Merge remote-tracking branch 'lass/master' into HEAD

author: makefu <github@syntax-fehler.de> 2018-12-12 17:53:38 +0100
committer: makefu <github@syntax-fehler.de> 2018-12-12 17:53:38 +0100
commit: 97aaf34c3311291ac47967ac1313e2d955b8228a (patch)
tree: d119d7ae674863f645e840e14bde0fbfe6f6a16c /lass/2configs
parent: 2e18ee84f02c0d7abcf936b1d39c42ab8e75825c (diff)
parent: 25cf61f6a74b69656d15f52021f25a6c2e4068e6 (diff)
6 files changed, 51 insertions, 4 deletions
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index d781f8c7..859a2a1b 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -9,7 +9,6 @@ in {
     ./power-action.nix
     ./copyq.nix
     ./urxvt.nix
-    ./network-manager.nix
     {
       hardware.pulseaudio = {
         enable = true;
@@ -97,9 +96,9 @@ in {
     enable = true;
     layout = "us";
     display = mkForce 0;
-    xkbModel = "evdev";
     xkbVariant = "altgr-intl";
-    xkbOptions = "caps:backspace";
+    xkbOptions = "caps:escape";
+    libinput.enable = true;
     displayManager.lightdm.enable = true;
     windowManager.default = "xmonad";
     windowManager.session = [{
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index a4311317..dea32d4d 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -10,6 +10,7 @@ with import <stockholm/lib>;
     ./zsh.nix
     ./htop.nix
     ./security-workarounds.nix
+    ./wirelum.nix
     {
       users.extraUsers =
         mapAttrs (_: h: { hashedPassword = h; })
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 1ee45bb4..1acfe505 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -94,6 +94,7 @@ with import <stockholm/lib>;
       { from = "osmocom@lassul.us"; to = lass.mail; }
       { from = "lesswrong@lassul.us"; to = lass.mail; }
       { from = "nordvpn@lassul.us"; to = lass.mail; }
+      { from = "csv-direct@lassul.us"; to = lass.mail; }
     ];
     system-aliases = [
       { from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 49602898..62e3f6d5 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -57,6 +57,7 @@ let
 
 in {
   environment.systemPackages = with pkgs; [
+    dolphinEmu
     doom1
     doom2
     vdoom1
diff --git a/lass/2configs/mouse.nix b/lass/2configs/mouse.nix
index 098809d6..f5f9319e 100644
--- a/lass/2configs/mouse.nix
+++ b/lass/2configs/mouse.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ lib, ... }:
 {
   hardware.trackpoint = {
     enable = true;
@@ -7,6 +7,7 @@
     emulateWheel = true;
   };
 
+  services.xserver.libinput.enable = lib.mkForce false;
   services.xserver.synaptics = {
     enable = true;
     horizEdgeScroll = false;
diff --git a/lass/2configs/wirelum.nix b/lass/2configs/wirelum.nix
new file mode 100644
index 00000000..cd8a20c6
--- /dev/null
+++ b/lass/2configs/wirelum.nix
@@ -0,0 +1,44 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: let
+
+  self = config.krebs.build.host.nets.wirelum;
+  isRouter = !isNull self.via;
+
+in mkIf (hasAttr "wirelum" config.krebs.build.host.nets) {
+  #hack for modprobe inside containers
+  systemd.services."wireguard-wirelum".path = mkIf config.boot.isContainer (mkBefore [
+    (pkgs.writeDashBin "modprobe" ":")
+  ]);
+
+  boot.kernel.sysctl = mkIf isRouter {
+    "net.ipv6.conf.all.forwarding" = 1;
+  };
+  krebs.iptables.tables.filter.INPUT.rules = [
+     { predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; }
+  ];
+  krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [
+    { precedence = 1000; predicate = "-i wirelum -o wirelum"; target = "ACCEPT"; }
+  ];
+
+  networking.wireguard.interfaces.wirelum = {
+    ips =
+      (optional (!isNull self.ip4) self.ip4.addr) ++
+      (optional (!isNull self.ip6) self.ip6.addr);
+    listenPort = 51820;
+    privateKeyFile = (toString <secrets>) + "/wirelum.key";
+    allowedIPsAsRoutes = true;
+    peers = mapAttrsToList
+      (_: host: {
+        allowedIPs = if isRouter then
+          (optional (!isNull host.nets.wirelum.ip4) host.nets.wirelum.ip4.addr) ++
+          (optional (!isNull host.nets.wirelum.ip6) host.nets.wirelum.ip6.addr)
+        else
+          host.nets.wirelum.wireguard.subnets
+        ;
+        endpoint = mkIf (!isNull host.nets.wirelum.via) (host.nets.wirelum.via.ip4.addr + ":${toString host.nets.wirelum.wireguard.port}");
+        persistentKeepalive = mkIf (!isNull host.nets.wirelum.via) 61;
+        publicKey = host.nets.wirelum.wireguard.pubkey;
+      })
+      (filterAttrs (_: h: hasAttr "wirelum" h.nets) config.krebs.hosts);
+  };
+}
author	makefu <github@syntax-fehler.de>	2018-12-12 17:53:38 +0100
committer	makefu <github@syntax-fehler.de>	2018-12-12 17:53:38 +0100
commit	97aaf34c3311291ac47967ac1313e2d955b8228a (patch)
tree	d119d7ae674863f645e840e14bde0fbfe6f6a16c /lass/2configs
parent	2e18ee84f02c0d7abcf936b1d39c42ab8e75825c (diff)
parent	25cf61f6a74b69656d15f52021f25a6c2e4068e6 (diff)