magpie/networking: iptables -> nftables

home/kanshi: add display positions for docked profile
home/swayidle: update lock script
2025-02-10 15:15:44 +01:00 · 2025-02-05 11:56:19 +01:00 · 2025-02-05 11:55:41 +01:00
2 changed files with 28 additions and 20 deletions
--- a/home/home.nix
+++ b/home/home.nix
@@ -254,6 +254,7 @@ in
          TMP_FILE=$(${pkgs.coreutils}/bin/mktemp /tmp/.swaylock_ss_XXXXXX.jpg)
          ${lib.getExe pkgs.grim} -t ppm - | ${pkgs.imagemagick}/bin/convert - -blur 0x12 "$TMP_FILE"
          ${lib.getExe pkgs.swaylock} -f -i "$TMP_FILE"
+          ${pkgs.coreutils}/bin/shred "$TMP_FILE"
          ${pkgs.coreutils}/bin/rm "$TMP_FILE"
        '';
      in
@@ -298,14 +299,17 @@ in
          profile.outputs = [
            {
              criteria = "eDP-1";
+              position = "3840,0";
            }
            {
              criteria = "Philips Consumer Electronics Company PHL 272S1 UHB2347026536";
              mode = "1920x1080@74.973Hz";
+              position = "5760,0";
            }
            {
              criteria = "Philips Consumer Electronics Company PHL 272S1 UHB2347026535";
              mode = "1920x1080@74.973Hz";
+              position = "7680,0";
            }
          ];
        }
--- a/magpie/configuration.nix
+++ b/magpie/configuration.nix
@@ -333,24 +333,28 @@
  };

  networking.hostName = "magpie";
-
-  networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [
+  networking.firewall = {
+    nftables.enable = true;
+    enable = true;
+    allowedTCPPorts = [
      80
      443
      587
      2049
    ]; # http, mail, mail, nfs
-  networking.firewall.allowedUDPPorts = [
+    allowedUDPPorts = [
      443
      51820
    ]; # mail, wireguard
-  networking.firewall.allowPing = true;
-  networking.firewall.logRefusedConnections = lib.mkDefault false;
+    allowPing = true;
+    logRefusedConnections = lib.mkDefault false;
+  };

-  networking.nat.enable = true;
-  networking.nat.externalInterface = "enp1s0";
-  networking.nat.internalInterfaces = [ "wg0" ];
+  networking.nat = {
+    enable = true;
+    externalInterface = "enp1s0";
+    internalInterfaces = [ "wg0" ];
+  };

  networking.networkmanager.enable = true;
  networking.wireless.enable = false;
@@ -363,11 +367,11 @@
      # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
      # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
      postSetup = ''
-        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
+        ${pkgs.nftables}/bin/nft add rule ip nat POSTROUTING oifname "eth0" ip saddr 10.100.0.0/24 counter masquerade
      '';
-      # This undoes the above command
+      # This undoes the above command, TODO fix command below to be more specific
      postShutdown = ''
-        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
+        ${pkgs.nftables}/bin/nft flush table ip nat
      '';
      privateKeyFile = config.sops.secrets."wg_privkey".path;
Author	SHA1	Message	Date
Asmir A	a624cbcfd1	magpie/networking: iptables -> nftables	2025-02-10 15:15:44 +01:00
Asmir A	f7246dc661	home/kanshi: add display positions for docked profile	2025-02-05 11:56:19 +01:00
Asmir A	5fc1e89975	home/swayidle: update lock script	2025-02-05 11:55:41 +01:00