From ba24ea38dabf49efc26507e8d9c2ec9bbe8c4542 Mon Sep 17 00:00:00 2001
From: Dmitriy <alukard.develop@gmail.com>
Date: Thu, 26 Sep 2019 02:46:10 +0400
Subject: [PATCH] Changes

---
 install/install.sh            |  23 ++++++++-------
 modules/filesystems.nix       |   2 +-
 modules/network.nix           |   2 +-
 modules/packages.nix          |  14 +++++-----
 modules/secrets.nix           |   2 +-
 modules/wireguard.nix         |  21 +++++---------
 modules/workspace/barrier.nix |  51 +++++++++++++++++-----------------
 modules/workspace/misc.nix    |   6 +---
 secret.nix.gpg                | Bin 627 -> 1050 bytes
 9 files changed, 57 insertions(+), 64 deletions(-)

diff --git a/install/install.sh b/install/install.sh
index ff86fa6..eef58a8 100644
--- a/install/install.sh
+++ b/install/install.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-ENCRYPT_ROOT=true
+ENCRYPT_ROOT=false
 ENCRYPT_SWAP=false
 FORMAT_BOOT_PARTITION=false
 
@@ -11,7 +11,6 @@ ROOT_PARTITION=/dev/nvme0n1p2
 SWAP_NAME=cryptswap
 ROOT_NAME=cryptnixos
 
-
 gdisk $DEVICE
 
 # Format boot partition
@@ -20,26 +19,29 @@ if [[ "$FORMAT_BOOT_PARTITION" == true ]]; then
 fi
 # Create luks partition
 if [[ "$ENCRYPT_ROOT" == true ]]; then
+  ROOT_NAME=/dev/mapper/$ROOT_NAME
   cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 luksFormat $ROOT_PARTITION
   cryptsetup luksOpen $ROOT_PARTITION $ROOT_NAME
-  mkfs.btrfs -f -L root /dev/mapper/$ROOT_NAME
+  mkfs.btrfs -f -L root $ROOT_NAME
+  mount -t btrfs -o compress=zstd,noatime,ssd $ROOT_NAME /mnt
 else
+  ROOT_NAME=$ROOT_PARTITION
   mkfs.btrfs -f -L root $ROOT_PARTITION
+  mount -t btrfs -o compress=zstd,noatime,ssd $ROOT_PARTITION /mnt
 fi
 # read -p "Press enter to continue"
-mount -t btrfs -o compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt
 btrfs subvolume create /mnt/@nixos
 btrfs subvolume create /mnt/@nix-store
 btrfs subvolume create /mnt/@home
 btrfs subvolume create /mnt/@snapshots
 umount /mnt
-mount -t btrfs -o subvol=@nixos,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/
+mount -t btrfs -o subvol=@nixos,compress=zstd,noatime,ssd $ROOT_NAME /mnt/
 mkdir -p /mnt/.snapshots
 mkdir -p /mnt/home
 mkdir -p /mnt/nix/store
-mount -t btrfs -o subvol=@snapshots,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/.snapshots
-mount -t btrfs -o subvol=@home,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/home
-mount -t btrfs -o subvol=@nix-store,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/nix/store
+mount -t btrfs -o subvol=@snapshots,compress=zstd,noatime,ssd $ROOT_NAME /mnt/.snapshots
+mount -t btrfs -o subvol=@home,compress=zstd,noatime,ssd $ROOT_NAME /mnt/home
+mount -t btrfs -o subvol=@nix-store,compress=zstd,noatime,ssd $ROOT_NAME /mnt/nix/store
 btrfs subvolume create /mnt/tmp
 btrfs subvolume create /mnt/var
 # read -p "Press enter to continue"
@@ -52,7 +54,7 @@ if [[ "$ENCRYPT_SWAP" == true ]]; then
   dd count=1 bs=256 if=/dev/urandom of=/mnt/root/swap.key
   cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 --key-file /mnt/root/swap.key luksFormat $SWAP_PARTITION
   cryptsetup --key-file /mnt/root/swap.key luksOpen $SWAP_PARTITION $SWAP_NAME
-  mkswap -L swap /dev/mapper/cryptswap
+  mkswap -L swap /dev/mapper/$SWAP_NAME
 else
   mkswap -L swap $SWAP_PARTITION
 fi
@@ -62,7 +64,8 @@ nixos-generate-config --root /mnt/
 mkdir -p /mnt/root/nixos-config
 cp -r $(pwd)/.. /mnt/root/nixos-config
 echo "import /mnt/root/nixos-config \"$DEVICE_NAME\"" > /mnt/etc/nixos/configuration.nix
-nano /mnt/etc/nixos/configuration.nix
+read -p "Debug"
+# nano /mnt/etc/nixos/configuration.nix
 sed -i 's/\/etc\/nixos/\/mnt\/etc\/nixos/g' /mnt/root/nixos-config/default.nix
 read -p "Please, add swap device into nixos-config/modules/filesystems.nix before continue"
 read -p "Press enter to continue"
diff --git a/modules/filesystems.nix b/modules/filesystems.nix
index 26bc238..afae593 100644
--- a/modules/filesystems.nix
+++ b/modules/filesystems.nix
@@ -72,7 +72,7 @@ with deviceSpecific; {
       device = if device == "Dell-Laptop" then
           "/dev/disk/by-partuuid/2de40bc4-a91c-4c89-a2cd-cbf34a0adf01"
         else if device == "NixOS-VM" then
-          "/dev/disk/by-partuuid/afa18996-0fbc-448d-86ba-acf3f046671d"
+          "/dev/disk/by-partuuid/4caf1e45-2f1c-4cb2-a914-f2e90961503a"
         else
           "";
       randomEncryption.enable = true;
diff --git a/modules/network.nix b/modules/network.nix
index 35b9110..ec15132 100644
--- a/modules/network.nix
+++ b/modules/network.nix
@@ -19,7 +19,7 @@
     # usePredictableInterfaceNames = false;
     hostName = config.deviceSpecific.hostName;
 
