diff --git a/flake.lock b/flake.lock index f0cf77e..6477864 100755 --- a/flake.lock +++ b/flake.lock @@ -200,11 +200,11 @@ "quickshell": "quickshell" }, "locked": { - "lastModified": 1768700084, - "narHash": "sha256-G/RtxgpF4OHRWy82/MHmEClOq9sBn8tki6K6vCuPZvU=", + "lastModified": 1769073714, + "narHash": "sha256-vppHLOKWw3ygroSlQ2oZ/evNIeXrBDl7cOPOyXZAh90=", "owner": "caelestia-dots", "repo": "shell", - "rev": "408c523d257f5e22fd95229dd36e76f4b90439a2", + "rev": "617f7a19f335be9e975dd001e262794636a6716f", "type": "github" }, "original": { @@ -250,11 +250,11 @@ ] }, "locked": { - "lastModified": 1768727946, - "narHash": "sha256-le2GY+ZR6uRHMuOAc60sBR3gBD2BEk1qOZ3S5C/XFpU=", + "lastModified": 1768923567, + "narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=", "owner": "nix-community", "repo": "disko", - "rev": "558e84658d0eafc812497542ad6ca0d9654b3b0f", + "rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28", "type": "github" }, "original": { @@ -679,11 +679,11 @@ "zon2nix": "zon2nix" }, "locked": { - "lastModified": 1768776776, - "narHash": "sha256-OeoF0vBLezZ0WQDxjpI5OHQskKzeCpOITYJ6XoUDwWg=", + "lastModified": 1769140056, + "narHash": "sha256-EaC2VOH6BzzzeOFXor9BbesOGgJsCCHw5Nx+BG0IZY4=", "owner": "ghostty-org", "repo": "ghostty", - "rev": "250877eff69ee1f00168a1f5ce9ab5490e29b0dc", + "rev": "4acd33954aaeafd414f483ae9c44ba1ae7effe98", "type": "github" }, "original": { @@ -699,11 +699,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1767281941, - "narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=", + "lastModified": 1769069492, + "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa", + "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", "type": "github" }, "original": { @@ -824,11 +824,11 @@ ] }, "locked": { - "lastModified": 1768770171, - "narHash": "sha256-JPmLGZgdWa8QcQbbtBqyZhpmxIHZ3lUO48laERjw+4k=", + "lastModified": 1769132734, + "narHash": "sha256-gmU9cRplrQWqoback9PgQX7Dlsdx8JlhlVZwf0q1F7E=", "owner": "nix-community", "repo": "home-manager", - "rev": "521d5ea1a229ba315dd1cceaf869946ddcc83d36", + "rev": "d055b309a6277343cb1033a11d7500f0a0f669fc", "type": "github" }, "original": { @@ -912,11 +912,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1768746153, - "narHash": "sha256-H3BxpO76d/SX/qiCzl3bUi352xIkgdqqSb0sJfuv25w=", + "lastModified": 1769114016, + "narHash": "sha256-eYY8QyE+RY7sa69DZmdbfN2DFfyx3Jk9k/gALAKXi38=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "eb0480ba0d0870ab5d8a876f01c6ab033a4b35f4", + "rev": "64db62d7e2685d62cbab51a1a7cb7f2cf38a1b32", "type": "github" }, "original": { @@ -1290,11 +1290,11 @@ }, "mnw": { "locked": { - "lastModified": 1767030222, + "lastModified": 1768701608, "narHash": "sha256-kSvWF3Xt2HW9hmV5V7i8PqeWJIBUKmuKoHhOgj3Znzs=", "owner": "Gerg-L", "repo": "mnw", - "rev": "75bb637454b0fbbb5ed652375a4bf7ffd28bcf6f", + "rev": "20d63a8a1ae400557c770052a46a9840e768926b", "type": "github" }, "original": { @@ -1332,11 +1332,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1768781101, - "narHash": "sha256-p3guh/Vx4Pf+Ggk3X69SPTJot6emv6rgKpoBLNO61Ag=", + "lastModified": 1769126721, + "narHash": "sha256-vMWf9C4LK2fshCKgUYGR0fn4/3qg2/sWyFILv4YYTB8=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "e90cb6d441572fc05ffb8769051d59f1d2d3269e", + "rev": "7c77dcce004c0845da25e0fe9a6c8b11bd46e614", "type": "github" }, "original": { @@ -1348,11 +1348,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1768778690, - "narHash": "sha256-XrWZBeH0GnvnQzE9Xmm69sesSGB2h5uVLuTmLA7k1p0=", + "lastModified": 1769125444, + "narHash": "sha256-KOVSBncEUsn5ZqbkaDo5GhXWCoKqdZGij/KnLH5CoVI=", "owner": "neovim", "repo": "neovim", - "rev": "30259d6af79e731491e6b12d815893b1b130b52b", + "rev": "c39d18ee939cba5f905416fcc97661b1836f4de4", "type": "github" }, "original": { @@ -1373,11 +1373,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1768767453, - "narHash": "sha256-Omq1UHEJ1oxkTo2j8l6qQtmyPR7Uj+k7HC5Khd3jVVA=", + "lastModified": 1769095293, + "narHash": "sha256-GPlRdJ7LVLyabpJ2tDA9Bj5em9wi3mKXeedIDl7+LWs=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "8eab7c21ef4edc97cc56ddb8e76a842e0818d6d7", + "rev": "180bdbbc91c89f540a52d2b31c8c08116c53b91f", "type": "github" }, "original": { @@ -1492,11 +1492,11 @@ ] }, "locked": { - "lastModified": 1768357481, - "narHash": "sha256-LpOWVXsHx20x8eRIhn23Q0icmV3Z6ZeFpAPzEqldXFk=", + "lastModified": 1768962252, + "narHash": "sha256-HyWOOHcySV8rl36gs4+n0sxPinxpwWOgwXibfFPYeZ0=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "f888492aa1a1eeb0114cf78af40d44e8300e002e", + "rev": "433cf697394104123e1fd02fa689534ac1733bfa", "type": "github" }, "original": { @@ -1613,11 +1613,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1768621446, - "narHash": "sha256-6YwHV1cjv6arXdF/PQc365h1j+Qje3Pydk501Rm4Q+4=", + "lastModified": 1768940263, + "narHash": "sha256-sJERJIYTKPFXkoz/gBaBtRKke82h4DkX3BBSsKbfbvI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "72ac591e737060deab2b86d6952babd1f896d7c5", + "rev": "3ceaaa8bc963ced4d830e06ea2d0863b6490ff03", "type": "github" }, "original": { @@ -1674,11 +1674,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1768661221, - "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", + "lastModified": 1768875095, + "narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", + "rev": "ed142ab1b3a092c4d149245d0c4126a5d7ea00b0", "type": "github" }, "original": { @@ -1706,11 +1706,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1768661221, - "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", + "lastModified": 1768875095, + "narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", + "rev": "ed142ab1b3a092c4d149245d0c4126a5d7ea00b0", "type": "github" }, "original": { @@ -1738,11 +1738,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1763806073, - "narHash": "sha256-FHsEKDvfWpzdADWj99z7vBk4D716Ujdyveo5+A048aI=", + "lastModified": 1768875095, + "narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "878e468e02bfabeda08c79250f7ad583037f2227", + "rev": "ed142ab1b3a092c4d149245d0c4126a5d7ea00b0", "type": "github" }, "original": { @@ -1759,11 +1759,11 @@ ] }, "locked": { - "lastModified": 1768785620, - "narHash": "sha256-ZhhZNA3romjb3ukC3cKnEhzv2GQDIMIComwtXpCqVCY=", + "lastModified": 1769145612, + "narHash": "sha256-uHtKorr5FamlD/WXSs7gJYYcsO9EGlVJhY/V4n4HmW4=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "cf2e02c6e9bf9f38d3e3787c6afe7d83f169ed5c", + "rev": "e4729d9b92346f86eeaccc6063506684575ea9ea", "type": "github" }, "original": { @@ -1809,11 +1809,11 @@ "systems": "systems_8" }, "locked": { - "lastModified": 1768464392, - "narHash": "sha256-H3DRARqclUFdUaWgu1xQEb86/wrh41ZG0fIQJVjcZdE=", + "lastModified": 