diff --git a/config/graphical/fonts.nix b/config/graphical/fonts.nix index 3a95ea1..6890945 100644 --- a/config/graphical/fonts.nix +++ b/config/graphical/fonts.nix @@ -27,13 +27,13 @@ ''; - packages = with pkgs; [ - (pkgs.nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; }) - noto-fonts - noto-fonts-cjk-sans - noto-fonts-cjk-serif - noto-fonts-emoji - noto-fonts-extra + packages = [ + pkgs.nerd-fonts.symbols-only + pkgs.noto-fonts + pkgs.noto-fonts-cjk-sans + pkgs.noto-fonts-cjk-serif + pkgs.noto-fonts-emoji + pkgs.noto-fonts-extra ]; }; diff --git a/config/users.nix b/config/users.nix index c8c865c..4530289 100644 --- a/config/users.nix +++ b/config/users.nix @@ -41,5 +41,6 @@ actual = uidGid 970; flatpak = uidGid 969; plugdev.gid = 967; + unifi = uidGid 968; }; } diff --git a/flake.lock b/flake.lock index acfe139..a232c50 100644 --- a/flake.lock +++ b/flake.lock @@ -36,11 +36,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1732704340, - "narHash": "sha256-zcX8QIaaJJ5Us53vaWMPH2LNkZBCSwTH7pI+FgXCg+0=", + "lastModified": 1734208773, + "narHash": "sha256-K2ugS2XJSyF3lYCrT5SCJtSAqndn/c5OwPkC5Nl18BU=", "owner": "oddlama", "repo": "agenix-rekey", - "rev": "662522cf89fde332157e527b4322d614598631d9", + "rev": "1472730015a2b3da0de09d9f1538bab3a816f618", "type": "github" }, "original": { @@ -368,11 +368,11 @@ ] }, "locked": { - "lastModified": 1732742778, - "narHash": "sha256-i+Uw8VOHzQe9YdNwKRbzvaPWLE07tYVqUDzSFTXhRgk=", + "lastModified": 1734343412, + "narHash": "sha256-b7G8oFp0Nj01BYUJ6ENC9Qf/HsYAIZvN9k/p0Kg/PFU=", "owner": "nix-community", "repo": "disko", - "rev": "341482e2f4d888e3f60cae1c12c3df896e7230d8", + "rev": "a08bfe06b39e94eec98dd089a2c1b18af01fef19", "type": "github" }, "original": { @@ -669,11 +669,11 @@ "nixpkgs-lib": "nixpkgs-lib_3" }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -708,11 +708,11 @@ ] }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -762,11 +762,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -901,11 +901,11 @@ ] }, "locked": { - "lastModified": 1732021966, - "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", + "lastModified": 1734279981, + "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "3308484d1a443fc5bc92012435d79e80458fe43c", + "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785", "type": "github" }, "original": { @@ -1092,16 +1092,16 @@ "gnome-shell": { "flake": false, "locked": { - "lastModified": 1713702291, - "narHash": "sha256-zYP1ehjtcV8fo+c+JFfkAqktZ384Y+y779fzmR9lQAU=", + "lastModified": 1732369855, + "narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "0d0aadf013f78a7f7f1dc984d0d812971864b934", + "rev": "dadd58f630eeea41d645ee225a63f719390829dc", "type": "github" }, "original": { "owner": "GNOME", - "ref": "46.1", + "ref": "47.2", "repo": "gnome-shell", "type": "github" } @@ -1113,11 +1113,11 @@ ] }, "locked": { - "lastModified": 1732793095, - "narHash": "sha256-6TrknJ8CpvSSF4gviQSeD+wyj3siRcMvdBKhOXkEMKU=", + "lastModified": 1734344598, + "narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f7739d01080feb4549524e8f6927669b61c6ee3", + "rev": "83ecd50915a09dca928971139d3a102377a8d242", "type": "github" }, "original": { @@ -1134,11 +1134,11 @@ ] }, "locked": { - "lastModified": 1732482255, - "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", + "lastModified": 