@ -328,7 +317,7 @@ in { | |||
328 | }; | 317 | }; |
329 | 318 | ||
330 | environment.systemPackages = with pkgs; [ | 319 | environment.systemPackages = with pkgs; [ |
331 | nvtop brightnessctl config.boot.kernelPackages.v4l2loopback s-tui uhk-agent | 320 | nvtopPackages.full brightnessctl config.boot.kernelPackages.v4l2loopback s-tui uhk-agent |
332 | ]; | 321 | ]; |
333 | 322 | ||
334 | services = { | 323 | services = { |
@@ -375,9 +364,27 @@ in { | |||
375 | xserver = { | 364 | xserver = { |
376 | enable = true; | 365 | enable = true; |
377 | 366 | ||
378 | layout = "us"; | 367 | xkb = { |
379 | xkbVariant = "dvp"; | 368 | layout = "us"; |
380 | xkbOptions = "compose:caps"; | 369 | variant = "dvp"; |
370 | options = "compose:caps"; | ||
371 | }; | ||
372 | |||
373 | wacom.enable = true; | ||
374 | |||
375 | dpi = 282; | ||
376 | |||
377 | videoDrivers = [ "nvidia" ]; | ||
378 | |||
379 | screenSection = '' | ||
380 | Option "metamodes" "nvidia-auto-select +0+0 { ForceCompositionPipeline = On }" | ||
381 | ''; | ||
382 | |||
383 | deviceSection = '' | ||
384 | Option "TearFree" "True" | ||
385 | ''; | ||
386 | |||
387 | exportConfiguration = true; | ||
381 | 388 | ||
382 | displayManager.lightdm = { | 389 | displayManager.lightdm = { |
383 | enable = true; | 390 | enable = true; |
@@ -403,24 +410,8 @@ in { | |||
403 | ''; | 410 | ''; |
404 | }; | 411 | }; |
405 | }; | 412 | }; |
406 | |||
407 | wacom.enable = true; | ||
408 | libinput.enable = true; | ||
409 | |||
410 | dpi = 282; | ||
411 | |||
412 | videoDrivers = [ "nvidia" ]; | ||
413 | |||
414 | screenSection = '' | ||
415 | Option "metamodes" "nvidia-auto-select +0+0 { ForceCompositionPipeline = On }" | ||
416 | ''; | ||
417 | |||
418 | deviceSection = '' | ||
419 | Option "TearFree" "True" | ||
420 | ''; | ||
421 | |||
422 | exportConfiguration = true; | ||
423 | }; | 413 | }; |
414 | libinput.enable = true; | ||
424 | }; | 415 | }; |
425 | 416 | ||
426 | systemd.tmpfiles.rules = [ | 417 | systemd.tmpfiles.rules = [ |
@@ -549,9 +540,9 @@ in { | |||
549 | }; | 540 | }; |
550 | }; | 541 | }; |
551 | 542 | ||
552 | opengl = { | 543 | graphics = { |
553 | enable = true; | 544 | enable = true; |
554 | driSupport32Bit = true; | 545 | enable32Bit = true; |
555 | # setLdLibraryPath = true; | 546 | # setLdLibraryPath = true; |
556 | }; | 547 | }; |
557 | 548 | ||
@@ -647,7 +638,10 @@ in { | |||
647 | group = "users"; | 638 | group = "users"; |
648 | }; | 639 | }; |
649 | 640 | ||
650 | i18n.inputMethod.enabled = "ibus"; | 641 | i18n.inputMethod = { |
642 | enable = true; | ||
643 | type = "ibus"; | ||
644 | }; | ||
651 | 645 | ||
652 | environment.sessionVariables."GTK_USE_PORTAL" = "1"; | 646 | environment.sessionVariables."GTK_USE_PORTAL" = "1"; |
653 | xdg.portal = { | 647 | xdg.portal = { |
diff --git a/modules/ibus.nix b/modules/ibus.nix deleted file mode 100644 index bb9b3765..00000000 --- a/modules/ibus.nix +++ /dev/null | |||
@@ -1,79 +0,0 @@ | |||
1 | { config, pkgs, lib, ... }: | ||
2 | |||
3 | with lib; | ||
4 | |||
5 | let | ||
6 | cfg = config.i18n.inputMethod.ibus; | ||
7 | ibusPackage = pkgs.ibus-with-plugins.override { plugins = cfg.engines; }; | ||
8 | ibusEngine = types.package // { | ||
9 | name = "ibus-engine"; | ||
10 | check = x: (lib.types.package.check x) && (attrByPath ["meta" "isIbusEngine"] false x); | ||
11 | }; | ||
12 | in | ||
13 | { | ||
14 | disabledModules = [ "i18n/input-method/ibus.nix" ]; | ||
15 | |||
16 | imports = [ | ||
