5 files changed, 89 insertions, 19 deletions

diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix
new file mode 100644
index 00000000..0d82ba61
--- /dev/null
+++ b/lass/1systems/morpheus/config.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+  imports = [
+    <stockholm/lass>
+
+    <stockholm/lass/2configs/retiolum.nix>
+    <stockholm/lass/2configs/power-action.nix>
+    <stockholm/lass/2configs/baseX.nix>
+    <stockholm/lass/2configs/games.nix>
+    <stockholm/lass/2configs/steam.nix>
+  ];
+
+  krebs.build.host = config.krebs.hosts.morpheus;
+
+  networking.wireless.enable = false;
+  networking.networkmanager.enable = true;
+
+  services.logind.extraConfig = ''
+    HandleLidSwitch=ignore
+  '';
+
+  nixpkgs.config.packageOverrides = super: {
+    steam = super.steam.override {
+      withPrimus = true;
+      extraPkgs = p: with p; [
+        glxinfo
+        nettools
+        bumblebee
+      ];
+    };
+  };
+}
diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix
new file mode 100644
index 00000000..0f08acb2
--- /dev/null
+++ b/lass/1systems/morpheus/physical.nix
@@ -0,0 +1,32 @@
+{ lib, ... }:
+{
+  imports = [
+    <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    ./config.nix
+  ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostId = "60ce7e88";
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.kernelParams = [ "acpi_osi=!" ''acpi_osi="Windows 2009"'' ];
+
+  hardware.bumblebee.enable = true;
+  hardware.bumblebee.group = "video";
+
+  fileSystems."/" =
+    { device = "rpool/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/DF3B-4528";
+      fsType = "vfat";
+    };
+
+  nix.maxJobs = lib.mkDefault 8;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 207c7c64..46cdbbb6 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -34,6 +34,7 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/backup.nix>
     <stockholm/lass/2configs/print.nix>
     <stockholm/lass/2configs/blue-host.nix>
+    <stockholm/lass/2configs/network-manager.nix>
     {
       krebs.iptables.tables.filter.INPUT.rules = [
         #risk of rain
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index e2097e93..ec397651 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -297,31 +297,28 @@ with import <stockholm/lib>;
       };
     }
     {
-      krebs.iptables.tables.filter.INPUT.rules = [
-         { predicate = "-p udp --dport 51820"; target = "ACCEPT"; }
-      ];
-      krebs.iptables.tables.nat.PREROUTING.rules = [
-        { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+      imports = [
+        <stockholm/lass/2configs/wirelum.nix>
       ];
+      #krebs.iptables.tables.nat.PREROUTING.rules = [
+      #  { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+      #];
       krebs.iptables.tables.filter.FORWARD.rules = [
-        { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+        { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24 -d 10.243.0.0/16"; target = "ACCEPT"; }
         { v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
       ];
       krebs.iptables.tables.nat.POSTROUTING.rules = [
         { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
       ];
-      networking.wireguard.interfaces.wg0 = {
-        ips = [ "10.244.1.1/24" ];
-        listenPort = 51820;
-        privateKeyFile = (toString <secrets>) + "/wireguard.key";
-        allowedIPsAsRoutes = true;
-        peers = [
-          {
-            # lass-android
-            allowedIPs = [ "10.244.1.2/32" ];
-            publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
-          }
-        ];
+      services.dnsmasq = {
+        enable = true;
+        resolveLocalQueries = false;
+
+        extraConfig= ''
+          listen-address=10.244.1.1
+          except-interface=lo
+          interface=wg0
+        '';
       };
     }
     {
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index ff7b2368..58fa564a 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -19,7 +19,11 @@ with import <stockholm/lib>;
   users.groups.download.members = [ "transmission" ];
   users.users.transmission.group = mkForce "download";
 
-  systemd.services.transmission.serviceConfig.bindsTo = [ "openvpn-nordvpn.service" ];
+  systemd.services.transmission.bindsTo = [ "openvpn-nordvpn.service" ];
+  systemd.services.transmission.after = [ "openvpn-nordvpn.service" ];
+  systemd.services.transmission.postStart = ''
+    chmod 775 /var/download/finished
+  '';
   services.transmission = {
     enable = true;
     settings = {
@@ -52,6 +56,9 @@ with import <stockholm/lib>;
           autoindex on;
         '';
       };
+      locations."/dl".extraConfig = ''
+        return 301 /;
+      '';
       locations."/" = {
         root = "/var/download/finished";
         extraConfig = ''