1734093295, + "narHash": "sha256-hSwgGpcZtdDsk1dnzA0xj5cNaHgN9A99hRF/mxMtwS4=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", + "rev": "66c5d8b62818ec4c1edb3e941f55ef78df8141a8", "type": "github" }, "original": { @@ -1174,11 +1174,11 @@ }, "impermanence": { "locked": { - "lastModified": 1731242966, - "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", + "lastModified": 1734200366, + "narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=", "owner": "nix-community", "repo": "impermanence", - "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", + "rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48", "type": "github" }, "original": { @@ -1237,11 +1237,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1732633513, - "narHash": "sha256-6LmtOmeDpv9iHS8l0GNcppP11dKIJFMZLdFyxQ+qQBM=", + "lastModified": 1734041466, + "narHash": "sha256-51bhaMe8BZuNAStUHvo07nDO72wmw8PAqkSYH4U31Yo=", "owner": "astro", "repo": "microvm.nix", - "rev": "093ef734d3c37669860043a87dbf1c09fc6f5b38", + "rev": "3910e65c3d92c82ea41ab295c66df4c0b4f9e7b3", "type": "github" }, "original": { @@ -1344,11 +1344,11 @@ ] }, "locked": { - "lastModified": 1732603785, - "narHash": "sha256-AEjWTJwOmSnVYsSJCojKgoguGfFfwel6z/6ud6UFMU8=", + "lastModified": 1733570843, + "narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "6ab87b7c84d4ee873e937108c4ff80c015a40c7a", + "rev": "a35b08d09efda83625bef267eb24347b446c80b8", "type": "github" }, "original": { @@ -1364,11 +1364,11 @@ ] }, "locked": { - "lastModified": 1732519917, - "narHash": "sha256-AGXhwHdJV0q/WNgqwrR2zriubLr785b02FphaBtyt1Q=", + "lastModified": 1734234111, + "narHash": "sha256-icEMqBt4HtGH52PU5FHidgBrNJvOfXH6VQKNtnD1aw8=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "f4a5ca5771ba9ca31ad24a62c8d511a405303436", + "rev": "311d6cf3ad3f56cb051ffab1f480b2909b3f754d", "type": "github" }, "original": { @@ -1387,11 +1387,11 @@ "pre-commit-hooks": "pre-commit-hooks_4" }, "locked": { - "lastModified": 1732192922, - "narHash": "sha256-xQO/3I99TFdiXTN5VoS28NpbNlCQWQUvxmPQHlfkzmU=", + "lastModified": 1734266385, + "narHash": "sha256-k9P9Sa6jw/Xre8UDp7Ukk75h4Tcq8ZrK+nz6A2MC1IM=", "owner": "oddlama", "repo": "nix-topology", - "rev": "2b107e98bbde932a363874e0ef5b1739a932bbc5", + "rev": "ba6f61e594a85eabebf1c8f373923b59b3b07448", "type": "github" }, "original": { @@ -1402,11 +1402,11 @@ }, "nixlib": { "locked": { - "lastModified": 1732410305, - "narHash": "sha256-/hxIKRTBsdrnudJWDGaBN8wIjHovqVAVxXdi8ByVtck=", + "lastModified": 1734224914, + "narHash": "sha256-hKWALzQ/RxxXdKWsLKXULru6XTag9Cc5exgVyS4a/AE=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "87b6978992e2eb605732fba842cad0a7e14b2047", + "rev": "538697b664a64fade8ce628d01f35d1f1fd82d77", "type": "github" }, "original": { @@ -1426,11 +1426,11 @@ "pre-commit-hooks": "pre-commit-hooks_5" }, "locked": { - "lastModified": 1732216602, - "narHash": "sha256-svG11P+vsHYKoDj1nWSGHoep4f+rzbRM/fdWPSVE/Uk=", + "lastModified": 1734380133, + "narHash": "sha256-gvbWJGjTpGJwyvK72Rf+z0aMVgKzpu+UWxbh7naZtvY=", "owner": "oddlama", "repo": "nixos-extra-modules", - "rev": "6841242d5f7c32fc8a214014f1c97ae935ef8b8e", + "rev": "558954ebb2959ea47bfa593f6a74ce54a21bfafd", "type": "github" }, "original": { @@ -1447,11 +1447,11 @@ ] }, "locked": { - "lastModified": 1732496924, - "narHash": "sha256-/MNhZLR0eh9z/d3l+ammq+F5XxHln0RHgO4Bhtjr0IM=", + "lastModified": 