1
0

Compare commits

..

5 Commits

5 changed files with 28 additions and 5 deletions

View File

@ -1,7 +1,17 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }:
{ let
custom_gnupg = pkgs.gnupg.overrideAttrs (final: prev: {
configureFlags = prev.configureFlags ++ [
# Make sure scdaemon never ever again tries to use its own ccid driver
"--disable-ccid-driver"
];
});
in {
programs.gnupg.package = custom_gnupg;
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
@ -9,7 +19,7 @@
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
gnupg custom_gnupg
yubikey-personalization yubikey-personalization
openpgp-card-tools openpgp-card-tools

View File

@ -288,11 +288,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1729256560, "lastModified": 1729413321,
"narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=", "narHash": "sha256-I4tuhRpZFa6Fu6dcH9Dlo5LlH17peT79vx1y1SpeKt0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0", "rev": "1997e4aa514312c1af7e2bda7fad1644e778ff26",
"type": "github" "type": "github"
}, },
"original": { "original": {

View File

@ -5,5 +5,6 @@
enable = true; enable = true;
ipv6s = [ "2a01:4f8:c0c:15f1::8111/128" ]; ipv6s = [ "2a01:4f8:c0c:15f1::8111/128" ];
ipv4s = [ "10.20.30.111/32" ]; ipv4s = [ "10.20.30.111/32" ];
defaultViaVPN = false;
}; };
} }

View File

@ -190,6 +190,7 @@ in {
"www.fem.tu-ilmenau.de" "www.fem.tu-ilmenau.de"
"www.heise.de" "www.heise.de"
"dyon.net.entr0py.de" "dyon.net.entr0py.de"
"matrix.fachschaften.org"
]; ];
} }
]; ];
@ -241,6 +242,7 @@ in {
"matrix.bau-ha.us" "matrix.bau-ha.us"
"dyon.net.entr0py.de" "dyon.net.entr0py.de"
"matrix.entr0py.de" "matrix.entr0py.de"
"matrix.fachschaften.org"
]; ];
} }
]; ];
@ -275,6 +277,7 @@ in {
{ {
targets = [ targets = [
"matrix.entr0py.de" "matrix.entr0py.de"
"matrix.fachschaften.org"
]; ];
} }
]; ];

View File

@ -25,6 +25,11 @@ in
default = []; default = [];
description = "IPv4 interface addresses"; description = "IPv4 interface addresses";
}; };
defaultViaVPN = mkOption {
type = types.bool;
default = true;
description = "Use VPN default route for a protocol, if that protocol is unavailable in the underlay";
};
}; };
}; };
@ -45,7 +50,9 @@ in
{ rule = "to 2a01:4f8:c0c:15f1::1/128 ipproto udp dport 51820 unreachable"; prio = 20001; } { rule = "to 2a01:4f8:c0c:15f1::1/128 ipproto udp dport 51820 unreachable"; prio = 20001; }
# Try direct routing first, fallback to VPN # Try direct routing first, fallback to VPN
{ rule = "lookup main"; prio = 21000; } { rule = "lookup main"; prio = 21000; }
] ++ (if cfg.defaultViaVPN then [
{ rule = "lookup wg-clerie"; prio = 21001; } { rule = "lookup wg-clerie"; prio = 21001; }
] else []) ++ [
{ rule = "unreachable"; prio = 22000; } { rule = "unreachable"; prio = 22000; }
]; ];
rules4 = (concatMap (ip: [ rules4 = (concatMap (ip: [
@ -57,7 +64,9 @@ in
{ rule = "to 78.47.183.82/32 ipproto udp dport 51820 unreachable"; prio = 20001; } { rule = "to 78.47.183.82/32 ipproto udp dport 51820 unreachable"; prio = 20001; }
# Try direct routing first, fallback to VPN # Try direct routing first, fallback to VPN
{ rule = "lookup main"; prio = 21000; } { rule = "lookup main"; prio = 21000; }
] ++ (if cfg.defaultViaVPN then [
{ rule = "lookup wg-clerie"; prio = 21001; } { rule = "lookup wg-clerie"; prio = 21001; }
] else []) ++ [
{ rule = "unreachable"; prio = 22000; } { rule = "unreachable"; prio = 22000; }
]; ];
}; };