Various fixes found when moving loki

- enabled: - polkit - udisks2 - overlays - cert for Citrix - widevine for qutebrowser (not working yet) - updated tailscale API key - fixed firewall ports for kdeconnect - fixed msmtp port for sending email
2022-12-28 13:48:48 -06:00 · 2022-12-28 13:48:48 -06:00 · f66a5aaa04
commit f66a5aaa04
parent 92eae6ec40
1 changed files with 19 additions and 13 deletions
--- a/workstation/configuration.nix
+++ b/workstation/configuration.nix
@ -26,6 +26,7 @@
  boot.plymouth.enable = false;
  boot.plymouth.theme = "breeze";

+  security.polkit.enable = true;
  # Enable doas instead of sudo
  security.sudo.enable = false;
  security.doas.enable = true;
@ -52,6 +53,7 @@
  services.avahi.nssmdns = true;
  # Enable CUPS to print documents.
  services.printing.enable = true;
+  services.udisks2.enable = true;

  # Enable sound with pipewire.
  sound.enable = true;
@ -120,19 +122,20 @@
    zoom-us
  ];

+  programs.dconf.enable = true;
  programs.mtr.enable = true;
-#-#|  nixpkgs.overlays = [
-#-#|      ( self: super:
-#-#|        let 
-#-#|          extraCerts = [ /etc/static/ssl/certs/ca-bundle.crt /etc/static/ssl/certs/ca-certificates.crt ];
-#-#|        in { 
-#-#|          citrix_workspace = super.citrix_workspace.override  {
-#-#|            inherit extraCerts;
-#-#|          };
-#-#|          qutebrowser = super.qutebrowser.override { enableWideVine = true; }; 
-#-#|        }
-#-#|      )
-#-#|  ];
+  nixpkgs.overlays = [
+      ( self: super:
+        let 
+          extraCerts = [ /etc/static/ssl/certs/ca-bundle.crt /etc/static/ssl/certs/ca-certificates.crt ];
+        in { 
+          citrix_workspace = super.citrix_workspace.override  {
+            inherit extraCerts;
+          };
+        }
+      )
+    (final: prev: { qutebrowser = prev.qutebrowser.override { enableWideVine = true; }; })
+  ];

  services.tailscale.enable = true;
  # create a oneshot job to authenticate to Tailscale
@ -159,7 +162,7 @@
      fi

      # otherwise authenticate with tailscale
-      ${tailscale}/bin/tailscale up -authkey tskey-kX35vC1CNTRL-ZLmNBp4CQV3bu3SsLGjW56
+      ${tailscale}/bin/tailscale up -authkey tskey-api-kDQcva6CNTRL-kvcJzSix6yLb2dgjr1Pi
    '';
  };

@ -181,9 +184,11 @@

    # allow the Tailscale UDP port through the firewall
    allowedUDPPorts = [ config.services.tailscale.port ];
+    allowedUDPPortRanges = [ { from = 1714 ; to = 1764; }];

    # allow you to SSH in over the public internet
    allowedTCPPorts = [ 22 ];
+    allowedTCPPortRanges = [ { from = 1714 ; to = 1764; } ];
  };


@ -202,6 +207,7 @@
      default = {
        auth = true;
        tls = true;
+        port = 587;
        from = "duck@duckland.org";
        host = "smtp.gmail.com";
        user = "duckunix@gmail.com";