No bitwarden desktop on macos

This commit is contained in:
Daniel Flanagan 2024-07-16 15:38:46 -05:00
parent a6052994f0
commit 696d77ca54
3 changed files with 159 additions and 133 deletions

View file

@ -1146,7 +1146,7 @@
macos = { macos = {
imports = with homeManagerModules; [ imports = with homeManagerModules; [
desktop desktop
password-manager # password-manager
]; ];
}; };

View file

@ -295,6 +295,18 @@
yubikey-manager yubikey-manager
yubico-piv-tool yubico-piv-tool
]; ];
programs.thunderbird = {
enable = true;
profiles = {
daniel = {
isDefault = true;
# name = "daniel";
};
};
};
programs.nushell = { programs.nushell = {
enable = true; enable = true;
}; };
@ -341,7 +353,7 @@
]; ];
}; };
graphical-workstation = { graphical-workstation = {pkgs, ...}: {
imports = with nixosModules; [ imports = with nixosModules; [
plasma6 plasma6
fonts fonts
@ -358,9 +370,14 @@
driSupport = true; driSupport = true;
}; };
}; };
environment.variables = { environment = {
# GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark"; systemPackages = with pkgs; [
# GTK_USE_PORTAL = "1"; libnotify
];
variables = {
# GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark";
# GTK_USE_PORTAL = "1";
};
}; };
}; };

