From f66a5aaa040e1fa5f2117d06a8093efb3ec08d53 Mon Sep 17 00:00:00 2001
From: Don Harper <duck@duckland.org>
Date: Wed, 28 Dec 2022 13:48:48 -0600
Subject: [PATCH] Various fixes found when moving loki

 - enabled:
   - polkit
   - udisks2
  - overlays
   - cert for Citrix
   - widevine for qutebrowser (not working yet)
  - updated tailscale API key
  - fixed firewall ports for kdeconnect
  - fixed msmtp port for sending email
---
 workstation/configuration.nix | 32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/workstation/configuration.nix b/workstation/configuration.nix
index 5ede98e..feeca60 100644
--- a/workstation/configuration.nix
+++ b/workstation/configuration.nix
@@ -26,6 +26,7 @@
   boot.plymouth.enable = false;
   boot.plymouth.theme = "breeze";
 
+  security.polkit.enable = true;
   # Enable doas instead of sudo
   security.sudo.enable = false;
   security.doas.enable = true;
@@ -52,6 +53,7 @@
   services.avahi.nssmdns = true;
   # Enable CUPS to print documents.
   services.printing.enable = true;
+  services.udisks2.enable = true;
 
   # Enable sound with pipewire.
   sound.enable = true;
@@ -120,19 +122,20 @@
     zoom-us
   ];
 
+  programs.dconf.enable = true;
   programs.mtr.enable = true;
-#-#|  nixpkgs.overlays = [
-#-#|      ( self: super:
-#-#|        let 
-#-#|          extraCerts = [ /etc/static/ssl/certs/ca-bundle.crt /etc/static/ssl/certs/ca-certificates.crt ];
-#-#|        in { 
-#-#|          citrix_workspace = super.citrix_workspace.override  {
-#-#|            inherit extraCerts;
-#-#|          };
-#-#|          qutebrowser = super.qutebrowser.override { enableWideVine = true; }; 
-#-#|        }
-#-#|      )
-#-#|  ];
+  nixpkgs.overlays = [
+      ( self: super:
+        let 
+          extraCerts = [ /etc/static/ssl/certs/ca-bundle.crt /etc/static/ssl/certs/ca-certificates.crt ];
+        in { 
+          citrix_workspace = super.citrix_workspace.override  {
+            inherit extraCerts;
+          };
+        }
+      )
+    (final: prev: { qutebrowser = prev.qutebrowser.override { enableWideVine = true; }; })
+  ];
 
   services.tailscale.enable = true;
   # create a oneshot job to authenticate to Tailscale
@@ -159,7 +162,7 @@
       fi
 
       # otherwise authenticate with tailscale
-      ${tailscale}/bin/tailscale up -authkey tskey-kX35vC1CNTRL-ZLmNBp4CQV3bu3SsLGjW56
+      ${tailscale}/bin/tailscale up -authkey tskey-api-kDQcva6CNTRL-kvcJzSix6yLb2dgjr1Pi
     '';
   };
 
@@ -181,9 +184,11 @@
 
     # allow the Tailscale UDP port through the firewall
     allowedUDPPorts = [ config.services.tailscale.port ];
+    allowedUDPPortRanges = [ { from = 1714 ; to = 1764; }];
 
     # allow you to SSH in over the public internet
     allowedTCPPorts = [ 22 ];
+    allowedTCPPortRanges = [ { from = 1714 ; to = 1764; } ];
   };
 
 
@@ -202,6 +207,7 @@
       default = {
         auth = true;
         tls = true;
+        port = 587;
         from = "duck@duckland.org";
         host = "smtp.gmail.com";
         user = "duckunix@gmail.com";