From a5125e92a67c899de967a23da2ad7c9b0a851a62 Mon Sep 17 00:00:00 2001 From: clerie Date: Fri, 21 Nov 2025 18:28:42 +0100 Subject: [PATCH 1/4] profiles/router: Add applications to debug conntrack more --- profiles/router/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/profiles/router/default.nix b/profiles/router/default.nix index 11a7a51..bc76a01 100644 --- a/profiles/router/default.nix +++ b/profiles/router/default.nix @@ -11,8 +11,10 @@ with lib; config = mkIf config.profiles.clerie.router.enable { environment.systemPackages = with pkgs; [ - wireguard-tools + conntrack-tools + iptstate # show conntrack table tcpdump + wireguard-tools ]; boot.kernel.sysctl = { From bd1716eb23bb7a4d46be818c05126fb53d11bd67 Mon Sep 17 00:00:00 2001 From: clerie Date: Fri, 21 Nov 2025 18:33:42 +0100 Subject: [PATCH 2/4] hosts/carbon: Don't send IPv4 to ppp tunnel --- hosts/carbon/ppp-ncfttb.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/carbon/ppp-ncfttb.nix b/hosts/carbon/ppp-ncfttb.nix index 14ede68..38d882c 100644 --- a/hosts/carbon/ppp-ncfttb.nix +++ b/hosts/carbon/ppp-ncfttb.nix @@ -60,4 +60,10 @@ ip46tables -t mangle -A forward-mangle -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu ''; + networking.firewall.extraCommands = '' + # Reject all IPv4 traffic that tries to enter and leave the PPP tunnel + iptables -I INPUT -i ppp-ncfttb -j DROP + iptables -I OUTPUT -o ppp-ncfttb -j DROP + ''; + } From 626834c2a487ff4d61d2e7e2d5d50e06126ab887 Mon Sep 17 00:00:00 2001 From: clerie Date: Fri, 21 Nov 2025 19:09:22 +0100 Subject: [PATCH 3/4] profiles/desktop: Migrate logind option rename --- profiles/desktop/power.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/desktop/power.nix b/profiles/desktop/power.nix index e7fca11..d18e485 100644 --- a/profiles/desktop/power.nix +++ b/profiles/desktop/power.nix @@ -8,7 +8,7 @@ with lib; boot.resumeDevice = lib.optionalString ((lib.length config.swapDevices) > 0) (lib.head config.swapDevices).device; services.logind = { - lidSwitch = "suspend-then-hibernate"; + settings.Login.HandleLidSwitch = "suspend-then-hibernate"; }; systemd.sleep.extraConfig = '' HibernateDelaySec=30m From 69a04cac3f47691fb9b5205daee448dc44b911b7 Mon Sep 17 00:00:00 2001 From: clerie Date: Fri, 21 Nov 2025 20:28:39 +0100 Subject: [PATCH 4/4] hosts/krypton,profiles/firefox,profiles/desktop: Migrate options to new nixpkgs version --- hosts/krypton/android.nix | 9 --------- hosts/krypton/configuration.nix | 1 - profiles/desktop/fonts.nix | 2 +- profiles/firefox/default.nix | 2 -- 4 files changed, 1 insertion(+), 13 deletions(-) delete mode 100644 hosts/krypton/android.nix diff --git a/hosts/krypton/android.nix b/hosts/krypton/android.nix deleted file mode 100644 index 3a1d5f5..0000000 --- a/hosts/krypton/android.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, ... }: - -{ - - services.udev.packages = [ - pkgs.android-udev-rules - ]; - -} diff --git a/hosts/krypton/configuration.nix b/hosts/krypton/configuration.nix index 2881e1b..7e56bbd 100644 --- a/hosts/krypton/configuration.nix +++ b/hosts/krypton/configuration.nix @@ -5,7 +5,6 @@ [ ./hardware-configuration.nix - ./android.nix ./backup.nix ./etesync-dav.nix #./initrd.nix diff --git a/profiles/desktop/fonts.nix b/profiles/desktop/fonts.nix index 0563dcc..b2281f3 100644 --- a/profiles/desktop/fonts.nix +++ b/profiles/desktop/fonts.nix @@ -11,7 +11,7 @@ with lib; roboto roboto-mono noto-fonts - noto-fonts-emoji + noto-fonts-color-emoji comfortaa ] ++ (if pkgs ? "noto-fonts-cjk-sans" then [ pkgs.noto-fonts-cjk-sans ] else [ pkgs.noto-fonts-cjk ]); diff --git a/profiles/firefox/default.nix b/profiles/firefox/default.nix index 424b1bc..1d91005 100644 --- a/profiles/firefox/default.nix +++ b/profiles/firefox/default.nix @@ -12,8 +12,6 @@ with lib; programs.firefox.enable = true; - programs.firefox.package = pkgs.firefox-wayland; - programs.firefox.policies = { AutofillAddressEnabled = false; AutofillCreditCardEnabled = false;