From e6f431399192f70e5a33209a1c63f7cf75d5f542 Mon Sep 17 00:00:00 2001
From: Don Harper <duck@duckland.org>
Date: Wed, 14 May 2025 20:27:07 -0500
Subject: [PATCH] workstation | formating + override for widevine-cdm

---
 home/gui/default.nix          |  2 ++
 hosts/workstation/default.nix | 31 +++++++++----------------------
 2 files changed, 11 insertions(+), 22 deletions(-)

diff --git a/home/gui/default.nix b/home/gui/default.nix
index 769b8a2..a7d8112 100644
--- a/home/gui/default.nix
+++ b/home/gui/default.nix
@@ -17,6 +17,8 @@ in {
         ./sway.nix
         ./terminals.nix
       ];
+      # pkgs.config.allowUnfreePredicate = pkg:
+      #   builtins.elem (lib.getName pkg) [ "widevine-cdm" ];
       fonts = { fontconfig = { enable = true; }; };
       nixpkgs.overlays = [
         (final: prev: {
diff --git a/hosts/workstation/default.nix b/hosts/workstation/default.nix
index 6f07d18..798b5e7 100644
--- a/hosts/workstation/default.nix
+++ b/hosts/workstation/default.nix
@@ -44,28 +44,12 @@ in {
   networking = {
     networkmanager.enable = true;
     enableIPv6 = true;
-    networkmanager = {
-      wifi = {
-        powersave = true;
-      };
-    };
+    networkmanager = { wifi = { powersave = true; }; };
     useDHCP = false;
-    wireless = {
-      iwd = {
-        enable = true;
-        settings = {
-          IPv6 = {
-            Enabled = true;
-          };
-          Settings = {
-            AutoConnect = true;
-          };
-        };
-      };
-    };
     firewall = {
       enable = true;
-      trustedInterfaces = [ "tailscale0" ]; # always allow traffic from your Tailscale network
+      trustedInterfaces =
+        [ "tailscale0" ]; # always allow traffic from your Tailscale network
       checkReversePath = "loose";
       allowedUDPPorts = [ config.services.tailscale.port ];
       allowedTCPPortRanges = [{
@@ -79,7 +63,7 @@ in {
       allowedTCPPorts = [ 22 ];
       interfaces = {
         "tailscale0" = {
-          allowedTCPPorts = [ 22 8080 8443 ];
+          allowedTCPPorts = [ 22 8080 8443 8384 ];
           allowedTCPPortRanges = [{
             from = 1714;
             to = 1764;
@@ -93,7 +77,6 @@ in {
     };
   };
 
-
   # Set your time zone.
   time = {
     timeZone = "America/Chicago";
@@ -245,7 +228,10 @@ in {
 
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
-  nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ];
+  nixpkgs.config.allowUnfreePredicate = true;
+  # pkg:
+  #   builtins.elem (lib.getName pkg) [ "widevine-cdm" ];
+  nixpkgs.config.permittedInsecurePackages = [ "electron-33.4.11" ];
 
   fonts.packages = with pkgs; [
     anonymousPro
@@ -302,6 +288,7 @@ in {
     pulseaudio
     ruby
     sops
+    termsonic
     toot
     udiskie
     wireplumber