AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix wireguard, add udev rules

Browse Source
This commit is contained in:
Dmitriy Holkin 2019-11-23 22:30:04 +04:00
parent 45cc5eb780
commit 471a693432
3 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/hardware.nix
View File

@ -72,5 +72,7 @@ with deviceSpecific; {
}; };
services.fwupd.enable = (device == "Dell-Laptop"); services.fwupd.enable = (device == "Dell-Laptop");
# Add udev rules for android
services.udev.packages = [ pkgs.android-udev-rules ];
} }

10
modules/wireguard.nix
View File

@ -26,13 +26,15 @@ in {
''; '';
postStart = lib.mkIf cfg.killswitch '' postStart = lib.mkIf cfg.killswitch ''
iptables -I OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && iptables -I OUTPUT -s 192.168.0.0/24 -j ACCEPT iptables -I OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
${lib.strings.optionalString (config.virtualisation.docker.enable) "iptables -I OUTPUT -s 172.17.0.0/16 -j ACCEPT"} # Allow IPv4 private ip addresses
iptables -I OUTPUT -s 192.168.0.0/16 -j ACCEPT && iptables -I OUTPUT -s 172.16.0.0/12 -j ACCEPT
''; '';
preStop = '' preStop = ''
${lib.strings.optionalString (cfg.killswitch) "iptables -D OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && iptables -D OUTPUT -s 192.168.0.0/24"} ${lib.strings.optionalString (cfg.killswitch) "iptables -D OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT"}
${lib.strings.optionalString (cfg.killswitch && config.virtualisation.docker.enable) "iptables -D OUTPUT -s 172.17.0.0/16"} # Delete rule thats allow IPv4 private ip addresses
${lib.strings.optionalString (cfg.killswitch) "iptables -D OUTPUT -s 192.168.0.0/16 && iptables -D OUTPUT -s 172.16.0.0/12"}
wg-quick down /root/wg0.conf wg-quick down /root/wg0.conf
''; '';

4
modules/workspace/i3/default.nix
View File

@ -144,11 +144,11 @@ in {
"${modifier}+Shift+l" = "exec ${pkgs.i3lock-fancy}/bin/i3lock-fancy -f Roboto-Medium"; "${modifier}+Shift+l" = "exec ${pkgs.i3lock-fancy}/bin/i3lock-fancy -f Roboto-Medium";
"${modifier}+Print" = script "screenshot" "${modifier}+Print" = script "screenshot"
"${pkgs.maim}/bin/maim Pictures/$(date +%s).png"; "${pkgs.maim}/bin/maim ~/Pictures/$(date +%s).png";
"${modifier}+Control+Print" = script "screenshot-copy" "${modifier}+Control+Print" = script "screenshot-copy"
"${pkgs.maim}/bin/maim | xclip -selection clipboard -t image/png"; "${pkgs.maim}/bin/maim | xclip -selection clipboard -t image/png";
"--release ${modifier}+Shift+Print" = script "screenshot-area" "--release ${modifier}+Shift+Print" = script "screenshot-area"
"${pkgs.maim}/bin/maim -s Pictures/$(date +%s).png"; "${pkgs.maim}/bin/maim -s ~/Pictures/$(date +%s).png";
"--release ${modifier}+Control+Shift+Print" = script "screenshot-area-copy" "--release ${modifier}+Control+Shift+Print" = script "screenshot-area-copy"
"${pkgs.maim}/bin/maim -s | xclip -selection clipboard -t image/png"; "${pkgs.maim}/bin/maim -s | xclip -selection clipboard -t image/png";