No bitwarden desktop on macos

2024-07-16 15:38:46 -05:00 · 2024-07-16 15:38:46 -05:00 · 696d77ca54
parent a6052994f0
commit 696d77ca54
3 changed files with 159 additions and 133 deletions
--- a/modules/home-manager/default.nix
+++ b/modules/home-manager/default.nix
@ -1146,7 +1146,7 @@
  macos = {
    imports = with homeManagerModules; [
      desktop
-      password-manager
+      # password-manager
    ];
  };
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -295,6 +295,18 @@
        yubikey-manager
        yubico-piv-tool
      ];
      programs.thunderbird = {
        enable = true;
        profiles = {
          daniel = {
            isDefault = true;
            # name = "daniel";
          };
        };
      };
      programs.nushell = {
        enable = true;
      };
@ -341,7 +353,7 @@
    ];
  };
-  graphical-workstation = {
+  graphical-workstation = {pkgs, ...}: {
    imports = with nixosModules; [
      plasma6
      fonts
@ -358,11 +370,16 @@
        driSupport = true;
      };
    };
-    environment.variables = {
+    environment = {
      systemPackages = with pkgs; [
        libnotify
      ];
      variables = {
        # GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark";
        # GTK_USE_PORTAL = "1";
      };
    };
  };
  # ewwbar = {};
  # gnome = {};
--- a/nixos/router.nix
+++ b/nixos/router.nix
@ -9,8 +9,8 @@
  # TODO: review https://francis.begyn.be/blog/nixos-home-router
  ip = "192.168.0.1";
  cidr = "${ip}/16";
-  netmask = "255.255.0.0";
+  netmask = "255.255.0.0"; # see cidr
-  lease = {
+  dhcp_lease_space = {
    min = "192.168.0.5";
    max = "192.168.0.250";
  };
@ -29,27 +29,35 @@
    };
  };
 in {
-  boot.initrd.availableKernelModules = ["xhci_pci"];
+  imports = [
-  boot.initrd.kernelModules = [];
+    {
  boot.kernelModules = ["kvm-intel"];
  boot.extraModulePackages = [];
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = true;
      boot = {
        loader = {
          efi.canTouchEfiVariables = true;
          systemd-boot.enable = true;
        };
        initrd.availableKernelModules = ["xhci_pci"];
        initrd.kernelModules = [];
        kernelModules = ["kvm-intel"];
        extraModulePackages = [];
      };
      nixpkgs.hostPlatform = "x86_64-linux";
      powerManagement.cpuFreqGovernor = "performance";
      hardware.cpu.intel.updateMicrocode = true;
    }
  ];
  boot = {
    kernel = {
      sysctl = {
        "net.ipv4.conf.all.forwarding" = true;
        "net.ipv6.conf.all.forwarding" = true;
-        "net.ipv6.conf.all.accept_ra" = 0;
+        # TODO: may want to disable this once it's working
-        "net.ipv6.conf.all.autoconf" = 0;
+        # "net.ipv6.conf.all.accept_ra" = 0;
-        "net.ipv6.conf.all.use_tempaddr" = 0;
+        # "net.ipv6.conf.all.autoconf" = 0;
        # "net.ipv6.conf.all.use_tempaddr" = 0;
        "net.ipv6.conf.wan0.accept_ra" = 2;
        "net.ipv6.conf.wan0.autoconf" = 1;
@ -57,146 +65,145 @@ in {
    };
  };
  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
  services.fail2ban.enable = true;
  services.radvd = {
    enable = true;
    # NOTE: this config is just the default arch linux config I think and may
    # need tweaking? this is what I had on the arch linux router, though :shrug:
-    config = ''
+    # config = ''
-      interface lo
+    #   interface lo
-      {
+    #   {
-      	AdvSendAdvert on;
+    #   	AdvSendAdvert on;
-      	MinRtrAdvInterval 3;
