diff --git a/hosts/toaster/default.nix b/hosts/toaster/default.nix index 483d3e8..858f166 100644 --- a/hosts/toaster/default.nix +++ b/hosts/toaster/default.nix @@ -4,6 +4,7 @@ ./amdgpu-sg-fix.nix ./hardware-configuration.nix ./irc.nix + ./network-vpns.nix ./network.nix ./secrets.nix ./zfs.nix @@ -35,7 +36,6 @@ "plugdev" "dialout" "bluetooth" - "networkmanager" ]; group = "users"; home = "/home/grue"; @@ -56,4 +56,5 @@ # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.05"; # Did you read the comment? + } diff --git a/hosts/toaster/hardware-configuration.nix b/hosts/toaster/hardware-configuration.nix index 1659b6d..7e3b087 100644 --- a/hosts/toaster/hardware-configuration.nix +++ b/hosts/toaster/hardware-configuration.nix @@ -82,9 +82,10 @@ # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + + networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true; + #networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + networking.interfaces.wlan0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/toaster/network.nix b/hosts/toaster/network.nix index 8f11b45..26def6b 100644 --- a/hosts/toaster/network.nix +++ b/hosts/toaster/network.nix @@ -4,7 +4,10 @@ networking = { hostName = "toaster"; firewall.enable = true; + networkmanager.enable = false; + useNetworkd = true; wireguard.enable = true; + wireless.iwd.enable = true; }; services.resolved = { @@ -18,22 +21,37 @@ ]; }; - # fixup the rpfilter fucking up the networkmanager wireguard - networking.firewall = { - # if packets are still dropped, they will show up in dmesg - logReversePathDrops = true; - # wireguard trips rpfilter up - extraCommands = '' - ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN - ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN - ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 1337 -j RETURN - ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 1337 -j RETURN - ''; - extraStopCommands = '' - ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true - ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true - ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 1337 -j RETURN || true - ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 1337 -j RETURN || true - ''; + # workaround for networkd waiting for shit + systemd.services.systemd-networkd-wait-online.serviceConfig.ExecStart = [ + "" # clear old command + "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online --any" + ]; + + systemd.network = { + enable = true; + + networks."10-ether" = { + matchConfig.MACAddress = "e8:80:88:2f:c6:70"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + }; + }; + networks."10-dock" = { + matchConfig.Name = "enp5s0f4u1u1"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + }; + dhcpV4Config = { RouteMetric = 666; }; + }; + networks."10-wlan" = { + # matchConfig.MACAddress = "04:7b:cb:2a:aa:8c"; + matchConfig.Name = "wlan0"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + }; + }; }; }