From a9738a94e009610163e3c49e9686c12051917af7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <cynerd@email.cz>
Date: Mon, 1 Apr 2024 12:14:45 +0200
Subject: nixos: few more fixes

---
 nixos/configurations/adm-omnia.nix |  1 -
 nixos/configurations/dean.nix      | 17 +++++++++++++----
 nixos/configurations/errol.nix     |  9 ++++++---
 nixos/configurations/lipwig.nix    |  7 +++----
 nixos/configurations/spt-omnia.nix |  1 -
 5 files changed, 22 insertions(+), 13 deletions(-)

(limited to 'nixos/configurations')

diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix
index 3f857ee..672788a 100644
--- a/nixos/configurations/adm-omnia.nix
+++ b/nixos/configurations/adm-omnia.nix
@@ -12,7 +12,6 @@
       ar9287.interface = "wlp3s0";
       qca988x.interface = "wlp2s0";
     };
-    openvpn.oldpersonal = false;
     monitoring.speedtest = true;
   };
 
diff --git a/nixos/configurations/dean.nix b/nixos/configurations/dean.nix
index 44feaea..c903794 100644
--- a/nixos/configurations/dean.nix
+++ b/nixos/configurations/dean.nix
@@ -1,4 +1,10 @@
-{pkgs, ...}: {
+{
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkForce;
+in {
   turris.board = "mox";
   deploy.enable = true;
 
@@ -10,6 +16,11 @@
   networking = {
     useNetworkd = true;
     useDHCP = false;
+    nat = {
+      enable = true;
+      externalInterface = "brlan";
+      internalInterfaces = ["wg"];
+    };
   };
   systemd.network = {
     netdevs."brlab".netdevConfig = {
@@ -28,6 +39,7 @@
         matchConfig.Name = "lan* end0";
         networkConfig.Bridge = "brlan";
       };
+      "wg".networkConfig.IPForward = mkForce "yes";
     };
     # TODO investigate why it doesn't work
     wait-online.enable = false;
@@ -37,7 +49,4 @@
     #openocd
     tio
   ];
-
-  # TODO: ubootTools build is broken!
-  firmware.environment.enable = false;
 }
diff --git a/nixos/configurations/errol.nix b/nixos/configurations/errol.nix
index a9475ef..3f7ad8c 100644
--- a/nixos/configurations/errol.nix
+++ b/nixos/configurations/errol.nix
@@ -13,9 +13,7 @@ in {
     desktop.enable = true;
     develop = true;
     gaming = true;
-    openvpn = {
-      elektroline = true;
-    };
+    openvpn.elektroline = true;
   };
 
   boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage"];
@@ -35,6 +33,11 @@ in {
       fsType = "btrfs";
       options = ["compress=lzo" "subvol=@nix"];
     };
+    "/nix" = {
+      device = "/dev/mapper/encroot";
+      fsType = "btrfs";
+      options = ["compress=lzo" "subvol=@nix-store"];
+    };
     "/home" = {
       device = "/dev/mapper/encroot";
       fsType = "btrfs";
diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix
index 0eefe5f..2e5253d 100644
--- a/nixos/configurations/lipwig.nix
+++ b/nixos/configurations/lipwig.nix
@@ -33,7 +33,6 @@
     networking = {
       useNetworkd = true;
       useDHCP = false;
-      nftables.enable = true;
       firewall = {
         allowedTCPPorts = [80 443];
         allowedUDPPorts = [1194];
@@ -206,17 +205,17 @@
         passwords = pkgs.fetchNextcloudApp {
           url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.2.0/passwords.tar.gz";
           sha256 = "0s5z6pxkcwmhlbzy9s2g0s05n1iqjmxr2jqxz7ayklin9kcgr3h7";
-          license = "agpl3";
+          license = "gpl3";
         };
         integration_github = pkgs.fetchNextcloudApp {
           url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz";
           sha256 = "0rjdlsalayb21nmh3j5bl42dcbavxka2r5g9csagz7vc9dl0qrw6";
-          license = "agpl3";
+          license = "gpl3";
         };
         integration_gitlab = pkgs.fetchNextcloudApp {
           url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v1.0.18/integration_gitlab-v1.0.18.tar.gz";
           sha256 = "13vlbr7sigqrh480a9zp7zl9nbzb4pk8m1zzlqv9lkzj3zywp7mi";
-          license = "agpl3";
+          license = "gpl3";
         };
       };
     };
diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix
index 8456368..22d9ecc 100644
--- a/nixos/configurations/spt-omnia.nix
+++ b/nixos/configurations/spt-omnia.nix
@@ -38,7 +38,6 @@ in {
       };
     };
     wireguard = true;
-    openvpn.oldpersonal = true;
     monitoring.speedtest = true;
   };
 
-- 
cgit v1.2.3