17 | (mkRenamedOptionModule [ "programs" "ibus" "plugins" ] [ "i18n" "inputMethod" "ibus" "engines" ]) | ||
18 | ]; | ||
19 | |||
20 | options = { | ||
21 | i18n.inputMethod.ibus = { | ||
22 | engines = mkOption { | ||
23 | type = with types; listOf ibusEngine; | ||
24 | default = []; | ||
25 | example = literalExpression "with pkgs.ibus-engines; [ mozc hangul ]"; | ||
26 | description = | ||
27 | let | ||
28 | enginesDrv = filterAttrs (const isDerivation) pkgs.ibus-engines; | ||
29 | engines = concatStringsSep ", " | ||
30 | (map (name: "<literal>${name}</literal>") (attrNames enginesDrv)); | ||
31 | in | ||
32 | "Enabled IBus engines. Available engines are: ${engines}."; | ||
33 | }; | ||
34 | panel = mkOption { | ||
35 | type = with types; nullOr path; | ||
36 | default = null; | ||
37 | example = literalExpression ''"''${pkgs.plasma5Packages.plasma-desktop}/lib/libexec/kimpanel-ibus-panel"''; | ||
38 | description = "Replace the IBus panel with another panel."; | ||
39 | }; | ||
40 | }; | ||
41 | }; | ||
42 | |||
43 | config = mkIf (config.i18n.inputMethod.enabled == "ibus") { | ||
44 | i18n.inputMethod.package = ibusPackage; | ||
45 | |||
46 | # Without dconf enabled it is impossible to use IBus | ||
47 | programs.dconf.enable = true; | ||
48 | |||
49 | programs.dconf.packages = [ ibusPackage ]; | ||
50 | |||
51 | environment.variables = { | ||
52 | GTK_IM_MODULE = "ibus"; | ||
53 | QT_IM_MODULE = "ibus"; | ||
54 | XMODIFIERS = "@im=ibus"; | ||
55 | }; | ||
56 | |||
57 | xdg.portal.extraPortals = mkIf config.xdg.portal.enable [ | ||
58 | ibusPackage | ||
59 | ]; | ||
60 | |||
61 | systemd.user.services.ibus = { | ||
62 | description = "Intelligent Input Bus"; | ||
63 | documentation = ["man:ibus-daemon(1)"]; | ||
64 | after = ["graphical-session-pre.target"]; | ||
65 | wantedBy = ["graphical-session.target"]; | ||
66 | |||
67 | serviceConfig = { | ||
68 | Type = "dbus"; | ||
69 | BusName = "org.freedesktop.IBus"; | ||
70 | ExecStart = "${ibusPackage}/bin/ibus-daemon --xim ${optionalString (cfg.panel != null) "--panel ${cfg.panel}"}"; | ||
71 | ExecReload = "${ibusPackage}/bin/ibus restart"; | ||
72 | ExecStop = "${ibusPackage}/bin/ibus exit"; | ||
73 | }; | ||
74 | }; | ||
75 | }; | ||
76 | |||
77 | # uses attributes of the linked package | ||
78 | meta.buildDocsInSandbox = false; | ||
79 | } | ||
diff --git a/modules/network-interfaces-systemd.nix b/modules/network-interfaces-systemd.nix index a3a49f5e..f62c6b86 100644 --- a/modules/network-interfaces-systemd.nix +++ b/modules/network-interfaces-systemd.nix | |||
@@ -60,10 +60,8 @@ in | |||
60 | ++ optional (cfg.defaultGateway6 != null && (cfg.defaultGateway6.address or "") != "") cfg.defaultGateway6.address; | 60 | ++ optional (cfg.defaultGateway6 != null && (cfg.defaultGateway6.address or "") != "") cfg.defaultGateway6.address; |
61 | in optionalAttrs (gateway != [ ]) { | 61 | in optionalAttrs (gateway != [ ]) { |
62 | routes = override (map (gateway: { | 62 | routes = override (map (gateway: { |
63 | routeConfig = { | 63 | Gateway = gateway; |
64 | Gateway = gateway; | 64 | GatewayOnLink = false; |
65 | GatewayOnLink = false; | ||
66 | }; | ||
67 | }) gateway); | 65 | }) gateway); |
68 | } // optionalAttrs (domains != [ ]) { | 66 | } // optionalAttrs (domains != [ ]) { |
69 | domains = override domains; | 67 | domains = override domains; |
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index 8525cea0..8b190651 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix | |||
