diff options
| author | scouckel <james.krinsky@gmail.com> | 2026-01-25 11:42:17 -0600 |
|---|---|---|
| committer | scouckel <james.krinsky@gmail.com> | 2026-01-25 11:42:17 -0600 |
| commit | 8f3848f4d41f9184657048ddecbe052b22d26874 (patch) | |
| tree | 690b7e7a345eb41eade0fd118e7bd821ac4c15a5 | |
| parent | c1e1db1d3dcbc0437d3e740c9a63cd9838754cec (diff) | |
big changes
| -rw-r--r-- | flake.lock | 64 | ||||
| -rw-r--r-- | hosts/tiamat/configuration.nix | 4 | ||||
| -rw-r--r-- | hosts/vecna/configuration.nix | 8 | ||||
| -rw-r--r-- | modules/home-manager/default.nix | 2 | ||||
| -rw-r--r-- | modules/nixos/default.nix | 12 | ||||
| -rw-r--r-- | modules/nixos/nas.nix | 17 | ||||
| -rw-r--r-- | modules/nixos/xdg-portal.nix | 5 |
7 files changed, 65 insertions, 47 deletions
@@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1768131442, - "narHash": "sha256-X+2RxD4+F8LBqvJNRh6FduRLU4a2SnZQ8a9BCN6Ty1E=", + "lastModified": 1769359737, + "narHash": "sha256-etMugLQx4wikNIJhIDhmpU8L9SBgMfmcdCxJdrboqZs=", "owner": "AdnanHodzic", "repo": "auto-cpufreq", - "rev": "046af28ffb4d719e3c360b3986750f187866d4a8", + "rev": "fd0d219eeaca7250653dfa861a17d0356cf07400", "type": "github" }, "original": { @@ -85,11 +85,11 @@ ] }, "locked": { - "lastModified": 1768434960, - "narHash": "sha256-cJbFn17oyg6qAraLr+NVeNJrXsrzJdrudkzI4H2iTcg=", + "lastModified": 1769289524, + "narHash": "sha256-6Cwtvzrw79cOk1lCzN2aKSVrpgSOSQoYhyMmhXXZjTA=", "owner": "nix-community", "repo": "home-manager", - "rev": "b4d88c9ac42ae1a745283f6547701da43b6e9f9b", + "rev": "2539eba97a6df237d75617c25cd2dbef92df3d5b", "type": "github" }, "original": { @@ -106,11 +106,11 @@ ] }, "locked": { - "lastModified": 1767104570, - "narHash": "sha256-GKgwu5//R+cLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk=", + "lastModified": 1768434960, + "narHash": "sha256-cJbFn17oyg6qAraLr+NVeNJrXsrzJdrudkzI4H2iTcg=", "owner": "nix-community", "repo": "home-manager", - "rev": "e4e78a2cbeaddd07ab7238971b16468cc1d14daf", + "rev": "b4d88c9ac42ae1a745283f6547701da43b6e9f9b", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "mnw": { "locked": { - "lastModified": 1767030222, + "lastModified": 1768701608, "narHash": "sha256-kSvWF3Xt2HW9hmV5V7i8PqeWJIBUKmuKoHhOgj3Znzs=", "owner": "Gerg-L", "repo": "mnw", - "rev": "75bb637454b0fbbb5ed652375a4bf7ffd28bcf6f", + "rev": "20d63a8a1ae400557c770052a46a9840e768926b", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1768397375, - "narHash": "sha256-7QqbFi3ERvKjEdAzEYPv7iSGwpUKSrQW5wPLMFq45AQ=", + "lastModified": 1769302137, + "narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "efe2094529d69a3f54892771b6be8ee4a0ebef0f", + "rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1768305791, - "narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=", + "lastModified": 1769170682, + "narHash": "sha256-oMmN1lVQU0F0W2k6OI3bgdzp2YOHWYUAw79qzDSjenU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e", + "rev": "c5296fdd05cfa2c187990dd909864da9658df755", "type": "github" }, "original": { @@ -222,11 +222,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1767892417, - "narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=", + "lastModified": 1769018530, + "narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba", + "rev": "88d3861acdd3d2f0e361767018218e51810df8a1", "type": "github" }, "original": { @@ -262,11 +262,11 @@ ] }, "locked": { - "lastModified": 1768469403, - "narHash": "sha256-kU9UKtzjTt0LOtoU8WW+hFZMWKoylR1lHkm7WBfT3qQ=", + "lastModified": 1769354239, + "narHash": "sha256-MhbptUY7ancteazxhCR+cFZYbitaX5CR+F86XHoAJZM=", "owner": "nix-community", "repo": "NUR", - "rev": "204ea07b6c1467a2fd55aef446d6a4843893f00f", + "rev": "1cd64d78f51a4f341ee33e718699e6b74437e8e0", "type": "github" }, "original": { @@ -287,11 +287,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1768464392, - "narHash": "sha256-H3DRARqclUFdUaWgu1xQEb86/wrh41ZG0fIQJVjcZdE=", + "lastModified": 1769247611, + "narHash": "sha256-T7icKolKxPtEauIQJAKY+zwjhfau94Rhnk+GfDCve+U=", "owner": "NotAShelf", "repo": "nvf", - "rev": "007f14a2c8d67568f4655654b401871920d73011", + "rev": "cf066ec6812af32ad229b0d2ab3228182f8b0a14", "type": "github" }, "original": { @@ -320,11 +320,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1768107098, - "narHash": "sha256-mSthw4k7jkB5S8+NYZwrQFItLj+17Se7Wn0pIfdASbc=", + "lastModified": 1769316930, + "narHash": "sha256-4EOGHYLpIscwr+6drHE28Qj7NDjjowp2Vd8QkXjdBBE=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "2e40e07527f9d724b1578f0af590ab345e836ec3", + "rev": "b2ce438f386943ef611e196a178af2d79042903b", "type": "github" }, "original": { @@ -371,11 +371,11 @@ ] }, "locked": { - "lastModified": 1768379550, - "narHash": "sha256-z94S29l5V86h11LZbPIMbHTJyksDG63aqISsZkTTuJY=", + "lastModified": 1769319042, + "narHash": "sha256-2MmX9m8ZZgXEakZ9us2CsxG8Uz6ZjaFM+Xe5Y7VrZTQ=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "06f61b4e4f4f6ba8027c96a5611c63dc0db12b90", + "rev": "500f06314aebde1174ca6da147ccf59259abf6c0", "type": "github" }, "original": { diff --git a/hosts/tiamat/configuration.nix b/hosts/tiamat/configuration.nix index cce4dfb..9f2d780 100644 --- a/hosts/tiamat/configuration.nix +++ b/hosts/tiamat/configuration.nix @@ -38,7 +38,7 @@ system.name = "tiamat"; networking.hostName = "tiamat"; - networking.nameservers = [ "1.1.1.1" "9.9.9.9" ]; + networking.nameservers = [ "100.100.100.100" "1.1.1.1" "9.9.9.9" ]; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; @@ -87,7 +87,7 @@ users.users.jck = { isNormalUser = true; description = "jck"; - extraGroups = [ "networkmanager" "wheel" "nordvpn" ]; + extraGroups = [ "networkmanager" "wheel" ]; }; nixpkgs.config.allowUnfree = true; diff --git a/hosts/vecna/configuration.nix b/hosts/vecna/configuration.nix index 08012df..3284a04 100644 --- a/hosts/vecna/configuration.nix +++ b/hosts/vecna/configuration.nix @@ -57,9 +57,10 @@ plugins = with pkgs; [ networkmanager-openvpn ]; + dns = "none"; }; - networking.nameservers = [ "1.1.1.1" "9.9.9.9" ]; + networking.nameservers = [ "100.100.100.100" "1.1.1.1" "9.9.9.9" ]; # localization time.timeZone = "US/Central"; @@ -84,7 +85,7 @@ users.users.jck = { isNormalUser = true; description = "jck"; - extraGroups = [ "networkmanager" "wheel" "nordvpn" ]; + extraGroups = [ "networkmanager" "wheel" ]; }; nixpkgs.config.allowUnfree = true; @@ -125,9 +126,6 @@ # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; - networking.firewall.checkReversePath = false; - networking.firewall.allowedTCPPorts = [ 443 ]; - networking.firewall.allowedUDPPorts = [ 1194 ]; system.stateVersion = "25.05"; } diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index 24cbba7..c872ab6 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -59,7 +59,7 @@ enable = true; defaultApplications = { - "application/pdf" = "userapp-kitty vi-DARLE3.desktop"; + "application/pdf" = "zen-twilight.desktop"; "application/javascript" = "userapp-kitty vi-DARLE3.desktop"; "application/toml" = "userapp-kitty vi-DARLE3.desktop"; "application/vnd.microsoft.portable-executable" = "wine-desktop"; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index ec1e0a9..9babfdb 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -33,13 +33,17 @@ programs.localsend.enable = true; - services.nordvpn.enable = true; - fonts.packages = with pkgs; [ nerd-fonts.jetbrains-mono jetbrains-mono ]; + fonts.fontconfig.defaultFonts = { + monospace = [ + "JetBrainsMono Nerd Font" + ]; + }; + programs.nh = { enable = true; clean.enable = true; @@ -67,4 +71,8 @@ programs.partition-manager.enable = true; services.udisks2.enable = true; + + services.mullvad-vpn.enable = true; + services.mullvad-vpn.package = pkgs.mullvad-vpn; + services.mullvad-vpn.enableExcludeWrapper = true; } diff --git a/modules/nixos/nas.nix b/modules/nixos/nas.nix index 46bcb13..6201160 100644 --- a/modules/nixos/nas.nix +++ b/modules/nixos/nas.nix @@ -7,6 +7,9 @@ config = lib.mkIf config.client.nas.enable { services.tailscale.enable = true; + services.tailscale.useRoutingFeatures = "client"; + services.tailscale.openFirewall = true; + services.tailscale.extraUpFlags = [ "--accept-dns=false" ]; networking.nftables.enable = true; networking.firewall = { enable = true; @@ -14,6 +17,20 @@ allowedUDPPorts = [ config.services.tailscale.port ]; }; + networking.nftables = { + tables = { + mullvad_tailscale = { + content = '' + chain output { + type route hook output priority 0; policy accept; + ip daddr 100.64.0.0/10 ct mark set 0x00000f41 meta mark set 0x6d6f6c65; + } + ''; + family = "inet"; + }; + }; + }; + systemd.services.tailscaled.serviceConfig.Environment = [ "TS_DEBUG_FIREWALL_MODE=nftables" ]; diff --git a/modules/nixos/xdg-portal.nix b/modules/nixos/xdg-portal.nix index 7883eec..51035a4 100644 --- a/modules/nixos/xdg-portal.nix +++ b/modules/nixos/xdg-portal.nix @@ -5,11 +5,6 @@ enable = true; config.common.default = "*"; - # config = { - # common = { - # default = [ "hyprland" ]; - # }; - # }; extraPortals = with pkgs; [ xdg-desktop-portal-hyprland |