1769111313, + "narHash": "sha256-2IU9TOe7BBG145mftfQW2aYxXxQd2YHfv8V1qTMFkmY=", "owner": "notashelf", "repo": "nvf", - "rev": "007f14a2c8d67568f4655654b401871920d73011", + "rev": "bebdddb5719ec2c3f86b0168a785d1a2aee1d857", "type": "github" }, "original": { @@ -1974,11 +1974,11 @@ ] }, "locked": { - "lastModified": 1768791178, - "narHash": "sha256-ZVqH14w7y40DEQOghli1c28NopVNFk1MNNRzEIwMa6M=", + "lastModified": 1769136478, + "narHash": "sha256-8UNd5lmGf8phCr/aKxagJ4kNsF0pCHLish2G4ZKCFFY=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "3941028eccc4d981f75c933786e1fd95b71024f1", + "rev": "470ee44393bb19887056b557ea2c03fc5230bd5a", "type": "github" }, "original": { @@ -1995,11 +1995,11 @@ ] }, "locked": { - "lastModified": 1763952169, - "narHash": "sha256-+PeDBD8P+NKauH+w7eO/QWCIp8Cx4mCfWnh9sJmy9CM=", + "lastModified": 1769091129, + "narHash": "sha256-Jj/vIHjiu4OdDIrDXZ3xOPCJrMZZKzhE2UIVXV/NYzY=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "ab726555a9a72e6dc80649809147823a813fa95b", + "rev": "131e22d6a6d54ab72aeef6a5a661ab7005b4c596", "type": "github" }, "original": { @@ -2013,11 +2013,11 @@ "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1768709255, - "narHash": "sha256-aigyBfxI20FRtqajVMYXHtj5gHXENY2gLAXEhfJ8/WM=", + "lastModified": 1768863606, + "narHash": "sha256-1IHAeS8WtBiEo5XiyJBHOXMzECD6aaIOJmpQKzRRl64=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5e8fae80726b66e9fec023d21cd3b3e638597aa9", + "rev": "c7067be8db2c09ab1884de67ef6c4f693973f4a2", "type": "github" }, "original": { @@ -2423,11 +2423,11 @@ "rust-overlay": "rust-overlay_4" }, "locked": { - "lastModified": 1768756095, - "narHash": "sha256-5YO/8LTVhUFJ4jJMuJtgE3oGGD0D7aR0fcfHEKvQmTo=", + "lastModified": 1769095881, + "narHash": "sha256-BZktPXn+8vyFyHapvW+9nepFsWRW/XBtdBcnLKrCNCw=", "owner": "sxyazi", "repo": "yazi", - "rev": "ca4cc594136e313b47f8da0f3699b7ea9699a959", + "rev": "4e0acf8cbfcd66924af38a9418d3e12dc31a7316", "type": "github" }, "original": { @@ -2446,11 +2446,11 @@ ] }, "locked": { - "lastModified": 1768788372, - "narHash": "sha256-TTEB3amVrXNX5AmIj7Bb8Dp2W8BOD73GbW8p5uH8kQI=", + "lastModified": 1769059766, + "narHash": "sha256-u95Qe60mF3eoEqrd0tIej4A8TDWoc/N4ZjZ60npplgw=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "756b3eff6a629b70ea971b8a1819f22bc3789730", + "rev": "dc0483a6e3ff1ffb04ad77d26c1a4458f4cf82d6", "type": "github" }, "original": { diff --git a/pkgs/overlays/default.nix b/pkgs/overlays/default.nix index 21e4f28..f05a430 100755 --- a/pkgs/overlays/default.nix +++ b/pkgs/overlays/default.nix @@ -1,5 +1,6 @@ [ (import ./vesktop.nix) + (import ./proton-dw-bin.nix) # (import ./powerdns-admin.nix) # (import ./stalwart-mail) ] diff --git a/pkgs/overlays/proton-dw-bin.nix b/pkgs/overlays/proton-dw-bin.nix new file mode 100644 index 0000000..3b550d0 --- /dev/null +++ b/pkgs/overlays/proton-dw-bin.nix @@ -0,0 +1,41 @@ +final: prev: { + proton-dw-bin = + let + steamDisplayName = "Proton DW"; + in + final.pkgs.stdenv.mkDerivation (finalAttrs: rec { + pname = "dwproton"; + version = "10.0-14"; + + src = final.pkgs.fetchzip { + url = "https://dawn.wine/dawn-winery/dwproton/releases/download/${pname}-${finalAttrs.version}/${pname}-${finalAttrs.version}-x86_64.tar.xz"; + hash = "sha256-5fDo7YUPhp0OwjdAXHfovSuFCgSPwHW0cSZk9E+FY98="; + }; + + dontUnpack = true; + dontConfigure = true; + dontBuild = true; + + outputs = [ + "out" + "steamcompattool" + ]; + + installPhase = '' + runHook preInstall + echo "${finalAttrs.pname} should not be installed into environments. Please use programs.steam.extraCompatPackages instead." > $out + + mkdir $steamcompattool + ln -s $src/* $steamcompattool + rm $steamcompattool/compatibilitytool.vdf + cp $src/compatibilitytool.vdf $steamcompattool + + runHook postInstall + ''; + + preFixup = '' + substituteInPlace "$steamcompattool/compatibilitytool.vdf" \ + --replace-fail "${finalAttrs.pname}-${finalAttrs.version}-x86_64" "${steamDisplayName}" + ''; + }); +} diff --git a/system/dev/dn-pre7780/default.nix b/system/dev/dn-pre7780/default.nix index 880918e..bc46ec3 100755 --- a/system/dev/dn-pre7780/default.nix +++ b/system/dev/dn-pre7780/default.nix @@ -55,6 +55,7 @@ in ../../modules/shells/noctalia ../../modules/sunshine.nix ../../modules/secure-boot.nix + ../../modules/card-reader.nix ]; # Live Sync D diff --git a/system/dev/dn-pre7780/home/default.nix b/system/dev/dn-pre7780/home/default.nix index cdc87da..e72b04a 100755 --- a/system/dev/dn-pre7780/home/default.nix +++ b/system/dev/dn-pre7780/home/default.nix @@ -6,7 +6,7 @@ }: let inherit (helper) getMonitors; - inherit (builtins) elemAt; + inherit (builtins) elemAt length; inherit (config.networking) hostName; inherit (config.systemConf) username; inherit (lib) optionalString mkForce; @@ -24,7 +24,11 @@ in let monitors = getMonitors hostName config; mainMonitor = (elemAt monitors 0).criteria; - secondMonitor = (elemAt monitors 1).criteria; + secondMonitor = + let + index = if (length monitors) > 1 then 1 else 0; + in + (elemAt monitors index).criteria; mainMonitorSwayFormat = "desc:ASUSTek COMPUTER INC - ASUS VG32VQ1B"; in { @@ -58,6 +62,18 @@ in } ]; } + { + profile.name = "AcerOnly"; + profile.outputs = [ + { + criteria = "Acer Technologies XV272U V3 1322131231233"; + mode = "2560x1440@179.876999Hz"; + position = "0,0"; + transform = "normal"; + scale = 1.0; + } + ]; + } ]; programs.ghostty.settings = { diff --git a/system/dev/dn-server/network/services.nix b/system/dev/dn-server/network/services.nix index 4ebcb40..ac644b2 100755 --- a/system/dev/dn-server/network/services.nix +++ b/system/dev/dn-server/network/services.nix @@ -7,11 +7,10 @@ let inherit (builtins) concatStringsSep; inherit (config.systemConf) security domain; - inherit (lib) mkForce optionalString; + inherit (lib) mkForce; inherit (helper.nftables) mkElementsStatement; netbirdCfg = config.services.netbird; - netbirdRange = "100.64.0.0/16"; ethInterface = "enp0s31f6"; sshPorts = [ 30072 ]; @@ -36,7 +35,6 @@ let allowedSSHIPs = concatStringsSep ", " [ "122.117.215.55" "192.168.100.1/24" - netbirdRange personal.range ]; @@ -221,50 +219,41 @@ in } chain input { - type filter hook input priority 0; policy drop; + type filter hook input priority -10; policy drop; iif lo accept - - meta nftrace set 1 meta l4proto { icmp, ipv6-icmp } accept - ct state vmap { invalid : drop, established : accept, related : accept } - # Allow Incoming DNS qeury - udp dport 53 accept - tcp dport 53 accept - tcp dport { ${sshPortsString} } jump ssh-filter - # Allow Netbird UDP - udp dport { ${toString netbirdCfg.clients.wt0.port} } accept - iifname ${netbirdCfg.clients.wt0.interface} accept - iifname { ${ethInterface}, ${personal.interface} } udp dport { ${toString personal.port} } accept - iifname ${infra.interface} ip saddr ${infra.range} accept - iifname ${personal.interface} ip saddr ${personal.range} jump wg-subnet - - drop + iifname { ${personal.interface}, ${infra.interface}, ${netbirdCfg.clients.wt0.interface} } accept } chain output { - type filter hook output priority 0; policy drop; + type filter hook output priority -10; policy drop; iif lo accept + ct state vmap { invalid : drop, established : accept, related : accept } + + # Time Sync + meta skuid ${toString config.users.users.systemd-timesync.uid} accept + + # VPN + oifname { ${personal.interface}, ${infra.interface}, ${netbirdCfg.clients.wt0.interface} } accept # Allow DNS qeury udp dport 53 accept tcp dport 53 accept - # Allow UDP hole punching - ${optionalString ( - netbirdCfg.clients ? wt0 - ) "udp sport ${toString netbirdCfg.clients.wt0.port} accept"} + # UDP Hole Punching + meta mark 0x1bd00 accept - meta skuid ${toString config.users.users.systemd-timesync.uid} accept + # DHCP + udp sport 68 udp dport 67 accept - ct state vmap { invalid : drop, established : accept, related : accept } + # Allowed IPs ip saddr != @restrict_source_ips accept - ip daddr @${security.rules.setName} accept ip6 daddr @${security.rules.setNameV6} accept @@ -272,27 +261,10 @@ in } chain ssh-filter { - ip saddr { ${allowedSSHIPs} } accept - counter reject - } + iifname { ${personal.interface}, ${infra.interface}, ${netbirdCfg.clients.wt0.interface} } tcp dport { ${sshPortsString} } accept + ip saddr { ${allowedSSHIPs} } tcp dport { ${sshPortsString} } accept - chain forward { - type filter hook forward priority 0; policy drop; - - meta l4proto { icmp, ipv6-icmp } accept - - ct state vmap { invalid : drop, established : accept, related : accept } - - iifname ${personal.interface} ip saddr ${personal.ip} jump wg-subnet - iifname ${infra.interface} ip saddr ${infra.ip} accept - - counter - } - - chain wg-subnet { - ip saddr ${personal.full} accept - ip saddr ${personal.restrict} ip daddr ${personal.range} accept - counter drop + counter log prefix "SSH-DROP: " flags all drop } chain postrouting { diff --git a/system/dev/dn-server/services/mail-server.nix b/system/dev/dn-server/services/mail-server.nix index 2d83e7b..b40b4b5 100755 --- a/system/dev/dn-server/services/mail-server.nix +++ b/system/dev/dn-server/services/mail-server.nix @@ -18,6 +18,7 @@ in "api.docker.com" "cdn.segment.com" "api.segment.io" + "sa-update.surbl.org" ]; mail-server = diff --git a/system/dev/dn-server/services/metrics.nix b/system/dev/dn-server/services/metrics.nix index c708af1..d418eba 100755 --- a/system/dev/dn-server/services/metrics.nix +++ b/system/dev/dn-server/services/metrics.nix @@ -10,6 +10,7 @@ let inherit (lib) optionalAttrs optional; inherit (config.networking) hostName domain; + oidcEndpoint = "https://${config.services.keycloak.settings.hostname}/realms/master"; grafanaHostname = "grafana.${domain}"; prometheusHostname = "metrics.