cleanup overlays, don't use prezto, remove wireguard code, some time and network stuff

2025-02-23 18:11:19 -05:00 · 2025-02-23 18:11:19 -05:00 · a82a616f11
commit a82a616f11
parent 2e7c178862
7 changed files with 45 additions and 82 deletions
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@ -10,13 +10,11 @@
    ./backup.nix
    ./rclone.nix
    ./postgres.nix
-    ./wireguard.nix
    ./adguard.nix
    ./hedgedoc.nix
    ./miniflux.nix
    ./redlib.nix
    ./vaultwarden.nix
-    ./wireguard.nix
    ./grafana.nix
    ./conduwuit.nix
    ./immich.nix
@ -48,15 +46,6 @@
    "hedgedoc/env" = {
      sopsFile = ../../secrets/services/hedgedoc.yaml;
    };
-    "wireguard/private" = {
-      sopsFile = ../../secrets/wireguard/chunk.yaml;
-    };
-    "wireguard/psk-yt" = {
-      sopsFile = ../../secrets/wireguard/chunk.yaml;
-    };
-    "wireguard/psk-phone" = {
-      sopsFile = ../../secrets/wireguard/chunk.yaml;
-    };
    "miniflux/env" = {
      sopsFile = ../../secrets/services/miniflux.yaml;
    };
@ -100,11 +89,13 @@
    ];
    allowedUDPPorts = [
      443
-      51820
      53
      853
-    ]; # 51820 is wireguard
-    trustedInterfaces = [ "wg0" ];
+    ];
+    extraCommands = ''
+      iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1
+      iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tor.service" -j MARK --set-mark 2
+    '';
  };
  networking.interfaces.ens18 = {
    ipv6.addresses = [
--- a/hosts/chunk/rclone.nix
+++ b/hosts/chunk/rclone.nix
@ -34,7 +34,7 @@
      ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic";
      ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
        config.sops.secrets."rclone/config".path
-      } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 15G --allow-other rsyncnet:attic /mnt/attic ";
+      } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 2G --allow-other rsyncnet:attic /mnt/attic ";
      ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic";
    };
  };
@ -55,6 +55,4 @@
      ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage";
    };
  };
-
-  programs.fuse.userAllowOther = true;
 }