yolo

hosts/microwave/configuration.nix

@@ -18,7 +18,7 @@
     kicad
     gimp
     inkscape
-    (xfce.thunar.override { thunarPlugins = with xfce; [ thunar-volman thunar-archive-plugin ];})
+    #(xfce.thunar.override { thunarPlugins = with xfce; [ thunar-volman thunar-archive-plugin ];})
   ];
 
 
@@ -73,6 +73,7 @@
       "plugdev"
       "dialout"
       "bluetooth"
+      "networkmanager"
     ];
     group = "users";
     home = "/home/grue";

hosts/microwave/default.nix

@@ -3,7 +3,7 @@
     ./configuration.nix
     ./hardware-configuration.nix
 
-    ./network.nix
+    ./stateful-networking.nix
     ./secrets.nix
   ];
 }

hosts/microwave/stateful-networking.nix

@@ -0,0 +1,30 @@
+{ pkgs, config, ... }: {
+  networking = {
+    hostName = "microwave"; # Define your hostname.
+    hostId = "7da4f1e6";
+    firewall.enable = true;
+    wireguard.enable = true;
+    # wireless.iwd.enable = true;
+    # networkmanager.wifi.backend = "iwd";
+  };
+
+  # fix networkmanager wireguard
+ networking.firewall = {
+   # if packets are still dropped, they will show up in dmesg
+   logReversePathDrops = true;
+   # wireguard trips rpfilter up
+   extraCommands = ''
+     ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
+     ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
+   '';
+   extraStopCommands = ''
+     ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
+     ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
+   '';
+  };
+
+  services.resolved = {
+    enable = true;
+    dnssec = "allow-downgrade";
+  };
+}