No bitwarden desktop on macos
This commit is contained in:
parent
a6052994f0
commit
696d77ca54
3 changed files with 159 additions and 133 deletions
|
@ -1146,7 +1146,7 @@
|
||||||
macos = {
|
macos = {
|
||||||
imports = with homeManagerModules; [
|
imports = with homeManagerModules; [
|
||||||
desktop
|
desktop
|
||||||
password-manager
|
# password-manager
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -295,6 +295,18 @@
|
||||||
yubikey-manager
|
yubikey-manager
|
||||||
yubico-piv-tool
|
yubico-piv-tool
|
||||||
];
|
];
|
||||||
|
|
||||||
|
programs.thunderbird = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
profiles = {
|
||||||
|
daniel = {
|
||||||
|
isDefault = true;
|
||||||
|
# name = "daniel";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
programs.nushell = {
|
programs.nushell = {
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
|
@ -341,7 +353,7 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
graphical-workstation = {
|
graphical-workstation = {pkgs, ...}: {
|
||||||
imports = with nixosModules; [
|
imports = with nixosModules; [
|
||||||
plasma6
|
plasma6
|
||||||
fonts
|
fonts
|
||||||
|
@ -358,9 +370,14 @@
|
||||||
driSupport = true;
|
driSupport = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
environment.variables = {
|
environment = {
|
||||||
# GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark";
|
systemPackages = with pkgs; [
|
||||||
# GTK_USE_PORTAL = "1";
|
libnotify
|
||||||
|
];
|
||||||
|
variables = {
|
||||||
|
# GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark";
|
||||||
|
# GTK_USE_PORTAL = "1";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
265
nixos/router.nix
265
nixos/router.nix
|
@ -9,8 +9,8 @@
|
||||||
# TODO: review https://francis.begyn.be/blog/nixos-home-router
|
# TODO: review https://francis.begyn.be/blog/nixos-home-router
|
||||||
ip = "192.168.0.1";
|
ip = "192.168.0.1";
|
||||||
cidr = "${ip}/16";
|
cidr = "${ip}/16";
|
||||||
netmask = "255.255.0.0";
|
netmask = "255.255.0.0"; # see cidr
|
||||||
lease = {
|
dhcp_lease_space = {
|
||||||
min = "192.168.0.5";
|
min = "192.168.0.5";
|
||||||
max = "192.168.0.250";
|
max = "192.168.0.250";
|
||||||
};
|
};
|
||||||
|
@ -29,27 +29,35 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
boot.initrd.availableKernelModules = ["xhci_pci"];
|
imports = [
|
||||||
boot.initrd.kernelModules = [];
|
{
|
||||||
boot.kernelModules = ["kvm-intel"];
|
boot = {
|
||||||
boot.extraModulePackages = [];
|
loader = {
|
||||||
|
efi.canTouchEfiVariables = true;
|
||||||
|
systemd-boot.enable = true;
|
||||||
|
};
|
||||||
|
initrd.availableKernelModules = ["xhci_pci"];
|
||||||
|
initrd.kernelModules = [];
|
||||||
|
kernelModules = ["kvm-intel"];
|
||||||
|
extraModulePackages = [];
|
||||||
|
};
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = "x86_64-linux";
|
||||||
hardware.cpu.intel.updateMicrocode = true;
|
powerManagement.cpuFreqGovernor = "performance";
|
||||||
|
hardware.cpu.intel.updateMicrocode = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
loader = {
|
|
||||||
efi.canTouchEfiVariables = true;
|
|
||||||
systemd-boot.enable = true;
|
|
||||||
};
|
|
||||||
kernel = {
|
kernel = {
|
||||||
sysctl = {
|
sysctl = {
|
||||||
"net.ipv4.conf.all.forwarding" = true;
|
"net.ipv4.conf.all.forwarding" = true;
|
||||||
"net.ipv6.conf.all.forwarding" = true;
|
"net.ipv6.conf.all.forwarding" = true;
|
||||||
|
|
||||||
"net.ipv6.conf.all.accept_ra" = 0;
|
# TODO: may want to disable this once it's working
|
||||||
"net.ipv6.conf.all.autoconf" = 0;
|
# "net.ipv6.conf.all.accept_ra" = 0;
|
||||||
"net.ipv6.conf.all.use_tempaddr" = 0;
|
# "net.ipv6.conf.all.autoconf" = 0;
|
||||||
|
# "net.ipv6.conf.all.use_tempaddr" = 0;
|
||||||
|
|
||||||
"net.ipv6.conf.wan0.accept_ra" = 2;
|
"net.ipv6.conf.wan0.accept_ra" = 2;
|
||||||
"net.ipv6.conf.wan0.autoconf" = 1;
|
"net.ipv6.conf.wan0.autoconf" = 1;
|
||||||
|
@ -57,146 +65,145 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
|
||||||
|
|
||||||
services.fail2ban.enable = true;
|
services.fail2ban.enable = true;
|
||||||
services.radvd = {
|
services.radvd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# NOTE: this config is just the default arch linux config I think and may
|
# NOTE: this config is just the default arch linux config I think and may
|
||||||
# need tweaking? this is what I had on the arch linux router, though :shrug:
|
# need tweaking? this is what I had on the arch linux router, though :shrug:
|
||||||
config = ''
|
# config = ''
|
||||||
interface lo
|
# interface lo
|
||||||
{
|
# {
|
||||||
AdvSendAdvert on;
|
# AdvSendAdvert on;
|
||||||
MinRtrAdvInterval 3;
|
# MinRtrAdvInterval 3;
|
||||||
MaxRtrAdvInterval 10;
|
# MaxRtrAdvInterval 10;
|
||||||
AdvDefaultPreference low;
|
# AdvDefaultPreference low;
|
||||||
AdvHomeAgentFlag off;
|
# AdvHomeAgentFlag off;
|
||||||
|
|
||||||
prefix 2001:db8:1:0::/64
|
# prefix 2001:db8:1:0::/64
|
||||||
{
|
# {
|
||||||
AdvOnLink on;
|
# AdvOnLink on;
|
||||||
AdvAutonomous on;
|
# AdvAutonomous on;
|
||||||
AdvRouterAddr off;
|
# AdvRouterAddr off;
|
||||||
};
|
# };
|
||||||
|
|
||||||
prefix 0:0:0:1234::/64
|
# prefix 0:0:0:1234::/64
|
||||||
{
|
# {
|
||||||
AdvOnLink on;
|
# AdvOnLink on;
|
||||||
AdvAutonomous on;
|
# AdvAutonomous on;
|
||||||
AdvRouterAddr off;
|
# AdvRouterAddr off;
|
||||||
Base6to4Interface ppp0;
|
# Base6to4Interface ppp0;
|
||||||
AdvPreferredLifetime 120;
|
# AdvPreferredLifetime 120;
|
||||||
AdvValidLifetime 300;
|
# AdvValidLifetime 300;
|
||||||
};
|
# };
|
||||||
|
|
||||||
route 2001:db0:fff::/48
|
# route 2001:db0:fff::/48
|
||||||
{
|
# {
|
||||||
AdvRoutePreference high;
|
# AdvRoutePreference high;
|
||||||
AdvRouteLifetime 3600;
|
# AdvRouteLifetime 3600;
|
||||||
};
|
# };
|
||||||
|
|
||||||
RDNSS 2001:db8::1 2001:db8::2
|
# RDNSS 2001:db8::1 2001:db8::2
|
||||||
{
|
# {
|
||||||
AdvRDNSSLifetime 30;
|
# AdvRDNSSLifetime 30;
|
||||||
};
|
# };
|
||||||
|
|
||||||
DNSSL branch.example.com example.com
|
# DNSSL branch.example.com example.com
|
||||||
{
|
# {
|
||||||
AdvDNSSLLifetime 30;
|
# AdvDNSSLLifetime 30;
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
'';
|
# '';
|
||||||
};
|
};
|
||||||
|
|
||||||
services.resolved = {
|
# services.resolved = {
|
||||||
enable = true;
|
# enable = true;
|
||||||
extraConfig = ''
|
# extraConfig = ''
|
||||||
[Resolve]
|
# [Resolve]
|
||||||
DNSStubListener=no
|
# DNSStubListener=no
|
||||||
'';
|
# '';
|
||||||
};
|
# };
|
||||||
|
|
||||||
services.dnsmasq = {
|
# services.dnsmasq = {
|
||||||
enable = true;
|
# enable = true;
|
||||||
settings = {
|
# settings = {
|
||||||
# server endpoints
|
# # server endpoints
|
||||||
listen-address = "::1,127.0.0.1,${ip}";
|
# listen-address = "::1,127.0.0.1,${ip}";
|
||||||
port = "53";
|
# port = "53";
|
||||||
|
|
||||||
# DNS cache entries
|
# # DNS cache entries
|
||||||
cache-size = "10000";
|
# cache-size = "10000";
|
||||||
|
|
||||||
# local domain entries
|
# # local domain entries
|
||||||
local = "/lan/";
|
# local = "/lan/";
|
||||||
domain = "lan";
|
# domain = "lan";
|
||||||
expand-hosts = true;
|
# expand-hosts = true;
|
||||||
|
|
||||||
dhcp-authoritative = true;
|
# dhcp-authoritative = true;
|
||||||
|
|
||||||
conf-file = "/usr/share/dnsmasq/trust-anchors.conf";
|
# conf-file = "/usr/share/dnsmasq/trust-anchors.conf";
|
||||||
dnssec = true;
|
# dnssec = true;
|
||||||
|
|
||||||
except-interface = "${wan_if}";
|
# except-interface = "${wan_if}";
|
||||||
interface = "${lan_if}";
|
# interface = "${lan_if}";
|
||||||
|
|
||||||
enable-ra = true;
|
# enable-ra = true;
|
||||||
|
|
||||||
# dhcp-option = "121,${cidr},${ip}";
|
# # dhcp-option = "121,${cidr},${ip}";
|
||||||
|
|
||||||
dhcp-range = [
|
# dhcp-range = [
|
||||||
"lan,${lease.min},${lease.max},${netmask},10m"
|
# "lan,${dhcp_lease_space.min},${dhcp_lease_space.max},${netmask},10m"
|
||||||
"tag:${lan_if},::1,constructor:${lan_if},ra-names,12h"
|
# "tag:${lan_if},::1,constructor:${lan_if},ra-names,12h"
|
||||||
];
|
# ];
|
||||||
|
|
||||||
dhcp-host = [
|
# dhcp-host = [
|
||||||
"${hosts.dragon.host},${hosts.dragon.ip},12h"
|
# "${hosts.dragon.host},${hosts.dragon.ip},12h"
|
||||||
"${hosts.beefcake.host},${hosts.beefcake.ip},12h"
|
# "${hosts.beefcake.host},${hosts.beefcake.ip},12h"
|
||||||
];
