profiles/desktop: Migrate logind option rename

hosts/carbon: Don't send IPv4 to ppp tunnel
profiles/router: Add applications to debug conntrack more
2025-11-21 19:09:22 +01:00 · 2025-11-21 18:33:42 +01:00 · 2025-11-21 18:28:42 +01:00
3 changed files with 10 additions and 2 deletions
--- a/hosts/carbon/ppp-ncfttb.nix
+++ b/hosts/carbon/ppp-ncfttb.nix
@@ -60,4 +60,10 @@
    ip46tables -t mangle -A forward-mangle -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
  '';

+  networking.firewall.extraCommands = ''
+    # Reject all IPv4 traffic that tries to enter and leave the PPP tunnel
+    iptables -I INPUT -i ppp-ncfttb -j DROP
+    iptables -I OUTPUT -o ppp-ncfttb -j DROP
+  '';
+
 }
--- a/profiles/desktop/power.nix
+++ b/profiles/desktop/power.nix
@@ -8,7 +8,7 @@ with lib;

    boot.resumeDevice = lib.optionalString ((lib.length config.swapDevices) > 0) (lib.head config.swapDevices).device;
    services.logind = {
-      lidSwitch = "suspend-then-hibernate";
+      settings.Login.HandleLidSwitch = "suspend-then-hibernate";
    };
    systemd.sleep.extraConfig = ''
      HibernateDelaySec=30m
--- a/profiles/router/default.nix
+++ b/profiles/router/default.nix
@@ -11,8 +11,10 @@ with lib;
  config = mkIf config.profiles.clerie.router.enable {

    environment.systemPackages = with pkgs; [
-      wireguard-tools
+      conntrack-tools
+      iptstate # show conntrack table
      tcpdump
+      wireguard-tools
    ];
  
    boot.kernel.sysctl = {
Author	SHA1	Message	Date
clerie	626834c2a4	profiles/desktop: Migrate logind option rename	2025-11-21 19:09:22 +01:00
clerie	bd1716eb23	hosts/carbon: Don't send IPv4 to ppp tunnel	2025-11-21 18:33:42 +01:00
clerie	a5125e92a6	profiles/router: Add applications to debug conntrack more	2025-11-21 18:28:42 +01:00