From e90cde3c147acb7b5889dc122a5aa38e5f305bb0 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sat, 23 Sep 2023 19:34:34 +0200
Subject: [PATCH 1/4] configuration/desktop: enable pipewire

---
 configuration/desktop/audio.nix   | 19 +++++++++++++++++++
 configuration/desktop/default.nix |  1 +
 2 files changed, 20 insertions(+)
 create mode 100644 configuration/desktop/audio.nix

diff --git a/configuration/desktop/audio.nix b/configuration/desktop/audio.nix
new file mode 100644
index 0000000..c3c641c
--- /dev/null
+++ b/configuration/desktop/audio.nix
@@ -0,0 +1,19 @@
+{ ... }:
+
+{
+
+  hardware.pulseaudio.enable = false;
+
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa = {
+      enable = true;
+      support32Bit = true;
+    };
+    pulse = {
+      enable = true;
+    };
+  };
+
+}
diff --git a/configuration/desktop/default.nix b/configuration/desktop/default.nix
index f99eecc..4713d19 100644
--- a/configuration/desktop/default.nix
+++ b/configuration/desktop/default.nix
@@ -2,6 +2,7 @@
 
 {
   imports = [
+    ./audio.nix
     ./fonts.nix
     ./gnome.nix
     ./networking.nix

From 7ca735fa6d6670e783ef2c46b8e16ef4a132d6a7 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sat, 23 Sep 2023 19:36:27 +0200
Subject: [PATCH 2/4] hosts/zinc: make sudo not require a password

---
 hosts/zinc/configuration.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hosts/zinc/configuration.nix b/hosts/zinc/configuration.nix
index 84e354f..39e0b0e 100644
--- a/hosts/zinc/configuration.nix
+++ b/hosts/zinc/configuration.nix
@@ -24,6 +24,8 @@
 
   networking.hostName = "zinc";
 
+  security.sudo.wheelNeedsPassword = lib.mkForce false;
+
   services.wg-clerie = {
     enable = true;
     ipv6s = [ "2a01:4f8:c0c:15f1::8109/128" ];

From 2e390e9ef934d596ead918aa1213365d110a30e6 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Thu, 12 Oct 2023 22:16:44 +0200
Subject: [PATCH 3/4] hosts/web-2: update clerie.de

---
 hosts/web-2/clerie.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hosts/web-2/clerie.nix b/hosts/web-2/clerie.nix
index b608032..f145ae1 100644
--- a/hosts/web-2/clerie.nix
+++ b/hosts/web-2/clerie.nix
@@ -15,8 +15,8 @@
       forceSSL = true;
       root = pkgs.fetchgit {
         url = "https://git.clerie.de/clerie/clerie.de.git";
-        rev = "d3f220899ecb98e87026ee0a7600bb8898ae3c42";
-        sha256 = "sha256-3o2/+m5OGSfc5RTrS4/j/aVibDasQISL7vY+J3yxbB8=";
+        rev = "9417332ff85b058901d9875828f9dea8247bb431";
+        hash = "sha256-bCTyhyPeCNHsGDfyYA5yM0OA8040XFO3Gvakrco+FEo=";
       };
       locations."= /ssh/known_hosts" = {
         alias = pkgs.writeText "known_hosts" (import ../../lib/ssh-known-hosts.nix);

From 18f67dff98445bc6d259ea10fc819db8b3d81364 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Thu, 12 Oct 2023 22:17:25 +0200
Subject: [PATCH 4/4] modules/wireguard-initrd: fix routing policy

---
 modules/wireguard-initrd/default.nix | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/modules/wireguard-initrd/default.nix b/modules/wireguard-initrd/default.nix
index 6c1afb3..b4750d4 100644
--- a/modules/wireguard-initrd/default.nix
+++ b/modules/wireguard-initrd/default.nix
@@ -58,16 +58,16 @@ in
         persistent-keepalive "25" \
         allowed-ips "0.0.0.0/0,::/0,10.20.30.0/24,2a01:4f8:c0c:15f1::/113"
 
-      ip route add "::/0" dev "wg-initrd" table 1337
-      ip route add "0.0.0.0/0" dev "wg-initrd" table 1337
+      #ip route add "::/0" dev "wg-initrd" table 1337
+      #ip route add "0.0.0.0/0" dev "wg-initrd" table 1337
 
 
       ${concatMapStringsSep "\n" (ip: ''
         ip -6 rule add from "${ip}" lookup 1337 prio 19000
         ip -6 rule add from "${ip}" unreachable prio 19001
       '') cfg.ipv6s}
-      ip -6 rule add from "2a01:4f8:c0c:15f1::1/128" ipproto udp dport 51820 lookup main prio 20000
-      ip -6 rule add from "2a01:4f8:c0c:15f1::1/128" ipproto udp dport 51820 unreachable prio 20001
+      ip -6 rule add to "2a01:4f8:c0c:15f1::1/128" ipproto udp dport 51820 lookup main prio 20000
+      ip -6 rule add to "2a01:4f8:c0c:15f1::1/128" ipproto udp dport 51820 unreachable prio 20001
       ip -6 rule add lookup main prio 21000
       ip -6 rule add lookup 1337 prio 21001
       ip -6 rule add unreachable prio 21000
@@ -77,8 +77,8 @@ in
         ip -4 rule add from "${ip}" lookup 1337 prio 19000
         ip -4 rule add from "${ip}" unreachable prio 19001
       '') cfg.ipv4s}
-      ip -4 rule add from "78.47.183.82/32" ipproto udp dport 51820 lookup main prio 20000
-      ip -4 rule add from "78.47.183.82/32" ipproto udp dport 51820 unreachable prio 20001
+      ip -4 rule add to "78.47.183.82/32" ipproto udp dport 51820 lookup main prio 20000
+      ip -4 rule add to "78.47.183.82/32" ipproto udp dport 51820 unreachable prio 20001
       ip -4 rule add lookup main prio 21000
       ip -4 rule add lookup 1337 prio 21001
       ip -4 rule add unreachable prio 21000