View file

@ -9,8 +9,8 @@
# TODO: review https://francis.begyn.be/blog/nixos-home-router # TODO: review https://francis.begyn.be/blog/nixos-home-router
ip = "192.168.0.1"; ip = "192.168.0.1";
cidr = "${ip}/16"; cidr = "${ip}/16";
netmask = "255.255.0.0"; netmask = "255.255.0.0"; # see cidr
lease = { dhcp_lease_space = {
min = "192.168.0.5"; min = "192.168.0.5";
max = "192.168.0.250"; max = "192.168.0.250";
}; };
@ -29,27 +29,35 @@
}; };
}; };
in { in {
boot.initrd.availableKernelModules = ["xhci_pci"]; imports = [
boot.initrd.kernelModules = []; {
boot.kernelModules = ["kvm-intel"]; boot = {
boot.extraModulePackages = []; loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
initrd.availableKernelModules = ["xhci_pci"];
initrd.kernelModules = [];
kernelModules = ["kvm-intel"];
extraModulePackages = [];
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
hardware.cpu.intel.updateMicrocode = true; powerManagement.cpuFreqGovernor = "performance";
hardware.cpu.intel.updateMicrocode = true;
}
];
boot = { boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
kernel = { kernel = {
sysctl = { sysctl = {
"net.ipv4.conf.all.forwarding" = true; "net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = true; "net.ipv6.conf.all.forwarding" = true;
"net.ipv6.conf.all.accept_ra" = 0; # TODO: may want to disable this once it's working
"net.ipv6.conf.all.autoconf" = 0; # "net.ipv6.conf.all.accept_ra" = 0;
"net.ipv6.conf.all.use_tempaddr" = 0; # "net.ipv6.conf.all.autoconf" = 0;
# "net.ipv6.conf.all.use_tempaddr" = 0;
"net.ipv6.conf.wan0.accept_ra" = 2; "net.ipv6.conf.wan0.accept_ra" = 2;
"net.ipv6.conf.wan0.autoconf" = 1; "net.ipv6.conf.wan0.autoconf" = 1;
@ -57,146 +65,145 @@ in {
}; };
}; };
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
services.fail2ban.enable = true; services.fail2ban.enable = true;
services.radvd = { services.radvd = {
enable = true; enable = true;
# NOTE: this config is just the default arch linux config I think and may # NOTE: this config is just the default arch linux config I think and may
# need tweaking? this is what I had on the arch linux router, though :shrug: # need tweaking? this is what I had on the arch linux router, though :shrug:
config = '' # config = ''
interface lo # interface lo
{ # {
AdvSendAdvert on; # AdvSendAdvert on;
MinRtrAdvInterval 3; # MinRtrAdvInterval 3;
MaxRtrAdvInterval 10; # MaxRtrAdvInterval 10;
AdvDefaultPreference low; # AdvDefaultPreference low;
AdvHomeAgentFlag off; # AdvHomeAgentFlag off;
prefix 2001:db8:1:0::/64 # prefix 2001:db8:1:0::/64
{ # {
AdvOnLink on; # AdvOnLink on;
AdvAutonomous on; # AdvAutonomous on;
AdvRouterAddr off; # AdvRouterAddr off;
}; # };
prefix 0:0:0:1234::/64 # prefix 0:0:0:1234::/64
{ # {
AdvOnLink on; # AdvOnLink on;
AdvAutonomous on; # AdvAutonomous on;
AdvRouterAddr off; # AdvRouterAddr off;
Base6to4Interface ppp0; # Base6to4Interface ppp0;
AdvPreferredLifetime 120; # AdvPreferredLifetime 120;
AdvValidLifetime 300; # AdvValidLifetime 300;
}; # };
route 2001:db0:fff::/48 # route 2001:db0:fff::/48
{ # {
AdvRoutePreference high; # AdvRoutePreference high;
AdvRouteLifetime 3600; # AdvRouteLifetime 3600;
}; # };
RDNSS 2001:db8::1 2001:db8::2 # RDNSS 2001:db8::1 2001:db8::2
{ # {
AdvRDNSSLifetime 30; # AdvRDNSSLifetime 30;
}; # };
DNSSL branch.example.com example.com # DNSSL branch.example.com example.com
{ # {
AdvDNSSLLifetime 30; # AdvDNSSLLifetime 30;
}; # };
}; # };
''; # '';
}; };
services.resolved = { # services.resolved = {
enable = true; # enable = true;
extraConfig = '' # extraConfig = ''
[Resolve] # [Resolve]
DNSStubListener=no # DNSStubListener=no
''; # '';
}; # };
services.dnsmasq = { # services.dnsmasq = {
enable = true; # enable = true;
settings = { # settings = {
# server endpoints # # server endpoints
listen-address = "::1,127.0.0.1,${ip}"; # listen-address = "::1,127.0.0.1,${ip}";
port = "53"; # port = "53";
# DNS cache entries # # DNS cache entries
cache-size = "10000"; # cache-size = "10000";
# local domain entries # # local domain entries
local = "/lan/"; # local = "/lan/";
domain = "lan"; # domain = "lan";
expand-hosts = true; # expand-hosts = true;
dhcp-authoritative = true; # dhcp-authoritative = true;
conf-file = "/usr/share/dnsmasq/trust-anchors.conf"; # conf-file = "/usr/share/dnsmasq/trust-anchors.conf";
dnssec = true; # dnssec = true;
except-interface = "${wan_if}"; # except-interface = "${wan_if}";
interface = "${lan_if}"; # interface = "${lan_if}";
enable-ra = true; # enable-ra = true;
# dhcp-option = "121,${cidr},${ip}"; # # dhcp-option = "121,${cidr},${ip}";
dhcp-range = [ # dhcp-range = [
"lan,${lease.min},${lease.max},${netmask},10m" # "lan,${dhcp_lease_space.min},${dhcp_lease_space.max},${netmask},10m"
"tag:${lan_if},::1,constructor:${lan_if},ra-names,12h" # "tag:${lan_if},::1,constructor:${lan_if},ra-names,12h"
]; # ];
dhcp-host = [ # dhcp-host = [
"${hosts.dragon.host},${hosts.dragon.ip},12h" # "${hosts.dragon.host},${hosts.dragon.ip},12h"
"${hosts.beefcake.host},${hosts.beefcake.ip},12h" # "${hosts.beefcake.host},${hosts.beefcake.ip},12h"
]; # ];
# may need to go in /etc/hosts (networking.extraHosts), too? # # may need to go in /etc/hosts (networking.extraHosts), too?
address = [ # address = [
"/video.lyte.dev/192.168.0.9" # "/video.lyte.dev/192.168.0.9"
"/git.lyte.dev/192.168.0.9" # "/git.lyte.dev/192.168.0.9"
"/bw.lyte.dev/192.168.0.9" # "/bw.lyte.dev/192.168.0.9"
"/files.lyte.dev/192.168.0.9" # "/files.lyte.dev/192.168.0.9"
"/vpn.h.lyte.dev/192.168.0.9" # "/vpn.h.lyte.dev/192.168.0.9"
"/.h.lyte.dev/192.168.0.9" # "/.h.lyte.dev/192.168.0.9"
]; # ];
server = [ # server = [
"${ip}" # "${ip}"
"8.8.8.8" # "8.8.8.8"
"8.8.4.4" # "8.8.4.4"
"1.1.1.1" # "1.1.1.1"
"1.0.0.1" # "1.0.0.1"
]; # ];
}; # };
}; # };
networking = { networking = {
nat.enable = true; # TODO: maybe replace some of the nftables stuff with this?
firewall.enable = false;
hostName = "router"; hostName = "router";
domain = "h.lyte.dev"; domain = "h.lyte.dev";
# useDHCP = true; useDHCP = false;
interfaces = { # useDHCP = true;
enp2s0 = { # nat.enable = true; # TODO: maybe replace some of the nftables stuff with this module?
# should be wan0
useDHCP = true; # interfaces = {
}; # enp2s0 = {
enp3s0 = { # # should be wan0
# should be lan0 # useDHCP = true;
useDHCP = false; # };
}; # enp3s0 = {
wan0 = { # # should be lan0
useDHCP = true; # useDHCP = false;
}; # };
lan0 = { # wan0 = {
useDHCP = false; # useDHCP = true;
}; # };
}; # lan0 = {
# useDHCP = false;
# };
# };
extraHosts = '' extraHosts = ''
127.0.0.1 localhost 127.0.0.1 localhost
@ -207,6 +214,8 @@ in {
ff02::2 ip6-allrouters ff02::2 ip6-allrouters
''; '';
firewall.enable = false;
nftables = { nftables = {
enable = true; enable = true;
flushRuleset = true; flushRuleset = true;
@ -349,7 +358,7 @@ in {
systemd.network = { systemd.network = {
enable = true; enable = true;
links = { links = {
"${wan_if}" = { "10-${wan_if}" = {
enable = true; enable = true;
matchConfig = { matchConfig = {
MACAddress = "00:01:2e:82:73:59"; MACAddress = "00:01:2e:82:73:59";
@ -358,7 +367,7 @@ in {
Name = wan_if; Name = wan_if;
}; };
}; };
"${lan_if}" = { "10-${lan_if}" = {
enable = true; enable = true;
matchConfig = { matchConfig = {
MACAddress = "00:01:2e:82:73:5a"; MACAddress = "00:01:2e:82:73:5a";