update: locks

jz8132543 · Jul 19, 2024 · e2d851e · e2d851e
1 parent b6135c9
commit e2d851e
Show file tree

Hide file tree

Showing 7 changed files with 113 additions and 96 deletions.
diff --git a/flake.lock b/flake.lock
diff --git a/nixos/hosts/surface/default.nix b/nixos/hosts/surface/default.nix
@@ -14,7 +14,7 @@
 
   microsoft-surface = {
     # kernelVersion = "6.4.12";
-    surface-control.enable = true;
+    # surface-control.enable = true;
     # ipts.enable = true;
   };
 

diff --git a/nixos/modules/base/environment/isNAT/default.nix b/nixos/modules/base/environment/isNAT/default.nix
@@ -28,40 +28,55 @@ with lib; {
     };
   };
   config = {
-    networking =
+    # networking =
+    #   if config.environment.isNAT
+    #   then {
+    #     nftables.ruleset = ''
+    #       table inet nat {
+    #         chain prerouting {
+    #           type nat hook prerouting priority 0; policy accept;
+    #           tcp dport ${toString config.environment.altHTTP} redirect to 80
+    #           # tcp dport ${toString config.environment.altHTTPS} redirect to 443
+    #           # udp dport ${toString config.environment.altHTTPS} redirect to 443
+    #           tcp dport 443 redirect to ${toString config.environment.altHTTPS}
+    #           udp dport 443 redirect to ${toString config.environment.altHTTPS}
+    #         }
+    #         # chain output {
+    #         #   type nat hook output priority 0; policy accept;
+    #         #   tcp dport ${toString config.environment.altHTTP} redirect to 80
+    #         #   # tcp dport ${toString config.environment.altHTTPS} redirect to 443
+    #         #   # udp dport ${toString config.environment.altHTTPS} redirect to 443
+    #         #   tcp dport 443 daddr 127.0.0.1 redirect to ${toString config.environment.altHTTPS}
+    #         #   udp dport 443 daddr 127.0.0.1 redirect to ${toString config.environment.altHTTPS}
+    #         # }
+    #         chain postrouting {
+    #           type nat hook postrouting priority 0; policy accept;
+    #         }
+    #       }
+    #     '';
+    #     firewall.allowedTCPPorts = with config.environment; [altHTTPS altHTTP];
+    #     firewall.allowedUDPPorts = with config.environment; [altHTTPS];
+    #   }
+    #   else {};
+    # services.traefik.staticConfigOptions.entryPoints.https =
+    #   if config.environment.isNAT
+    #   then {address = lib.mkForce ":${toString config.environment.altHTTPS}";}
+    #   else {};
+    services.traefik.staticConfigOptions.entryPoints =
       if config.environment.isNAT
       then {
-        nftables.ruleset = ''
-          table inet nat {
-            chain prerouting {
-              type nat hook prerouting priority 0; policy accept;
-              tcp dport ${toString config.environment.altHTTP} redirect to 80
-              # tcp dport ${toString config.environment.altHTTPS} redirect to 443
-              # udp dport ${toString config.environment.altHTTPS} redirect to 443
-              tcp dport 443 redirect to ${toString config.environment.altHTTPS}
-              udp dport 443 redirect to ${toString config.environment.altHTTPS}
-            }
-            # chain output {
-            #   type nat hook output priority 0; policy accept;
-            #   tcp dport ${toString config.environment.altHTTP} redirect to 80
-            #   # tcp dport ${toString config.environment.altHTTPS} redirect to 443
-            #   # udp dport ${toString config.environment.altHTTPS} redirect to 443
-            #   tcp dport 443 daddr 127.0.0.1 redirect to ${toString config.environment.altHTTPS}
-            #   udp dport 443 daddr 127.0.0.1 redirect to ${toString config.environment.altHTTPS}
-            # }
-            chain postrouting {
-              type nat hook postrouting priority 0; policy accept;
-            }
-          }
-        '';
-        firewall.allowedTCPPorts = with config.environment; [altHTTPS altHTTP];
-        firewall.allowedUDPPorts = with config.environment; [altHTTPS];
+        NAT = {
+          address = ":8443";
+          forwardedHeaders.insecure = true;
+          proxyProtocol.insecure = true;
+          http.tls =
+            if config.environment.isNAT
+            then true
+            else {certresolver = "zerossl";};
+          # http3 = {};
+          # asDefault = true;
+        };
       }
       else {};
-    # {};
-    services.traefik.staticConfigOptions.entryPoints.https =
-      if config.environment.isNAT
-      then {address = lib.mkForce ":${toString config.environment.altHTTPS}";}
-      else {};
   };
 }
diff --git a/nixos/modules/desktop/apps.nix b/nixos/modules/desktop/apps.nix
@@ -30,7 +30,6 @@
     nix-doc
     nix-melt
     nix-output-monitor
-    nix-top
     nix-tree
     nurl
     manix

diff --git a/nixos/modules/desktop/nvidia.nix b/nixos/modules/desktop/nvidia.nix
@@ -11,7 +11,7 @@
   ];
 
   hardware = {
-    opengl = {
+    graphics = {
       enable = true;
       # driSupport = true;
       # driSupport32Bit = true;
-Original file line number
+Diff line change
@@ Expand Up / @@ -30,7 +30,6 @@ @@
         nix-doc
         nix-melt
         nix-output-monitor
-        nix-top
         nix-tree
         nurl
         manix
@@ Expand Down @@