aspi firefwall: reactivate checkReversePath

homes/julian/features/fish/default.nix

@@ -47,6 +47,10 @@ with lib; {
         end
         nix shell $args
       '';
+      fish_user_key_bindings = ''
+        bind ctrl-space 'zi; commandline -f repaint'
+        bind -M insert ctrl-space 'zi; commandline -f repaint'
+      '';
     };
   };
 }

homes/julian/pianonix.nix

@@ -52,8 +52,9 @@
   # Autostart link
   home.file = {
     # ".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop";
-    # ".config/autostart/firefox.desktop".source = "${pkgs.firefox}/share/applications/firefox.desktop";
+    ".config/autostart/firefox.desktop".source = "${pkgs.firefox}/share/applications/firefox.desktop";
-    ".config/autostart/chromium.desktop".source = "${pkgs.chromium}/share/applications/chromium.desktop";
+    ".config/autostart/onboard.desktop".source = "${pkgs.onboard}/share/applications/onboard.desktop";
+    # ".config/autostart/chromium.desktop".source = "${pkgs.chromium}/share/applications/chromium.desktop";
     ".config/sheet-organizer/config.toml".text = ''
       working_directory = "/home/julian/Klavier"
     '';

hosts/aspi/default.nix

@@ -29,6 +29,8 @@
   networking.hostName = "aspi";
   system.stateVersion = "24.05";
 
+  # networking.firewall.checkReversePath = false; # Makes wg interface with all ips work
+
   modules = {
     syncthing = {
       enable = true;

hosts/common/global/default.nix

@@ -31,6 +31,10 @@
     ];
   };
   services.resolved.enable = true;
+  # MDNS Taken by avahi
+  services.resolved.extraConfig = ''
+    MulticastDNS=false
+  '';
 
   networking.nameservers = lib.mkDefault [
     "1.1.1.1"

hosts/common/global/sops.nix

@@ -13,7 +13,7 @@ in {
     sshKeyPaths = map getKeyPath keys;
 
     # TODO: remove? only rely on ssh or pgp keys (e.g. ubikey like misterio is using!!!)
-    keyFile = "/home/julian/.config/sops/age/keys.txt";
+    # keyFile = "/home/julian/.config/sops/age/keys.txt";
     # Generate key if none of the above worked. With this, building will still work, just without secrets
     generateKey = false; # TODO: building should not work without secrets!?
   };

hosts/common/optional/avahi.nix

@@ -3,7 +3,10 @@
   services.avahi = {
     enable = true;
     nssmdns4 = true;
+    nssmdns6 = true;
     publish.enable = true;
     publish.addresses = true;
+    ipv4 = true;
+    ipv6 = true;
   };
 }

hosts/pianonix/default.nix

@@ -31,9 +31,12 @@
   # enabled by fish, disabling speeds up builds
   documentation.man.generateCaches = false;
 
-  networking.enableIPv6 = false; # This only leads to issues with avahi
+  # networking.enableIPv6 = false; # This only leads to issues with avahi
+  # services.avahi.ipv6 = false;
 
+  hardware.raspberry-pi."4".bluetooth.enable = true;
   hardware.bluetooth.enable = true;
+  hardware.bluetooth.powerOnBoot = true;
   services.blueman.enable = true; # bluetooth gui
   # raspberry pi specific
   # systemd.services.btattach = {

hosts/pianonix/hardware-configuration.nix

@@ -14,12 +14,12 @@
   boot.initrd.kernelModules = [];
   boot.kernelModules = [];
   boot.extraModulePackages = [];
-  boot.kernelPackages = pkgs.linuxPackages_latest; # use latest linux kernel
+  boot.kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
-  boot.supportedFilesystems = lib.mkForce [
+  # boot.supportedFilesystems = lib.mkForce [
-    # remove zfs, since its incompatible with latest kernel
+  #   # remove zfs, since its incompatible with latest kernel
-    "vfat"
+  #   "vfat"
-    "ext4"
+  #   "ext4"
-  ];
+  # ];
 
   fileSystems."/" = {
     device = "/dev/disk/by-label/NIXOS_SD";