workstation | formating + override for widevine-cdm

2025-05-14 20:27:07 -05:00 · 2025-05-14 20:27:07 -05:00 · e6f4313991
commit e6f4313991
parent 7a189929c2
2 changed files with 11 additions and 22 deletions
--- a/home/gui/default.nix
+++ b/home/gui/default.nix
@ -17,6 +17,8 @@ in {
        ./sway.nix
        ./terminals.nix
      ];
+      # pkgs.config.allowUnfreePredicate = pkg:
+      #   builtins.elem (lib.getName pkg) [ "widevine-cdm" ];
      fonts = { fontconfig = { enable = true; }; };
      nixpkgs.overlays = [
        (final: prev: {
--- a/hosts/workstation/default.nix
+++ b/hosts/workstation/default.nix
@ -44,28 +44,12 @@ in {
  networking = {
    networkmanager.enable = true;
    enableIPv6 = true;
-    networkmanager = {
-      wifi = {
-        powersave = true;
-      };
-    };
+    networkmanager = { wifi = { powersave = true; }; };
    useDHCP = false;
-    wireless = {
-      iwd = {
-        enable = true;
-        settings = {
-          IPv6 = {
-            Enabled = true;
-          };
-          Settings = {
-            AutoConnect = true;
-          };
-        };
-      };
-    };
    firewall = {
      enable = true;
-      trustedInterfaces = [ "tailscale0" ]; # always allow traffic from your Tailscale network
+      trustedInterfaces =
+        [ "tailscale0" ]; # always allow traffic from your Tailscale network
      checkReversePath = "loose";
      allowedUDPPorts = [ config.services.tailscale.port ];
      allowedTCPPortRanges = [{
@ -79,7 +63,7 @@ in {
      allowedTCPPorts = [ 22 ];
      interfaces = {
        "tailscale0" = {
-          allowedTCPPorts = [ 22 8080 8443 ];
+          allowedTCPPorts = [ 22 8080 8443 8384 ];
          allowedTCPPortRanges = [{
            from = 1714;
            to = 1764;
@ -93,7 +77,6 @@ in {
    };
  };

-
  # Set your time zone.
  time = {
    timeZone = "America/Chicago";
@ -245,7 +228,10 @@ in {

  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;
-  nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ];
+  nixpkgs.config.allowUnfreePredicate = true;
+  # pkg:
+  #   builtins.elem (lib.getName pkg) [ "widevine-cdm" ];
+  nixpkgs.config.permittedInsecurePackages = [ "electron-33.4.11" ];

  fonts.packages = with pkgs; [
    anonymousPro
@ -302,6 +288,7 @@ in {
    pulseaudio
    ruby
    sops
+    termsonic
    toot
    udiskie
    wireplumber