|
# ];
|
||||||
|
|
||||||
# may need to go in /etc/hosts (networking.extraHosts), too?
|
# # may need to go in /etc/hosts (networking.extraHosts), too?
|
||||||
address = [
|
# address = [
|
||||||
"/video.lyte.dev/192.168.0.9"
|
# "/video.lyte.dev/192.168.0.9"
|
||||||
"/git.lyte.dev/192.168.0.9"
|
# "/git.lyte.dev/192.168.0.9"
|
||||||
"/bw.lyte.dev/192.168.0.9"
|
# "/bw.lyte.dev/192.168.0.9"
|
||||||
"/files.lyte.dev/192.168.0.9"
|
# "/files.lyte.dev/192.168.0.9"
|
||||||
"/vpn.h.lyte.dev/192.168.0.9"
|
# "/vpn.h.lyte.dev/192.168.0.9"
|
||||||
"/.h.lyte.dev/192.168.0.9"
|
# "/.h.lyte.dev/192.168.0.9"
|
||||||
];
|
# ];
|
||||||
|
|
||||||
server = [
|
# server = [
|
||||||
"${ip}"
|
# "${ip}"
|
||||||
"8.8.8.8"
|
# "8.8.8.8"
|
||||||
"8.8.4.4"
|
# "8.8.4.4"
|
||||||
"1.1.1.1"
|
# "1.1.1.1"
|
||||||
"1.0.0.1"
|
# "1.0.0.1"
|
||||||
];
|
# ];
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
nat.enable = true; # TODO: maybe replace some of the nftables stuff with this?
|
|
||||||
firewall.enable = false;
|
|
||||||
hostName = "router";
|
hostName = "router";
|
||||||
domain = "h.lyte.dev";
|
domain = "h.lyte.dev";
|
||||||
# useDHCP = true;
|
useDHCP = false;
|
||||||
|
|
||||||
interfaces = {
|
# useDHCP = true;
|
||||||
enp2s0 = {
|
# nat.enable = true; # TODO: maybe replace some of the nftables stuff with this module?
|
||||||
# should be wan0
|
|
||||||
useDHCP = true;
|
# interfaces = {
|
||||||
};
|
# enp2s0 = {
|
||||||
enp3s0 = {
|
# # should be wan0
|
||||||
# should be lan0
|
# useDHCP = true;
|
||||||
useDHCP = false;
|
# };
|
||||||
};
|
# enp3s0 = {
|
||||||
wan0 = {
|
# # should be lan0
|
||||||
useDHCP = true;
|
# useDHCP = false;
|
||||||
};
|
# };
|
||||||
lan0 = {
|
# wan0 = {
|
||||||
useDHCP = false;
|
# useDHCP = true;
|
||||||
};
|
# };
|
||||||
};
|
# lan0 = {
|
||||||
|
# useDHCP = false;
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
|
||||||
extraHosts = ''
|
extraHosts = ''
|
||||||
127.0.0.1 localhost
|
127.0.0.1 localhost
|
||||||
|
@ -207,6 +214,8 @@ in {
|
||||||
ff02::2 ip6-allrouters
|
ff02::2 ip6-allrouters
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
firewall.enable = false;
|
||||||
|
|
||||||
nftables = {
|
nftables = {
|
||||||
enable = true;
|
enable = true;
|
||||||
flushRuleset = true;
|
flushRuleset = true;
|
||||||
|
@ -349,7 +358,7 @@ in {
|
||||||
systemd.network = {
|
systemd.network = {
|
||||||
enable = true;
|
enable = true;
|
||||||
links = {
|
links = {
|
||||||
"${wan_if}" = {
|
"10-${wan_if}" = {
|
||||||
enable = true;
|
enable = true;
|
||||||
matchConfig = {
|
matchConfig = {
|
||||||
MACAddress = "00:01:2e:82:73:59";
|
MACAddress = "00:01:2e:82:73:59";
|
||||||
|
@ -358,7 +367,7 @@ in {
|
||||||
Name = wan_if;
|
Name = wan_if;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
"${lan_if}" = {
|
"10-${lan_if}" = {
|
||||||
enable = true;
|
enable = true;
|
||||||
matchConfig = {
|
matchConfig = {
|
||||||
MACAddress = "00:01:2e:82:73:5a";
|
MACAddress = "00:01:2e:82:73:5a";
|
||||||
|
|
Loading…
Reference in a new issue