1734311693, + "narHash": "sha256-ODRrnbaUsOe3e4kp+uHl+iJxey5zE3kqiBqJWQxrlnY=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "098e8b6ff72c86944a8d54b64ddd7b7e6635830a", + "rev": "a5278f7c326205681f1f42a90fa46a75a13627eb", "type": "github" }, "original": { @@ -1462,11 +1462,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1732483221, - "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", + "lastModified": 1734352517, + "narHash": "sha256-mfv+J/vO4nqmIOlq8Y1rRW8hVsGH3M+I2ESMjhuebDs=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", + "rev": "b12e314726a4226298fe82776b4baeaa7bcf3dcd", "type": "github" }, "original": { @@ -1498,11 +1498,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732521221, - "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", + "lastModified": 1734119587, + "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", + "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", "type": "github" }, "original": { @@ -1538,14 +1538,14 @@ }, "nixpkgs-lib_3": { "locked": { - "lastModified": 1730504152, - "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", + "lastModified": 1733096140, + "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" } }, "nixpkgs-lib_4": { @@ -1711,11 +1711,11 @@ "treefmt-nix": "treefmt-nix_4" }, "locked": { - "lastModified": 1732726573, - "narHash": "sha256-gvCPgtcXGf/GZaJBHYrXuM5r2pFRG3VDr7uOb7B1748=", + "lastModified": 1734368549, + "narHash": "sha256-D8LYUU+IWbpmyjOAKEnKVOhd7Qfe7q+DvUNZTYoitKY=", "owner": "nix-community", "repo": "nixvim", - "rev": "fc9178d124eba824f1862513314d351784e1a84c", + "rev": "6c30476a4d5f761149945a65e74179f4492b1ea6", "type": "github" }, "original": { @@ -1734,11 +1734,11 @@ ] }, "locked": { - "lastModified": 1731936508, - "narHash": "sha256-z0BSSf78LkxIrrFXZYmCoRRAxAmxMUKpK7CyxQRvkZI=", + "lastModified": 1733773348, + "narHash": "sha256-Y47y+LesOCkJaLvj+dI/Oa6FAKj/T9sKVKDXLNsViPw=", "owner": "NuschtOS", "repo": "search", - "rev": "fe07070f811b717a4626d01fab714a87d422a9e1", + "rev": "3051be7f403bff1d1d380e4612f0c70675b44fc9", "type": "github" }, "original": { @@ -1928,11 +1928,11 @@ "nixpkgs-stable": "nixpkgs-stable_5" }, "locked": { - "lastModified": 1732021966, - "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", + "lastModified": 1734379367, + "narHash": "sha256-Keu8z5VgT5gnCF4pmB+g7XZFftHpfl4qOn7nqBcywdE=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "3308484d1a443fc5bc92012435d79e80458fe43c", + "rev": "0bb4be58f21ff38fc3cdbd6c778eb67db97f0b99", "type": "github" }, "original": { @@ -2189,11 +2189,11 @@ "spectrum": { "flake": false, "locked": { - "lastModified": 1729945407, - "narHash": "sha256-iGNMamNOAnVTETnIVqDWd6fl74J8fLEi1ejdZiNjEtY=", + "lastModified": 1733308308, + "narHash": "sha256-+RcbMAjSxV1wW5UpS9abIG1lFZC8bITPiFIKNnE7RLs=", "ref": "refs/heads/main", - "rev": "f1d94ee7029af18637dbd5fdf4749621533693fa", - "revCount": 764, + "rev": "80c9e9830d460c944c8f730065f18bb733bc7ee2", + "revCount": 792, "type": "git", "url": "https://spectrum-os.org/git/spectrum" }, @@ -2223,11 +2223,11 @@ "tinted-tmux": "tinted-tmux" }, "locked": { - "lastModified": 1732608183, - "narHash": "sha256-T5k5ill+PNIEW6KuS4CpUacMtZNJe2J2q5eBOF4xWuU=", + "lastModified": 1734110168, + "narHash": "sha256-Q0eeLYn45ErXlqGQyXmLLHGe1mqnUiK0Y9wZRa1SNFI=", "owner": "danth", "repo": "stylix", - "rev": "7689e621f87bce7b6ab1925dfd70ad1f4c80f334", + "rev": "a9e3779949925ef22f5a215c5f49cf520dea30b1", "type": "github" }, "original": { @@ -2499,11 +2499,11 @@ ] }, "locked": { - "lastModified": 1732643199, - "narHash": "sha256-uI7TXEb231o8dkwB5AUCecx3AQtosRmL6hKgnckvjps=", + "lastModified": 1733761991, + "narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "84637a7ab04179bdc42aa8fd0af1909fba76ad0c", + "rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085", "type": "github" }, "original": { @@ -2519,11 +2519,11 @@ ] }, "locked": { - "lastModified": 1732643199, - "narHash": "sha256-uI7TXEb231o8dkwB5AUCecx3AQtosRmL6hKgnckvjps=", + "lastModified": 1733761991, + "narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "84637a7ab04179bdc42aa8fd0af1909fba76ad0c", + "rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085", "type": "github" }, "original": { diff --git a/hosts/kroma/default.nix b/hosts/kroma/default.nix index afa46e2..e50a17e 100644 --- a/hosts/kroma/default.nix +++ b/hosts/kroma/default.nix @@ -28,6 +28,7 @@ ./fs.nix ./net.nix + ./unifi.nix ]; nixpkgs.hostPlatform = "x86_64-linux"; @@ -121,10 +122,4 @@ dockerCompat = true; defaultNetwork.settings.dns_enabled = true; }; - - users.deterministicIds.unifi = { - uid = 968; - gid = 968; - }; - services.unifi.enable = true; } diff --git a/hosts/kroma/unifi.nix b/hosts/kroma/unifi.nix new file mode 100644 index 0000000..43b8131 --- /dev/null +++ b/hosts/kroma/unifi.nix @@ -0,0 +1,15 @@ +{ lib, ... }: +{ + environment.persistence."/persist".directories = [ + { + directory = "/var/lib/unifi"; + mode = "0700"; + user = "unifi"; + group = "unifi"; + } + ]; + + services.unifi.enable = true; + # Don't autostart. + systemd.services.unifi.wantedBy = lib.mkForce [ ]; +} diff --git a/hosts/ward/net.nix b/hosts/ward/net.nix index 2caabac..4512838 100644 --- a/hosts/ward/net.nix +++ b/hosts/ward/net.nix @@ -4,6 +4,12 @@ lib, ... }: +let + vlans.personal = 10; + vlans.devices = 20; + vlans.iot = 30; + vlans.guest = 40; +in { boot.kernel.sysctl."net.ipv4.ip_forward" = 1; networking.hostId = config.repo.secrets.local.networking.hostId; @@ -42,86 +48,106 @@ # Create a MACVTAP for ourselves too, so that we can communicate with # our guests on the same interface. - systemd.network.netdevs."10-lan-self" = { - netdevConfig = { - Name = "lan-self"; - Kind = "macvlan"; - }; - extraConfig = '' - [MACVLAN] - Mode=bridge - ''; - }; + systemd.network.netdevs = + { + "10-lan-self" = { + netdevConfig = { + Name = "lan-self"; + Kind = "macvlan"; + }; + extraConfig = '' + [MACVLAN] + Mode=bridge + ''; + }; + } + // lib.flip lib.mapAttrs' vlans ( + vlanName: vlanId: + lib.nameValuePair "40-vlan-${vlanName}" { + netdevConfig = { + Kind = "vlan"; + Name = "vlan-${vlanName}"; + }; + vlanConfig.Id = vlanId; + } + ); - systemd.network.networks = { - "10-lan" = { - matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.lan.mac; - # This interface should only be used from attached macvtaps. - # So don't acquire a link local address and only wait for - # this interface to gain a carrier. - networkConfig.LinkLocalAddressing = "no"; - linkConfig.RequiredForOnline = "carrier"; - extraConfig = '' - [Network] - MACVLAN=lan-self - ''; - }; - "10-wan" = { - #DHCP = "yes"; - #dhcpV4Config.UseDNS = false; - #dhcpV6Config.UseDNS = false; - #ipv6AcceptRAConfig.UseDNS = false; - address = [ globals.net.home-wan.hosts.ward.cidrv4 ]; - gateway = [ globals.net.home-wan.hosts.fritzbox.ipv4 ]; - matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.wan.mac; - networkConfig.IPv6PrivacyExtensions = "yes"; - dhcpV6Config.PrefixDelegationHint = "::/64"; - # FIXME: This should not be needed, but for some reason part of networkd - # isn't seeing the RAs and not triggering DHCPv6. Even though some other - # part of networkd is properly seeing them and logging accordingly. - dhcpV6Config.WithoutRA = "solicit"; - linkConfig.RequiredForOnline = "routable"; - }; - "20-lan-self" = { - address = [ - globals.net.home-lan.hosts.ward.cidrv4 - globals.net.home-lan.hosts.ward.cidrv6 - ]; - matchConfig.Name = "lan-self"; - networkConfig = { - IPv4Forwarding = "yes"; - IPv6PrivacyExtensions = "yes"; - IPv6SendRA = true; - IPv6AcceptRA = false; - DHCPPrefixDelegation = true; - MulticastDNS = true; + systemd.network.networks = + { + "10-lan" = { + matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.lan.mac; + # This interface should only be used from attached macvtaps. + # So don't acquire a link local address and only wait for + # this interface to gain a carrier. + networkConfig.LinkLocalAddressing = "no"; + linkConfig.RequiredForOnline = "carrier"; + extraConfig = '' + [Network] + MACVLAN=lan-self + ''; }; - dhcpPrefixDelegationConfig.UplinkInterface = "wan"; - dhcpPrefixDelegationConfig.Token = "::ff"; - # Announce a static prefix - ipv6Prefixes = [ - { Prefix = globals.net.home-lan.cidrv6; } - ]; - # Delegate prefix - dhcpPrefixDelegationConfig = { - SubnetId = "22"; + "10-wan" = { + #DHCP = "yes"; + #dhcpV4Config.UseDNS = false; + #dhcpV6Config.UseDNS = false; + #ipv6AcceptRAConfig.UseDNS = false; + address = [ globals.net.home-wan.hosts.ward.cidrv4 ]; + gateway = [ globals.net.home-wan.hosts.fritzbox.ipv4 ]; + matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.wan.mac; + networkConfig.IPv6PrivacyExtensions = "yes"; + dhcpV6Config.PrefixDelegationHint = "::/64"; + # FIXME: This should not be needed, but for some reason part of networkd + # isn't seeing the RAs and not triggering DHCPv6. Even though some other + # part of networkd is properly seeing them and logging accordingly. + dhcpV6Config.WithoutRA = "solicit"; + linkConfig.RequiredForOnline = "routable"; }; - # Provide a DNS resolver - # ipv6SendRAConfig = { - # Managed = true; - # EmitDNS = true; - # FIXME: this is not the true ipv6 of adguardhome DNS = globals.net.home-lan.hosts.ward-adguardhome.ipv6; - # FIXME: todo assign static additional to reservation in kea - # }; - linkConfig.RequiredForOnline = "routable"; - }; - # Remaining macvtap interfaces should not be touched. - "90-macvtap-ignore" = { - matchConfig.Kind = "macvtap"; - linkConfig.ActivationPolicy = "manual"; - linkConfig.Unmanaged = "yes"; - }; - }; + "20-lan-self" = { + address = [ + globals.net.home-lan.hosts.ward.cidrv4 + globals.net.home-lan.hosts.ward.cidrv6 + ]; + matchConfig.Name = "lan-self"; + networkConfig = { + IPv4Forwarding = "yes"; + IPv6PrivacyExtensions = "yes"; + IPv6SendRA = true; + IPv6AcceptRA = false; + DHCPPrefixDelegation = true; + MulticastDNS = true; + }; + dhcpPrefixDelegationConfig.UplinkInterface = "wan"; + dhcpPrefixDelegationConfig.Token = "::ff"; + # Announce a static prefix + ipv6Prefixes = [ + { Prefix = globals.net.home-lan.cidrv6; } + ]; + # Delegate prefix + dhcpPrefixDelegationConfig = { + SubnetId = "22"; + }; + # Provide a DNS resolver + # ipv6SendRAConfig = { + # Managed = true; + # EmitDNS = true; + # FIXME: this is