about summary refs log tree commit diff stats
path: root/modules/nixos
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/nixos/sils/default.nix3
-rw-r--r--modules/nixos/sils/networking.nix6
-rw-r--r--modules/nixos/sils/roles.nix6
-rw-r--r--modules/nixos/sils/steam.nix19
-rw-r--r--modules/nixos/sils/tailscale.nix52
-rw-r--r--modules/nixos/sils/tor.nix23
6 files changed, 109 insertions, 0 deletions
diff --git a/modules/nixos/sils/default.nix b/modules/nixos/sils/default.nix
index 24de0b9..db27868 100644
--- a/modules/nixos/sils/default.nix
+++ b/modules/nixos/sils/default.nix
@@ -23,8 +23,11 @@
     ./printing.nix
     ./roles.nix
     ./sound.nix
+    ./steam.nix
     ./sudo.nix
     ./sway.nix
     ./theming
+    ./tailscale.nix
+    ./tor.nix
   ];
 }
diff --git a/modules/nixos/sils/networking.nix b/modules/nixos/sils/networking.nix
index 4f55f49..9ec34ab 100644
--- a/modules/nixos/sils/networking.nix
+++ b/modules/nixos/sils/networking.nix
@@ -8,8 +8,10 @@
 in {
   options.sils.networking.enable = lib.mkEnableOption "networking";
   config = lib.mkIf cfg.enable {
+    services.resolved.enable = true;
     networking = {
       enableIPv6 = false;
+      useNetworkd = false;
       #useDHCP = true;
       networkmanager = {
         enable = true;
@@ -17,6 +19,10 @@ in {
           networkmanager-openvpn
         ];
       };
+      nftables.enable = true;
+      firewall = {
+        enable = true;
+      };
       #nameservers = ["2620:fe::fe" "2620:fe::9" "9.9.9.9" "149.112.112.112"];
       #wireless = {
       #  enable = false; # TODO: Reenable
diff --git a/modules/nixos/sils/roles.nix b/modules/nixos/sils/roles.nix
index e4a2c82..186b090 100644
--- a/modules/nixos/sils/roles.nix
+++ b/modules/nixos/sils/roles.nix
@@ -27,8 +27,14 @@ in {
       plymouth.enable = lib.mkDefault true;
       printing.enable = lib.mkDefault true;
       sound.enable = lib.mkDefault true;
+      steam.enable = lib.mkDefault true;
       sway.enable = lib.mkDefault false;
       theming.enable = lib.mkDefault true;
+      tailscale = {
+        enable = lib.mkDefault true;
+        role = "client";
+      };
+      tor.enable = lib.mkDefault true;
     }
     else if roleCmp "laptop-light"
     then {
diff --git a/modules/nixos/sils/steam.nix b/modules/nixos/sils/steam.nix
new file mode 100644
index 0000000..3c834a6
--- /dev/null
+++ b/modules/nixos/sils/steam.nix
@@ -0,0 +1,19 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.sils.steam;
+in {
+  options.sils.steam.enable = lib.mkEnableOption "Steam";
+  config = lib.mkIf cfg.enable {
+    nixpkgs.config.allowUnfreePredicate = pkg:
+      builtins.elem (lib.getName pkg) [
+        "steam"
+        "steam-unwrapped"
+      ];
+    programs.steam = {
+      enable = true;
+    };
+  };
+}
diff --git a/modules/nixos/sils/tailscale.nix b/modules/nixos/sils/tailscale.nix
new file mode 100644
index 0000000..e1f49a4
--- /dev/null
+++ b/modules/nixos/sils/tailscale.nix
@@ -0,0 +1,52 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.sils.tailscale;
+in {
+  options.sils.tailscale = {
+    enable = lib.mkEnableOption "Tailscale";
+    openFirewall = true;
+    role = lib.mkOption {
+      type = lib.types.enum [
+        "client"
+        "server"
+      ];
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    services.tailscale = {
+      enable = true;
+      authKeyFile = config.age.secrets.tailscale.path;
+      useRoutingFeatures = cfg.role;
+      extraDaemonFlags = [
+        "--no-logs-no-support"
+      ];
+      extraSetFlags = [
+        "--accept-routes"
+      ];
+    };
+    networking.firewall = {
+      trustedInterfaces = ["tailscale0"];
+      allowedUDPPorts = [config.services.tailscale.port];
+      checkReversePath = "loose";
+    };
+    systemd = {
+      services.tailscaled.serviceConfig.Environment = [
+        "TS_DEBUG_FIREWALL_MODE=nftables"
+      ];
+      network.wait-online.enable = false;
+    };
+    boot.initrd.systemd.network.wait-online.enable = false;
+
+    environment.persistence."/srv".directories = [
+      {
+        directory = "/var/lib/tailscale";
+        user = "root";
+        group = "root";
+        mode = "0700";
+      }
+    ];
+  };
+}
diff --git a/modules/nixos/sils/tor.nix b/modules/nixos/sils/tor.nix
new file mode 100644
index 0000000..01fdc1f
--- /dev/null
+++ b/modules/nixos/sils/tor.nix
@@ -0,0 +1,23 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  cfg = config.sils.tor;
+in {
+  options.sils.tor.enable = lib.mkEnableOption "tor";
+  config = lib.mkIf cfg.enable {
+    services = {
+      tor = {
+        enable = true;
+        torsocks.enable = true;
+        client.enable = true;
+      };
+      snowflake-proxy = {
+        enable = true;
+        capacity = 5;
+      };
+    };
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-05-01 01:02:20 +0000