toaster works

hosts/toaster/default.nix

@@ -5,10 +5,8 @@
     ./hardware-configuration.nix
     # ./irc.nix
     ./stateful-network.nix
-    # ./network.nix
-    # ./network-vpns.nix
     # ./secrets.nix
-    # ./secure-boot.nix
+    ./secure-boot.nix
     ./zfs.nix
   ];
 
@@ -50,6 +48,8 @@
 
   environment.systemPackages = with pkgs; [
     # factorio
+    element-desktop
+    discord
   ];
 
   services.emacs.defaultEditor = false;

hosts/toaster/secure-boot.nix

@@ -4,7 +4,7 @@
     loader.systemd-boot.enable = lib.mkForce false;
     lanzaboote = {
       enable = true;
-      pkiBundle = "/etc/secureboot";
+      pkiBundle = "/var/lib/sbctl";
     };
   };
 

hosts/toaster/stateful-network.nix

@@ -18,22 +18,4 @@
     ];
   };
 
-  # fixup the rpfilter fucking up the networkmanager wireguard
-  networking.firewall = {
-    # if packets are still dropped, they will show up in dmesg
-    logReversePathDrops = true;
-    # wireguard trips rpfilter up
-    extraCommands = ''
-      ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
-      ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
-      ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 1337 -j RETURN
-      ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 1337 -j RETURN
-    '';
-    extraStopCommands = ''
-      ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
-      ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
-      ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 1337 -j RETURN || true
-      ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 1337 -j RETURN || true
-    '';
-  };
 }