+    #   	MinRtrAdvInterval 3;
-      	MaxRtrAdvInterval 10;
+    #   	MaxRtrAdvInterval 10;
-      	AdvDefaultPreference low;
+    #   	AdvDefaultPreference low;
-      	AdvHomeAgentFlag off;
+    #   	AdvHomeAgentFlag off;
-      	prefix 2001:db8:1:0::/64
+    #   	prefix 2001:db8:1:0::/64
-      	{
+    #   	{
-      		AdvOnLink on;
+    #   		AdvOnLink on;
-      		AdvAutonomous on;
+    #   		AdvAutonomous on;
-      		AdvRouterAddr off;
+    #   		AdvRouterAddr off;
    #   	};
    #   	prefix 0:0:0:1234::/64
    #   	{
    #   		AdvOnLink on;
    #   		AdvAutonomous on;
    #   		AdvRouterAddr off;
    #   		Base6to4Interface ppp0;
    #   		AdvPreferredLifetime 120;
    #   		AdvValidLifetime 300;
    #   	};
    #   	route 2001:db0:fff::/48
    #   	{
    #   		AdvRoutePreference high;
    #   		AdvRouteLifetime 3600;
    #   	};
    #     RDNSS 2001:db8::1 2001:db8::2
    #     {
    #       AdvRDNSSLifetime 30;
    #     };
    #     DNSSL branch.example.com example.com
    #     {
    #       AdvDNSSLLifetime 30;
    #     };
    #   };
    # '';
  };
-      	prefix 0:0:0:1234::/64
+  # services.resolved = {
-      	{
+  #   enable = true;
-      		AdvOnLink on;
+  #   extraConfig = ''
-      		AdvAutonomous on;
+  #     [Resolve]
-      		AdvRouterAddr off;
+  #     DNSStubListener=no
-      		Base6to4Interface ppp0;
+  #   '';
-      		AdvPreferredLifetime 120;
+  # };
      		AdvValidLifetime 300;
      	};
-      	route 2001:db0:fff::/48
+  # services.dnsmasq = {
-      	{
+  #   enable = true;
-      		AdvRoutePreference high;
+  #   settings = {
-      		AdvRouteLifetime 3600;
+  #     # server endpoints
-      	};
+  #     listen-address = "::1,127.0.0.1,${ip}";
  #     port = "53";
-        RDNSS 2001:db8::1 2001:db8::2
+  #     # DNS cache entries
-        {
+  #     cache-size = "10000";
          AdvRDNSSLifetime 30;
        };
-        DNSSL branch.example.com example.com
+  #     # local domain entries
-        {
+  #     local = "/lan/";
-          AdvDNSSLLifetime 30;
+  #     domain = "lan";
-        };
+  #     expand-hosts = true;
      };
    '';
  };
-  services.resolved = {
+  #     dhcp-authoritative = true;
    enable = true;
    extraConfig = ''
      [Resolve]
      DNSStubListener=no
    '';
  };
-  services.dnsmasq = {
+  #     conf-file = "/usr/share/dnsmasq/trust-anchors.conf";
-    enable = true;
+  #     dnssec = true;
    settings = {
      # server endpoints
      listen-address = "::1,127.0.0.1,${ip}";
      port = "53";
-      # DNS cache entries
+  #     except-interface = "${wan_if}";
-      cache-size = "10000";
+  #     interface = "${lan_if}";
-      # local domain entries
+  #     enable-ra = true;
      local = "/lan/";
      domain = "lan";
      expand-hosts = true;
-      dhcp-authoritative = true;
+  #     # dhcp-option = "121,${cidr},${ip}";
-      conf-file = "/usr/share/dnsmasq/trust-anchors.conf";
+  #     dhcp-range = [
-      dnssec = true;
+  #       "lan,${dhcp_lease_space.min},${dhcp_lease_space.max},${netmask},10m"
  #       "tag:${lan_if},::1,constructor:${lan_if},ra-names,12h"
  #     ];
-      except-interface = "${wan_if}";
+  #     dhcp-host = [
-      interface = "${lan_if}";
+  #       "${hosts.dragon.host},${hosts.dragon.ip},12h"
  #       "${hosts.beefcake.host},${hosts.beefcake.ip},12h"
  #     ];
-      enable-ra = true;
+  #     # may need to go in /etc/hosts (networking.extraHosts), too?