-    mullvad.enable = true;
+    mullvad.enable = false;
   };
   # systemd.services.dhcpcd.serviceConfig.Type = lib.mkForce
   # "simple"; # TODO Make a PR with this change; forking is not acceptable for dhcpcd.
diff --git a/modules/packages.nix b/modules/packages.nix
index 58d9c41..b8a64a5 100644
--- a/modules/packages.nix
+++ b/modules/packages.nix
@@ -10,13 +10,13 @@
   nixpkgs.config = {
     packageOverrides = pkgs: {
       i3lock-fancy = pkgs.callPackage ./applications/i3lock-fancy.nix {};
-      # mullvad-vpn = pkgs.mullvad-vpn.overrideAttrs (oldAttrs: rec {
-      #   version = "2019.8";
-      #   src = pkgs.fetchurl {
-      #     url = "https://www.mullvad.net/media/app/MullvadVPN-${version}_amd64.deb";
-      #     sha256 = "0cjc8j8pqgdhnax4mvwmvnxfcygjsp805hxalfaj8wa5adph96hz";
-      #   };
-      # });
+      mullvad-vpn = pkgs.mullvad-vpn.overrideAttrs (oldAttrs: rec {
+        version = "2019.8";
+        src = pkgs.fetchurl {
+          url = "https://www.mullvad.net/media/app/MullvadVPN-${version}_amd64.deb";
+          sha256 = "0cjc8j8pqgdhnax4mvwmvnxfcygjsp805hxalfaj8wa5adph96hz";
+        };
+      });
     };
   };
 }
\ No newline at end of file
diff --git a/modules/secrets.nix b/modules/secrets.nix
index cac20b5..d14ecf1 100644
--- a/modules/secrets.nix
+++ b/modules/secrets.nix
@@ -25,7 +25,7 @@ in rec {
       description = "Wireguard conf";
     };
     windows-samba = mkCredOption "samba on windows" { };
-    linxu-samba = mkCredOption "samba on linux" { };
+    linux-samba = mkCredOption "samba on linux" { };
   };
   config = let
     secretnix = import ../secret.nix;
diff --git a/modules/wireguard.nix b/modules/wireguard.nix
index b501bc8..297449f 100644
--- a/modules/wireguard.nix
+++ b/modules/wireguard.nix
@@ -4,22 +4,15 @@ let
 in {
   # Enable wireguard
   networking.wg-quick.interfaces = lib.mkIf cfg.enable {
-    wg0 = {
-      address = [ cfg.address ];
-      dns = [ "10.192.122.1" ];
-      # TODO change to privateKeyFile
-      privateKey = cfg.privateKey;
-      peers = [
-        {
-          allowedIPs = [ "0.0.0.0/0" ];
-          publicKey  = "AgtgtS3InfOv4UQ+2MNAEMKFqZGhYXNOFmfMdKXIpng=";
-          endpoint   = "51.38.98.116:51820";
-        }
-      ];
-    };
+    wg0 = cfg.interface;
   };
   # Enable killswitch
-  networking.nftables = lib.mkIf cfg.enable {
+  environment.systemPackages =
+    lib.mkIf (cfg.killswitch.package == "iptables") [
+      pkgs.iptables
+    ];
+  networking.nftables =
+    lib.mkIf (cfg.killswitch.package == "nftables") {
     enable = true;
     ruleset = ''
       flush ruleset
diff --git a/modules/workspace/barrier.nix b/modules/workspace/barrier.nix
index 326c676..49621b2 100644
--- a/modules/workspace/barrier.nix
+++ b/modules/workspace/barrier.nix
@@ -87,31 +87,32 @@ in
         serviceConfig.Restart = "on-failure";
       };
     })
-  ] // {
-    services.barrier = if config.device == "NixOS-VM" then {
-      server.enable = true;
-      server.autoStart = true;
-      server.configFile = pkgs.writeTextFile {
-        name = "barrier.conf";
-        text = ''
-          section: screens
-            NixOS-VM:
-            dell-ataraxia:
-          end
-          section: links
-            dell-ataraxia:
-              right = NixOS-VM
-          end
-          section: options
-              keystroke(super+alt+left) = switchInDirection(left)
-              keystroke(super+alt+right) = switchInDirection(right)
-          end
-        '';
+    ({
+      services.barrier = if config.device == "NixOS-VM" then {
+        server.enable = true;
+        server.autoStart = true;
+        server.configFile = pkgs.writeTextFile {
+          name = "barrier.conf";
+          text = ''
+            section: screens
+              NixOS-VM:
+              dell-ataraxia:
+            end
+            section: links
+              dell-ataraxia:
+                right = NixOS-VM
+            end
+            section: options
+                keystroke(super+alt+left) = switchInDirection(left)
+                keystroke(super+alt+right) = switchInDirection(right)
+            end
+          '';
+        };
+      } else {
+        client.enable = true;
+        client.serverAddress = "NixOS-VM";
       };
-    } else {
-      client.enable = true;
-      client.serverAddress = "NixOS-VM";
-    };
-  };
+    })
+  ];
 