${domain}"; @@ -118,13 +119,13 @@ in extraSettings = { "auth.generic_oauth" = let - OIDCBaseUrl = "https://keycloak.net.dn/realms/master/protocol/openid-connect"; + OIDCBaseUrl = "${oidcEndpoint}/protocol/openid-connect"; in { enabled = true; allow_sign_up = true; client_id = "grafana"; - client_secret = ''$__file{${config.sops.secrets."grafana/client_secret".path}}''; + client_secret = "$__file{${config.sops.secrets."grafana/client_secret".path}}"; scopes = "openid email profile offline_access roles"; email_attribute_path = "email"; login_attribute_path = "username"; diff --git a/system/dev/dn-server/sops/secret.yaml b/system/dev/dn-server/sops/secret.yaml index e37855d..62082f0 100755 --- a/system/dev/dn-server/sops/secret.yaml +++ b/system/dev/dn-server/sops/secret.yaml @@ -41,7 +41,7 @@ postsrsd: secret: ENC[AES256_GCM,data:JZNwSymEjIFb8h3gnvFajxSaNYRxjA/NUruA4WX+uSqX0ufVcbVWgxQTr7U=,iv:ydGnCESCLbwyGKc+5witXDkT3OgW27LKen7PkqUL6mU=,tag:M3RGI6LgU5n2e6ZiXxTFfQ==,type:str] grafana: password: ENC[AES256_GCM,data:tySP1+vHkd+meSunzjE=,iv:09F8yEGw4j1Jd0HXDQyHbFxsr3Vg23mvWF5eZkU2KU8=,tag:6fmS38VUgNBNbo2BzxBuGA==,type:str] - client_secret: ENC[AES256_GCM,data:abk55RRC57xGiEpaBby0Drk4XS1+7INVie8wrpEg0XE=,iv:qywQIHIpgaS2pUcW1Uau//JU6UdMY52EVYCjhmnWJt4=,tag:fI01k/1nIqEXuPi90A00jQ==,type:str] + client_secret: ENC[AES256_GCM,data:bi1GSA2MSBQRTojgvmOvufjax/hathnXrPbnEF27SQc=,iv:IpzcIDWlgn5jfpA+ZRjji65AonarNjSzYRcfEzLxws8=,tag:ViEN0+67xFcpJ4Gl3blf8Q==,type:str] prometheus: powerdns: password: ENC[AES256_GCM,data:eliVy2619cZ/w/QOnayBt04ilCkXAXzck/RYr/c9oJEgirnqH1kATWJix3VzYng0/9yhGloOUHCm+jF3xOP6Uw==,iv:UI7UuJYJizYCO0ReC4SEPgmdPJNUnNuxgvkrhB1o/EQ=,tag:hEpJ64NcyaWl/e7KalOfGg==,type:str] @@ -94,7 +94,7 @@ sops: OFloWEFuTC9GTXJsMG5NNktmdmIrY1kK0yN0ae0xNaydujV5lt2FiwXdyursG0DK 9i/B3TTAm9csDMMSTSFbiAUJDzG7kIqn++JU/cxvsGScSnhMqjEK/g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-19T10:14:12Z" - mac: ENC[AES256_GCM,data:d9OAnjstk72GOnKqyDw2qbNfZho0mdqAMSQ4xH903b1COmgIn4MsqWiCzDJ5k6RxLE4wfCAPvn8JA+cXiox6/xctqfyqLoWN4fp2Q40IHjbA3mQGalwywRgmga74PVe3gJPZ7H8PJncN0TdU29A/lGcUtjCkAqjBuFS4e7wbQfA=,iv:e6aG+plaSDtaiqglY5S1svE/XZfs7n9dhSNCiB5pdTs=,tag:BsGItrtDVFF2kXgwE1zaFA==,type:str] + lastmodified: "2026-01-20T06:31:45Z" + mac: ENC[AES256_GCM,data:ad8EP8zk6mxlmMZaEijW0NWF72y2EikJPct7qxiCp6/sWGKKrGv8mRnC1zahgpRqpGR0jZKQ8Ot204EdGrJF9WI03+ZB9GgKi9ipQvXlGOCJq6m/Mp6WygI2hFAzRKCeoPqAPjVQxQ3Ctt/WEYXzvEp7CIKUq7WD6gTEFk6FDg0=,iv:20rJb79QnUW0DFbXTr0XXjiXjm7bK0CVs4oVan5SAKw=,tag:+mnMTBYQ1fhwe/abwGYNOA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/system/modules/card-reader.nix b/system/modules/card-reader.nix new file mode 100644 index 0000000..599a9d3 --- /dev/null +++ b/system/modules/card-reader.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + services.pcscd = { + enable = true; + plugins = with pkgs; [ ccid ]; + }; +} diff --git a/system/modules/gaming.nix b/system/modules/gaming.nix index 17ab960..59ddb89 100755 --- a/system/modules/gaming.nix +++ b/system/modules/gaming.nix @@ -27,27 +27,10 @@ in protontricks.enable = true; gamescopeSession.enable = true; extest.enable = true; - extraCompatPackages = - with pkgs; - let - proton-ge-10-25 = - (proton-ge-bin.overrideAttrs ( - _: finalAttrs: { - pname = "proton-ge-bin"; - version = "GE-Proton10-25"; - - src = fetchzip { - url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/${finalAttrs.version}/${finalAttrs.version}.tar.gz"; - hash = "sha256-RKko4QMxtnuC1SAHTSEQGBzVyl3ywnirFSYJ1WKSY0k="; - }; - } - )).override - { steamDisplayName = "GE-Proton10-25"; }; - in - [ - proton-ge-bin - proton-ge-10-25 - ]; + extraCompatPackages = with pkgs; [ + proton-ge-bin + proton-dw-bin + ]; remotePlay.openFirewall = true; dedicatedServer.openFirewall = true; localNetworkGameTransfers.openFirewall = true;