@@ -135,7 +135,7 @@ let | |||
135 | PrivateKeyFile = "/run/credentials/systemd-networkd.service/yggdrasil-wg-${family}.priv"; | 135 | PrivateKeyFile = "/run/credentials/systemd-networkd.service/yggdrasil-wg-${family}.priv"; |
136 | ListenPort = listenPort.${family}; | 136 | ListenPort = listenPort.${family}; |
137 | }; | 137 | }; |
138 | wireguardPeers = map (opts@{to, from, ...}: { wireguardPeerConfig = linkToPeer family opts; }) hostLinks.${family}; | 138 | wireguardPeers = map (opts@{to, from, ...}: linkToPeer family opts) hostLinks.${family}; |
139 | }; | 139 | }; |
140 | familyToLoadCred = family: "yggdrasil-wg-${family}.priv:${config.sops.secrets."yggdrasil-wg-${family}.priv".path}"; | 140 | familyToLoadCred = family: "yggdrasil-wg-${family}.priv:${config.sops.secrets."yggdrasil-wg-${family}.priv".path}"; |
141 | familyToYggdrasilNetwork = family: nameValuePair "yggdrasil-wg-${family}" { | 141 | familyToYggdrasilNetwork = family: nameValuePair "yggdrasil-wg-${family}" { |
@@ -145,9 +145,7 @@ let | |||
145 | }; | 145 | }; |
146 | address = [wgHostIPs.${family}.${hostName}]; | 146 | address = [wgHostIPs.${family}.${hostName}]; |
147 | routes = [ | 147 | routes = [ |
148 | { routeConfig = { | 148 | { Destination = "${wgSubnet.${family}}::/${toString wgSubnetLength}"; |
149 | Destination = "${wgSubnet.${family}}::/${toString wgSubnetLength}"; | ||
150 | }; | ||
151 | } | 149 | } |
152 | ]; | 150 | ]; |
153 | linkConfig = { | 151 | linkConfig = { |
@@ -203,25 +201,19 @@ in { | |||
203 | dns = ["2a03:4000:52:ada:1:1::"]; | 201 | dns = ["2a03:4000:52:ada:1:1::"]; |
204 | domains = ["yggdrasil"]; | 202 | domains = ["yggdrasil"]; |
205 | routes = [ | 203 | routes = [ |
206 | { routeConfig = { | 204 | { Destination = "${batSubnet}::/${toString batSubnetLength}"; |
207 | Destination = "${batSubnet}::/${toString batSubnetLength}"; | 205 | GatewayOnLink = true; |
208 | GatewayOnLink = true; | ||
209 | }; | ||
210 | } | 206 | } |
211 | { routeConfig = { | 207 | { Destination = "${batSubnet}::/${toString batSubnetLength}"; |
212 | Destination = "${batSubnet}::/${toString batSubnetLength}"; | 208 | GatewayOnLink = true; |
213 | GatewayOnLink = true; | 209 | Table = "yggdrasil"; |
214 | Table = "yggdrasil"; | ||
215 | }; | ||
216 | } | 210 | } |
217 | { routeConfig = { | 211 | { Destination = batHostIPs.${hostName}; |
218 | Destination = batHostIPs.${hostName}; | 212 | GatewayOnLink = true; |
219 | GatewayOnLink = true; | 213 | Table = "yggdrasil"; |
220 | Table = "yggdrasil"; | ||
221 | }; | ||
222 | } | 214 | } |
223 | ] ++ (concatMap (router: map (rAddr: { routeConfig = { Destination = "::/0"; Gateway = stripSubnet rAddr; GatewayOnLink = true; Table = "yggdrasil"; }; }) batHostIPs.${router}) (filter (router: router != hostName) routers)); | 215 | ] ++ (concatMap (router: map (rAddr: { Destination = "::/0"; Gateway = stripSubnet rAddr; GatewayOnLink = true; Table = "yggdrasil"; }) batHostIPs.${router}) (filter (router: router != hostName) routers)); |
224 | routingPolicyRules = map (addr: { routingPolicyRuleConfig = { Table = "yggdrasil"; From = addr; Priority = 1; }; }) batHostIPs.${hostName}; | 216 | routingPolicyRules = map (addr: { Table = "yggdrasil"; From = addr; Priority = 1; }) batHostIPs.${hostName}; |
225 | linkConfig = { | 217 | linkConfig = { |
226 | MACAddress = "${batHostMACs.${hostName}}"; | 218 | MACAddress = "${batHostMACs.${hostName}}"; |
227 | RequiredForOnline = false; | 219 | RequiredForOnline = false; |