 }
\ No newline at end of file
diff --git a/modules/workspace/misc.nix b/modules/workspace/misc.nix
index 642e778..56e1ce4 100644
--- a/modules/workspace/misc.nix
+++ b/modules/workspace/misc.nix
@@ -7,16 +7,12 @@
     LESS = "-asrRix8";
     NIX_AUTO_RUN = "1";
   };
+
   services.atd.enable = true;
   home-manager.users.alukard = {
     xdg.enable = true;
 
     services.udiskie.enable = true;
-    services.screen-locker = {
-      enable = true;
-      inactiveInterval = 15; # Minutes
-      lockCmd = "${pkgs.i3lock-fancy}/bin/i3lock-fancy -f Roboto-Medium";
-    };
     programs.git = {
       enable = true;
       userEmail = "alukard.develop@gmail.com";
diff --git a/secret.nix.gpg b/secret.nix.gpg
index 3cb149e5b9af3fa58aba571aaa4911c724306f99..decf4641301488efede6e69b1c719f5d9b1f1435 100644
GIT binary patch
literal 1050
zcmV+#1m*jM0Sp5t#%vKxT`Ri*2mfhP#|k<;iEpg|G5=qiUp(J{CtIG0iX@Rvi+OMv
za95NuJsdI3?PKLo`|k^Hq7ONsv0J(RYVUmJ6hD;%6-4N9+S8v7%d`s>FPo39rG3n+
z(2o$dN7;zqt~%4C57a@Ndo-u1f-jxOQc3fh=nqBn*oAh@s^(OKr>f=q93UV_R~%{i
z3l2wRA1v<}RXV+2`X!6VI(+l+LaBv$*%21-$VuHpW#Pf`hcNRe)}J#gqbR$!#A}-_
z%jN&juJXmKQGtLZyxbeEXmlIx0v6id|E~sqj1;rrs9-M(P?dMBc#Afk!LfqKTax{%
z%+-rOe_&16LFsI|-UHW>Q2Em70ryECCX3|u`+?f|lJe6Z2>MS4lc;L(>wv_E^i((h
zgK3Jvs<hEi;tr9F{qMd=EevB~!)QiMHJXiUmF-%?Xl=t5=T#`9NKGY@E^yzKGHG>Q
zoB%WknDYj2{d9oLxM$cnzslVA=nV1wHGsIv&3^UyTfJ!*-9x0?QPLX|dFiw3D6E-Q
zl${U%3R=TaHpo3#KS*mQJ=$vnlI{Fn`Se=Tr1FlW>L{}ROAH(kTNG`dWadH_XD{mN
z5NuNrYqx&RdJiuC$0bfFk`_dP$D7iS*LvfTg{=^()kqAi{@`lL-E*L*tv<RgMbgWA