not the true ipv6 of adguardhome DNS = globals.net.home-lan.hosts.ward-adguardhome.ipv6; + # FIXME: todo assign static additional to reservation in kea + # }; + linkConfig.RequiredForOnline = "routable"; + }; + # Remaining macvtap interfaces should not be touched. + "90-macvtap-ignore" = { + matchConfig.Kind = "macvtap"; + linkConfig.ActivationPolicy = "manual"; + linkConfig.Unmanaged = "yes"; + }; + } + // lib.flip lib.mapAttrs' vlans ( + vlanName: _: + lib.nameValuePair "40-vlan-${vlanName}" { + matchConfig.Name = "vlan-${vlanName}"; + } + ); networking.nftables.firewall = { snippets.nnf-icmp.ipv6Types = [ diff --git a/pkgs/TransferOrb.png b/pkgs/TransferOrb.png deleted file mode 100644 index d513cc3..0000000 Binary files a/pkgs/TransferOrb.png and /dev/null differ diff --git a/pkgs/awakened-poe-trade.nix b/pkgs/awakened-poe-trade.nix deleted file mode 100644 index 53b54ab..0000000 --- a/pkgs/awakened-poe-trade.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - pkgs, - fetchurl, -}: -let - name = "awakened-poe-trade"; - version = "3.24.10002"; - description = "Path of Exile trading app for price checking"; - desktopEntry = pkgs.writeText "awakened-poe.desktop" '' - [Desktop Entry] - Type=Application - Version=${version} - Name=Awakened PoE Trade - GenericName=${description} - Icon=/share/applications/awakened-poe-trade.png - Exec=${name} - Terminal=false - Categories=Game - ''; - file = "Awakened-PoE-Trade-${version}.AppImage"; -in -pkgs.appimageTools.wrapType2 { - name = "awakened-poe-trade"; - src = fetchurl { - url = "https://github.com/SnosMe/awakened-poe-trade/releases/download/v${version}/${file}"; - hash = "sha256-ieRBYrtpB8GgnDDy+fDuwamix5syRH3NG5jE5UoGg5A="; - }; - - extraInstallCommands = '' - mkdir -p $out/share/applications - cp ${./TransferOrb.png} $out/share/applications/awakened-poe-trade.png - cp ${desktopEntry} $out/share/applications/${name}.desktop - substituteInPlace $out/share/applications/awakened-poe-trade.desktop --replace /share/ $out/share/ - ''; -} diff --git a/pkgs/default.nix b/pkgs/default.nix index 3383ddb..a311cd5 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -3,7 +3,6 @@ _inputs: [ (_final: prev: { deploy = prev.callPackage ./deploy.nix { }; git-fuzzy = prev.callPackage ./git-fuzzy { }; - awakened-poe-trade = prev.callPackage ./awakened-poe-trade.nix { }; segoe-ui-ttf = prev.callPackage ./segoe-ui-ttf.nix { }; zsh-histdb-skim = prev.callPackage ./zsh-skim-histdb.nix { }; actual-server = prev.callPackage ./actual-server.nix { }; diff --git a/users/config/impermanence.nix b/users/config/impermanence.nix index 6e25bc9..ae07bc7 100644 --- a/users/config/impermanence.nix +++ b/users/config/impermanence.nix @@ -25,6 +25,9 @@ in ] ++ optionals nixosConfig.services.pipewire.enable [ ".local/state/wireplumber" + ] + ++ optionals nixosConfig.programs.steam.enable [ + ".local/share/Steam" ]; home.persistence."/persist".directories = @@ -32,7 +35,7 @@ in ".local/share/nix" # Repl history ] ++ optionals nixosConfig.programs.steam.enable [ - ".local/share/Steam" + ".local/share/Steam/userdata" ".steam" ]; } diff --git a/users/myuser/graphical/games/poe.nix b/users/myuser/graphical/games/poe.nix index 02bbdb9..3752a03 100644 --- a/users/myuser/graphical/games/poe.nix +++ b/users/myuser/graphical/games/poe.nix @@ -9,7 +9,6 @@ ]; home.packages = [ - pkgs.awakened-poe-trade pkgs.path-of-building ]; }