diff --git a/hosts/toaster/default.nix b/hosts/toaster/default.nix index e7ff5b9..3f6f078 100644 --- a/hosts/toaster/default.nix +++ b/hosts/toaster/default.nix @@ -3,7 +3,6 @@ ./amd.nix ./hardware-configuration.nix ./irc.nix - ./network-vpns.nix ./network.nix ./secrets.nix ./secure-boot.nix @@ -36,6 +35,7 @@ "plugdev" "dialout" "bluetooth" + "networkmanager" ]; group = "users"; home = "/home/grue"; @@ -52,5 +52,4 @@ # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.05"; # Did you read the comment? - } diff --git a/hosts/toaster/hardware-configuration.nix b/hosts/toaster/hardware-configuration.nix index aa2aacb..7304364 100644 --- a/hosts/toaster/hardware-configuration.nix +++ b/hosts/toaster/hardware-configuration.nix @@ -83,8 +83,8 @@ # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true; - #networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; - networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/toaster/network.nix b/hosts/toaster/network.nix index 26def6b..8f11b45 100644 --- a/hosts/toaster/network.nix +++ b/hosts/toaster/network.nix @@ -4,10 +4,7 @@ networking = { hostName = "toaster"; firewall.enable = true; - networkmanager.enable = false; - useNetworkd = true; wireguard.enable = true; - wireless.iwd.enable = true; }; services.resolved = { @@ -21,37 +18,22 @@ ]; }; - # workaround for networkd waiting for shit - systemd.services.systemd-networkd-wait-online.serviceConfig.ExecStart = [ - "" # clear old command - "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online --any" - ]; - - systemd.network = { - enable = true; - - networks."10-ether" = { - matchConfig.MACAddress = "e8:80:88:2f:c6:70"; - networkConfig = { - DHCP = "yes"; - IPv6AcceptRA = true; - }; - }; - networks."10-dock" = { - matchConfig.Name = "enp5s0f4u1u1"; - networkConfig = { - DHCP = "yes"; - IPv6AcceptRA = true; - }; - dhcpV4Config = { RouteMetric = 666; }; - }; - networks."10-wlan" = { - # matchConfig.MACAddress = "04:7b:cb:2a:aa:8c"; - matchConfig.Name = "wlan0"; - networkConfig = { - DHCP = "yes"; - IPv6AcceptRA = true; - }; - }; + # fixup the rpfilter fucking up the networkmanager wireguard + networking.firewall = { + # if packets are still dropped, they will show up in dmesg + logReversePathDrops = true; + # wireguard trips rpfilter up + extraCommands = '' + ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN + ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN + ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 1337 -j RETURN + ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 1337 -j RETURN + ''; + extraStopCommands = '' + ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true + ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true + ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 1337 -j RETURN || true + ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 1337 -j RETURN || true + ''; }; }