temm

hosts/nas/boot.nix

@@ -1,7 +1,7 @@
-{ pkgs, ... }:
+{ pkgs,... }:
 let
   configLimit = 5;
-  kernel = pkgs.linuxPackages_latest;
+  kernel = pkgs.unstable.linuxPackages_latest;
 in
 {
   # Configure bootloader with lanzaboot and secureboot
@@ -45,7 +45,8 @@ in
       ];
       systemd = {
         enable = true;
-        tpm2.enable = true;
+        # tpm2.enable = true;
+        enableTpm2 = true;
       };
     };
   };

hosts/nas/configuration.nix

@@ -97,6 +97,7 @@ in
       ninja
       nix-inspect
       nix-ld
+      networkmanagerapplet
       nmon
       nodejs-18_x
       nut

hosts/nas/networking.nix

@@ -23,62 +23,63 @@ in
     hostId = "4b501480";
 
     # Disable Network Manager
-    networkmanager.enable = false;
+    networkmanager.enable = true;
 
-    interfaces = {
-      wlp7s0 = {
-        useDHCP = true;
-        ipv4.addresses = [
-          {
-            address = ipAddress;
-            prefixLength = 24;
-          }
-        ];
-      };
-      wlp6s0 = {
-        useDHCP = true;
-        ipv4.addresses = [
-          {
-            address = ipAddress2;
-            prefixLength = 24;
-          }
-        ];
-      };
-    };
+    # interfaces = {
+    #   wlp7s0 = {
+    #     useDHCP = true;
+    #     ipv4.addresses = [
+    #       {
+    #         address = ipAddress;
+    #         prefixLength = 24;
+    #       }
+    #     ];
+    #   };
+    #   wlp6s0 = {
+    #     useDHCP = true;
+    #     ipv4.addresses = [
+    #       {
+    #         address = ipAddress2;
+    #         prefixLength = 24;
+    #       }
+    #     ];
+    #   };
+    # };
 
-    defaultGateway = {
-      interface = "wlp7s0";
-      address = gateway;
-      metric = 1;
-    };
+    # defaultGateway = {
+    #   interface = "wlp7s0";
+    #   address = gateway;
+    #   metric = 1;
+    # };
 
-    nameservers = [ gateway ];
+    # nameservers = [ gateway ];
 
-    wireless = {
-      enable = true;
-      userControlled.enable = true;
-      secretsFile = config.sops.secrets."wifi".path;
-      allowAuxiliaryImperativeNetworks = true;
-      interfaces = [
-        "wlp6s0"
-        "wlp7s0"
-      ];
-      networks = {
-        "Joey's Jungle 6G" = {
-          # pskRaw = "ext:PSK";
-          priority = 1000;
-          psk = "kR8v&3Qd";
-          extraConfig = ''
-            key_mgmt=SAE
-            ieee80211w=2
-          '';
-        };
-        # "Joey's Jungle 5G" = {
-        #   pskRaw = "ext:PSK";
-        #   priority = -100;
-        # };
-      };
-    };
+    # wireless = {
+    #   enable = false;
+    #   userControlled.enable = true;
+    #   # secretsFile = config.sops.secrets."wifi".path;
+    #   environmentFile = config.sops.secrets."wifi".path;
+    #   allowAuxiliaryImperativeNetworks = true;
+    #   interfaces = [
+    #     "wlp6s0"
+    #     "wlp7s0"
+    #   ];
+    #   networks = {
+    #     "Joey's Jungle 6G" = {
+    #       pskRaw = "ext:PSK";
+    #       priority = 1000;
+    #       # psk = "kR8v&3Qd";
+    #       extraConfig = ''
+    #         key_mgmt=SAE
+    #         ieee80211w=2
+    #       '';
+    #     };
+    #     "Joey's Jungle 5G" = {
+    #       pskRaw = "ext:PSK";
+    #       priority = -100;
+    #     };
+    #   };
+    # };
 
     firewall = {
       enable = true;
@@ -91,49 +92,49 @@ in
       trustedInterfaces = [ "tailscale0" ];
     };
 
-    nat = {
-      enable = true;
-      externalInterface = "wlp7s0";
-      internalInterfaces = [ "wg0" ];
-    };
+    # nat = {
+    #   enable = true;
+    #   externalInterface = "wlp7s0";
+    #   internalInterfaces = [ "wg0" ];
+    # };
 
-    wireguard.interfaces = {
-      # "wg0" is the network interface name. You can name the interface arbitrarily.
-      wg0 = {
-        # Determines the IP address and subnet of the server's end of the tunnel interface.
-        ips = [ "10.0.100.1/24" ];
+    # wireguard.interfaces = {
+    #   # "wg0" is the network interface name. You can name the interface arbitrarily.
+    #   wg0 = {
+    #     # Determines the IP address and subnet of the server's end of the tunnel interface.
+    #     ips = [ "10.0.100.1/24" ];
 
-        # The port that WireGuard listens to. Must be accessible by the client.
-        listenPort = 51820;
+    #     # The port that WireGuard listens to. Must be accessible by the client.
+    #     listenPort = 51820;
 
-        # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
-        # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
-        postSetup = ''
-          ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.100.0/24 -o wlp7s0 -j MASQUERADE
-        '';
+    #     # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
+    #     # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
+    #     postSetup = ''
+    #       ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.100.0/24 -o wlp7s0 -j MASQUERADE
+    #     '';
 
-        # This undoes the above command
-        postShutdown = ''
-          ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.100.0/24 -o wlp7s0 -j MASQUERADE
-        '';
+    #     # This undoes the above command
+    #     postShutdown = ''
+    #       ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.100.0/24 -o wlp7s0 -j MASQUERADE
+    #     '';
 
-        # Path to the private key file.
-        #
-        # Note: The private key can also be included inline via the privateKey option,
-        # but this makes the private key world-readable; thus, using privateKeyFile is
-        # recommended.
-        privateKeyFile = wireguard-private;
+    #     # Path to the private key file.
+    #     #
+    #     # Note: The private key can also be included inline via the privateKey option,
+    #     # but this makes the private key world-readable; thus, using privateKeyFile is
+    #     # recommended.
+    #     privateKeyFile = wireguard-private;
 
-        peers = [
-          # List of allowed peers.
-          { # Feel free to give a meaning full name
-            # Public key of the peer (not a file path).
-            publicKey = wireguard-public;
-            # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
-            allowedIPs = [ "10.0.100.2/32" ];
-          }
-        ];
-      };
-    };
+    #     peers = [
+    #       # List of allowed peers.
+    #       { # Feel free to give a meaning full name
+    #         # Public key of the peer (not a file path).
+    #         publicKey = wireguard-public;
+    #         # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
+    #         allowedIPs = [ "10.0.100.2/32" ];
+    #       }
+    #     ];
+    #   };
+    # };
   };
 }