  #     address = [
  #       "/video.lyte.dev/192.168.0.9"
  #       "/git.lyte.dev/192.168.0.9"
  #       "/bw.lyte.dev/192.168.0.9"
  #       "/files.lyte.dev/192.168.0.9"
  #       "/vpn.h.lyte.dev/192.168.0.9"
  #       "/.h.lyte.dev/192.168.0.9"
  #     ];
-      # dhcp-option = "121,${cidr},${ip}";
+  #     server = [
-
+  #       "${ip}"
-      dhcp-range = [
+  #       "8.8.8.8"
-        "lan,${lease.min},${lease.max},${netmask},10m"
+  #       "8.8.4.4"
-        "tag:${lan_if},::1,constructor:${lan_if},ra-names,12h"
+  #       "1.1.1.1"
-      ];
+  #       "1.0.0.1"
-
+  #     ];
-      dhcp-host = [
+  #   };
-        "${hosts.dragon.host},${hosts.dragon.ip},12h"
+  # };
        "${hosts.beefcake.host},${hosts.beefcake.ip},12h"
      ];
      # may need to go in /etc/hosts (networking.extraHosts), too?
      address = [
        "/video.lyte.dev/192.168.0.9"
        "/git.lyte.dev/192.168.0.9"
        "/bw.lyte.dev/192.168.0.9"
        "/files.lyte.dev/192.168.0.9"
        "/vpn.h.lyte.dev/192.168.0.9"
        "/.h.lyte.dev/192.168.0.9"
      ];
      server = [
        "${ip}"
        "8.8.8.8"
        "8.8.4.4"
        "1.1.1.1"
        "1.0.0.1"
      ];
    };
  };
  networking = {
    nat.enable = true; # TODO: maybe replace some of the nftables stuff with this?
    firewall.enable = false;
    hostName = "router";
    domain = "h.lyte.dev";
-    # useDHCP = true;
+    useDHCP = false;
-    interfaces = {
+    # useDHCP = true;
-      enp2s0 = {
+    # nat.enable = true; # TODO: maybe replace some of the nftables stuff with this module?
-        # should be wan0
+
-        useDHCP = true;
+    # interfaces = {
-      };
+    #   enp2s0 = {
-      enp3s0 = {
+    #     # should be wan0
-        # should be lan0
+    #     useDHCP = true;
-        useDHCP = false;
+    #   };
-      };
+    #   enp3s0 = {
-      wan0 = {
+    #     # should be lan0
-        useDHCP = true;
+    #     useDHCP = false;
-      };
+    #   };
-      lan0 = {
+    #   wan0 = {
-        useDHCP = false;
+    #     useDHCP = true;
-      };
+    #   };
-    };
+    #   lan0 = {
    #     useDHCP = false;
    #   };
    # };
    extraHosts = ''
      127.0.0.1 localhost
@ -207,6 +214,8 @@ in {
      ff02::2 ip6-allrouters
    '';
    firewall.enable = false;
    nftables = {
      enable = true;
      flushRuleset = true;
@ -349,7 +358,7 @@ in {
  systemd.network = {
    enable = true;
    links = {
-      "${wan_if}" = {
+      "10-${wan_if}" = {
        enable = true;
        matchConfig = {
          MACAddress = "00:01:2e:82:73:59";
@ -358,7 +367,7 @@ in {
          Name = wan_if;
        };
      };
-      "${lan_if}" = {
+      "10-${lan_if}" = {
        enable = true;
        matchConfig = {
          MACAddress = "00:01:2e:82:73:5a";