z?Sn}-P=ZJRfUta~9&5HQ<B}Rh8+vP$lzor<Ba!2|fCm7O4a{odmpfH0RKP7*6$}u-
zG$?+^6Vjh}0c@HUW<t?a?ESH`nNtCKZ25q!#CIj6w8P6C1y})DATzTaTMN8At-|^k
zAH-M$$w*K&1Re4n+jHw`$^Bld*W_KnEPGj!s>V>z#WjPct2uhB!SJXrp<#R|gofNs
zIOHgHJLc5BoLfG_G8rcvK(3WE9^~Wfq8w9e@vru=L#@>gd_g+b|7rj{owI=dFLC+S
zT?zd_KyJx*E<Pn|aI{mv{eYDr9zz|7$XTw@I`CE$bKZdn$(5I!+Ad=h@o3PjaVuZ?
z;sw;^xg;-0g!@H*z(>ibNxM%&T0kW<up{ARS*?L-;?fYA>!N8QSaKW;I!mmYyBBG)
zXMfFd<9K5(-8x<VysBN>GWSc^5n@H8La*Pcsh-A*Kh<0adUmOdvLl2c2cUHw0{E<I
zy(hgCyv*ALoIf~0`r;Fz>|B&5MHlV-#2OZI)HrkXxy>g6!fd8R+Rc7tbMLPTx1LR6
z^q`wqU>NBH^)l}YlHdU&0qHq2+1v`r|L=OC*kdkuXI-`VxO~%QF|c7vXpkv`tQ?vl
z$%%7nSsKgkZ~S_%=3zC_2T06B8Qo_xNs91N2@S!2L&`7k{Sj|yqqEzKRW_OT0U9Qk
U)FYXuwgBvpaAq9{qkSG>W4?0?+yDRo

literal 627
zcmV-(0*w8I0Sp5t#%vKxT`Ri*2me$QuNZVKDaf$>w_C4zK*;fse=OVpEBML*mNzfN
zTdA;vnp>kXe{9ST!<-SLq;gs8$^+}J-fxEg8u-AaNH+TDg58$;q8*b@XsX+`2eikq
z%V!Tv-=od+IaHt%m|G$W#~GRerwg6chAKp0ks;Nwoiu&v;wLHamYfnTrg)AfyKcZh
zhDusGk!;_dN^n?N-?w&nR1EC?b137;M?V=i_#|N_aS|c*WI4m2t--zdqt1jhmx-IZ
zPCbu%ckEb9?K(+z!`S#~a{9awiQk#v%jFUmaEm2BVcr)ny{+Ta&rr<<B4B`0+@0yU
zeo;_841ZQpUPIwSR=TQZSN+n!p#lGHv*uAkB*nrdTI<t9G3S<UU}{;v2v^P4zXLL-
zBZ9f#y7K_hVNLnwa2r{?YT8r6_FL`m@MAB!YKfNoLKXvPB~Z#s>NTBE($#R5=YRRh
zN@pXecS+|wT&wa+WtHudoPZz>Al!v5t%{}MCH!^qX>crWMr~ls*D#T6Ep~@I`Z{gg
zb5Y5SM_>B$b<5(#dMGw^w-OVumAP>y@2jpB&o9Fh79kxz#$%j0KiA?(rF@@qRoxTg
zgMiH4nt#kK9kp9Ru%?$f><?Ychbx8-sM6bB7tB6~AX9&oGu0gC>a+Dnmut<V$m9UD
zIPUwrS8Y<})*n}amzd2R87e>Uf^@OSwXhC?Ft{1B?n5y!Ff&MMoYa67c#&Dxwz5;#
zbjkv15~Y_8JDJ+VZD8w?&~@(c1N)5cYy0BTPr>)s5*P4yI7_`8)2~kn(ea&H*>X@G
Nh!LT3^EZw=^q!v{Kdk@&