diff options
Diffstat (limited to 'modules/nixosModules')
| -rw-r--r-- | modules/nixosModules/desktop/default.nix | 10 | ||||
| -rw-r--r-- | modules/nixosModules/desktop/mullvad.nix | 9 | ||||
| -rw-r--r-- | modules/nixosModules/desktop/pipewire.nix | 2 | ||||
| -rw-r--r-- | modules/nixosModules/desktop/tailscale.nix | 19 | ||||
| -rw-r--r-- | modules/nixosModules/server/default.nix | 5 | ||||
| -rw-r--r-- | modules/nixosModules/server/navidrome.nix | 4 | ||||
| -rw-r--r-- | modules/nixosModules/server/tailscale.nix | 9 |
7 files changed, 35 insertions, 23 deletions
diff --git a/modules/nixosModules/desktop/default.nix b/modules/nixosModules/desktop/default.nix index 411c361..3c48310 100644 --- a/modules/nixosModules/desktop/default.nix +++ b/modules/nixosModules/desktop/default.nix @@ -1,4 +1,8 @@ -{ self, inputs, ... }: { +{ + self, + inputs, + ... +}: { flake.nixosModules.desktop = {pkgs, ...}: { imports = [ self.nixosModules.gaming @@ -10,7 +14,7 @@ ]; hardware.bluetooth.enable = true; - environment.systemPackages = [ + environment.systemPackages = [ self.packages.${pkgs.stdenv.hostPlatform.system}.zen-browser pkgs.bitwarden-desktop @@ -30,6 +34,8 @@ pkgs.wineWow64Packages.stable ]; + boot.plymouth.enable = true; + programs.nix-ld.enable = true; services.upower.enable = true; diff --git a/modules/nixosModules/desktop/mullvad.nix b/modules/nixosModules/desktop/mullvad.nix index 9f2892c..0ac8fb9 100644 --- a/modules/nixosModules/desktop/mullvad.nix +++ b/modules/nixosModules/desktop/mullvad.nix @@ -1,22 +1,25 @@ {lib, ...}: { - flake.nixosModules.mullvad = { pkgs, ... }: { + flake.nixosModules.mullvad = {pkgs, ...}: { services.mullvad-vpn = { enable = true; package = pkgs.mullvad-vpn; enableExcludeWrapper = true; }; + services.resolved.enable = true; + # allow tailscale traffic through + networking.nftables.enable = true; networking.nftables.tables.mullvad_tailscale = { content = '' chain output { - type route hook output priority 0; policy accept; + type route hook output priority -100; policy accept; ip daddr 100.64.0.0/10 ct mark set 0x00000f41 meta mark set 0x6d6f6c65; } ''; family = "inet"; }; - systemd.services.tailscaled.serviceConfig.Environment = [ "TS_DEBUG_FIREWALL_MODE=nftables" ]; + systemd.services.tailscaled.serviceConfig.Environment = ["TS_DEBUG_FIREWALL_MODE=nftables"]; }; } diff --git a/modules/nixosModules/desktop/pipewire.nix b/modules/nixosModules/desktop/pipewire.nix index bf05dbd..ec663fb 100644 --- a/modules/nixosModules/desktop/pipewire.nix +++ b/modules/nixosModules/desktop/pipewire.nix @@ -9,6 +9,6 @@ socketActivation = true; }; - environment.systemPackages = [ pkgs.pwvucontrol ]; + environment.systemPackages = [pkgs.pwvucontrol]; }; } diff --git a/modules/nixosModules/desktop/tailscale.nix b/modules/nixosModules/desktop/tailscale.nix index f2ab9fc..a9d2968 100644 --- a/modules/nixosModules/desktop/tailscale.nix +++ b/modules/nixosModules/desktop/tailscale.nix @@ -1,22 +1,23 @@ -{ lib, ... }: { - flake.nixosModules.tailscaleDesktop = { config, ... }: { +{lib, ...}: { + flake.nixosModules.tailscaleDesktop = {config, ...}: { services.tailscale = { enable = true; useRoutingFeatures = "client"; openFirewall = true; + extraUpFlags = [ "--accept-dns=false" ]; }; - + networking.firewall = { - enable = lib.mkDefault true; - trustedInterfaces = [ "tailscale0" ]; - allowedUDPPorts = [ config.services.tailscale.port ]; + enable = lib.mkDefault false; + trustedInterfaces = ["tailscale0"]; + allowedUDPPorts = [config.services.tailscale.port]; }; }; - flake.nixosModules.nasClient = { pkgs, ... }: { - boot.supportedFilesystems = [ "nfs" ]; + flake.nixosModules.nasClient = {pkgs, ...}: { + boot.supportedFilesystems = ["nfs"]; - environment.systemPackages = with pkgs; [ nfs-utils ]; + environment.systemPackages = with pkgs; [nfs-utils]; fileSystems."/mnt/data" = { device = "100.64.0.2:/tank/data"; diff --git a/modules/nixosModules/server/default.nix b/modules/nixosModules/server/default.nix index a32f049..5a475b1 100644 --- a/modules/nixosModules/server/default.nix +++ b/modules/nixosModules/server/default.nix @@ -1,5 +1,8 @@ -{ self, inputs, ... }: { + self, + inputs, + ... +}: { flake.nixosModules.server = { imports = [ self.nixosModules.arr diff --git a/modules/nixosModules/server/navidrome.nix b/modules/nixosModules/server/navidrome.nix index 5e319ca..903e574 100644 --- a/modules/nixosModules/server/navidrome.nix +++ b/modules/nixosModules/server/navidrome.nix @@ -1,5 +1,5 @@ -{ self, ... }: { - flake.nixosModules.navidrome = { config, ... }: let +{self, ...}: { + flake.nixosModules.navidrome = {config, ...}: let cfg = config.hostOptions.server; in { imports = [ diff --git a/modules/nixosModules/server/tailscale.nix b/modules/nixosModules/server/tailscale.nix index 41d4b5d..432e155 100644 --- a/modules/nixosModules/server/tailscale.nix +++ b/modules/nixosModules/server/tailscale.nix @@ -1,6 +1,5 @@ -{ self, ... }: { - - flake.nixosModules.tailscaleServer = { config, ... }: let +{self, ...}: { + flake.nixosModules.tailscaleServer = {config, ...}: let cfg = config.hostOptions.server; in { imports = [ @@ -17,7 +16,7 @@ }; }; - flake.nixosModules.headscale = { config, ... }: let + flake.nixosModules.headscale = {config, ...}: let cfg = config.hostOptions.server; in { imports = [ @@ -31,7 +30,7 @@ server_url = "https://headscale.${cfg.domain}"; dns = { magic_dns = false; - nameservers.global = [ "1.1.1.1" "9.9.9.9" ]; + nameservers.global = ["1.1.1.1" "9.9.9.9"]; }; prefixes = { v4 = "100.64.0.0/10"; |