Various fixes found when moving loki
- enabled: - polkit - udisks2 - overlays - cert for Citrix - widevine for qutebrowser (not working yet) - updated tailscale API key - fixed firewall ports for kdeconnect - fixed msmtp port for sending email
This commit is contained in:
Don Harper
parent
92eae6ec40
commit
f66a5aaa04
1 changed files with 19 additions and 13 deletions
|
|
@ -26,6 +26,7 @@
|
||||||
boot.plymouth.enable = false;
|
boot.plymouth.enable = false;
|
||||||
boot.plymouth.theme = "breeze";
|
boot.plymouth.theme = "breeze";
|
||||||
|
|
||||||
|
security.polkit.enable = true;
|
||||||
# Enable doas instead of sudo
|
# Enable doas instead of sudo
|
||||||
security.sudo.enable = false;
|
security.sudo.enable = false;
|
||||||
security.doas.enable = true;
|
security.doas.enable = true;
|
||||||
|
|
@ -52,6 +53,7 @@
|
||||||
services.avahi.nssmdns = true;
|
services.avahi.nssmdns = true;
|
||||||
# Enable CUPS to print documents.
|
# Enable CUPS to print documents.
|
||||||
services.printing.enable = true;
|
services.printing.enable = true;
|
||||||
|
services.udisks2.enable = true;
|
||||||
|
|
||||||
# Enable sound with pipewire.
|
# Enable sound with pipewire.
|
||||||
sound.enable = true;
|
sound.enable = true;
|
||||||
|
|
@ -120,19 +122,20 @@
|
||||||
zoom-us
|
zoom-us
|
||||||
];
|
];
|
||||||
|
|
||||||
|
programs.dconf.enable = true;
|
||||||
programs.mtr.enable = true;
|
programs.mtr.enable = true;
|
||||||
#-#| nixpkgs.overlays = [
|
nixpkgs.overlays = [
|
||||||
#-#| ( self: super:
|
( self: super:
|
||||||
#-#| let
|
let
|
||||||
#-#| extraCerts = [ /etc/static/ssl/certs/ca-bundle.crt /etc/static/ssl/certs/ca-certificates.crt ];
|
extraCerts = [ /etc/static/ssl/certs/ca-bundle.crt /etc/static/ssl/certs/ca-certificates.crt ];
|
||||||
#-#| in {
|
in {
|
||||||
#-#| citrix_workspace = super.citrix_workspace.override {
|
citrix_workspace = super.citrix_workspace.override {
|
||||||
#-#| inherit extraCerts;
|
inherit extraCerts;
|
||||||
#-#| };
|
};
|
||||||
#-#| qutebrowser = super.qutebrowser.override { enableWideVine = true; };
|
}
|
||||||
#-#| }
|
)
|
||||||
#-#| )
|
(final: prev: { qutebrowser = prev.qutebrowser.override { enableWideVine = true; }; })
|
||||||
#-#| ];
|
];
|
||||||
|
|
||||||
services.tailscale.enable = true;
|
services.tailscale.enable = true;
|
||||||
# create a oneshot job to authenticate to Tailscale
|
# create a oneshot job to authenticate to Tailscale
|
||||||
|
|
@ -159,7 +162,7 @@
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# otherwise authenticate with tailscale
|
# otherwise authenticate with tailscale
|
||||||
${tailscale}/bin/tailscale up -authkey tskey-kX35vC1CNTRL-ZLmNBp4CQV3bu3SsLGjW56
|
${tailscale}/bin/tailscale up -authkey tskey-api-kDQcva6CNTRL-kvcJzSix6yLb2dgjr1Pi
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -181,9 +184,11 @@
|
||||||
|
|
||||||
# allow the Tailscale UDP port through the firewall
|
# allow the Tailscale UDP port through the firewall
|
||||||
allowedUDPPorts = [ config.services.tailscale.port ];
|
allowedUDPPorts = [ config.services.tailscale.port ];
|
||||||
|
allowedUDPPortRanges = [ { from = 1714 ; to = 1764; }];
|
||||||
|
|
||||||
# allow you to SSH in over the public internet
|
# allow you to SSH in over the public internet
|
||||||
allowedTCPPorts = [ 22 ];
|
allowedTCPPorts = [ 22 ];
|
||||||
|
allowedTCPPortRanges = [ { from = 1714 ; to = 1764; } ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -202,6 +207,7 @@
|
||||||
default = {
|
default = {
|
||||||
auth = true;
|
auth = true;
|
||||||
tls = true;
|
tls = true;
|
||||||
|
port = 587;
|
||||||
from = "duck@duckland.org";
|
from = "duck@duckland.org";
|
||||||
host = "smtp.gmail.com";
|
host = "smtp.gmail.com";
|
||||||
user = "duckunix@gmail.com";
|
user = "duckunix@gmail.com";
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue