From 471a693432f55cbb4960450bfe5a5fc8f30e8728 Mon Sep 17 00:00:00 2001 From: Dmitriy Holkin Date: Sat, 23 Nov 2019 22:30:04 +0400 Subject: [PATCH] fix wireguard, add udev rules --- modules/hardware.nix | 2 ++ modules/wireguard.nix | 10 ++++++---- modules/workspace/i3/default.nix | 4 ++-- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/modules/hardware.nix b/modules/hardware.nix index 67510ce..e6b232a 100644 --- a/modules/hardware.nix +++ b/modules/hardware.nix @@ -72,5 +72,7 @@ with deviceSpecific; { }; services.fwupd.enable = (device == "Dell-Laptop"); + # Add udev rules for android + services.udev.packages = [ pkgs.android-udev-rules ]; } diff --git a/modules/wireguard.nix b/modules/wireguard.nix index 444ea71..0b37160 100644 --- a/modules/wireguard.nix +++ b/modules/wireguard.nix @@ -26,13 +26,15 @@ in { ''; postStart = lib.mkIf cfg.killswitch '' - iptables -I OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && iptables -I OUTPUT -s 192.168.0.0/24 -j ACCEPT - ${lib.strings.optionalString (config.virtualisation.docker.enable) "iptables -I OUTPUT -s 172.17.0.0/16 -j ACCEPT"} + iptables -I OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT + # Allow IPv4 private ip addresses + iptables -I OUTPUT -s 192.168.0.0/16 -j ACCEPT && iptables -I OUTPUT -s 172.16.0.0/12 -j ACCEPT ''; preStop = '' - ${lib.strings.optionalString (cfg.killswitch) "iptables -D OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && iptables -D OUTPUT -s 192.168.0.0/24"} - ${lib.strings.optionalString (cfg.killswitch && config.virtualisation.docker.enable) "iptables -D OUTPUT -s 172.17.0.0/16"} + ${lib.strings.optionalString (cfg.killswitch) "iptables -D OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT"} + # Delete rule thats allow IPv4 private ip addresses + ${lib.strings.optionalString (cfg.killswitch) "iptables -D OUTPUT -s 192.168.0.0/16 && iptables -D OUTPUT -s 172.16.0.0/12"} wg-quick down /root/wg0.conf ''; diff --git a/modules/workspace/i3/default.nix b/modules/workspace/i3/default.nix index 27925ed..284c60f 100644 --- a/modules/workspace/i3/default.nix +++ b/modules/workspace/i3/default.nix @@ -144,11 +144,11 @@ in { "${modifier}+Shift+l" = "exec ${pkgs.i3lock-fancy}/bin/i3lock-fancy -f Roboto-Medium"; "${modifier}+Print" = script "screenshot" - "${pkgs.maim}/bin/maim Pictures/$(date +%s).png"; + "${pkgs.maim}/bin/maim ~/Pictures/$(date +%s).png"; "${modifier}+Control+Print" = script "screenshot-copy" "${pkgs.maim}/bin/maim | xclip -selection clipboard -t image/png"; "--release ${modifier}+Shift+Print" = script "screenshot-area" - "${pkgs.maim}/bin/maim -s Pictures/$(date +%s).png"; + "${pkgs.maim}/bin/maim -s ~/Pictures/$(date +%s).png"; "--release ${modifier}+Control+Shift+Print" = script "screenshot-area-copy" "${pkgs.maim}/bin/maim -s | xclip -selection clipboard -t image/png";