From b6a5f08110a4833c798f0fdc5eba2f5493f90f04 Mon Sep 17 00:00:00 2001
From: Cy Pokhrel <cy@cy7.sh>
Date: Mon, 25 Nov 2024 20:10:53 -0500
Subject: [PATCH] some more network and bluetooth-fu

---
 nix/configuration.nix | 108 ++++++++++++++++++++++++++----------------
 1 file changed, 66 insertions(+), 42 deletions(-)

diff --git a/nix/configuration.nix b/nix/configuration.nix
index 431d3e2..1d94167 100644
--- a/nix/configuration.nix
+++ b/nix/configuration.nix
@@ -18,22 +18,31 @@
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  networking.hostName = "ytnix";
-  networking.nftables.enable = true;
-  networking.wireless.iwd = {
-    enable = true;
-    settings = {
-      Rank = {
-        # disable 2.4 GHz cause i have a shitty wireless card
-        # that interferes with bluetooth otherwise
-        BandModifier2_4GHz = 0.0;
+  networking = {
+    hostName = "ytnix";
+    # nftables.enable = true;
+    wireless.iwd = {
+      enable = true;
+      settings = {
+        Rank = {
+          # disable 2.4 GHz cause i have a shitty wireless card
+          # that interferes with bluetooth otherwise
+          BandModifier2_4GHz = 0.0;
+        };
       };
     };
+    networkmanager = {
+      enable = true;
+      dns = "none";
+      wifi.backend = "iwd";
+    };
+    nameservers = [ "127.0.0.1" "::1" ];
+    resolvconf.enable = true;
+    firewall = {
+      trustedInterfaces = [ "wgnord" ];
+    };
   };
-  networking.networkmanager = {
-    enable = true;
-    wifi.backend = "iwd";
-  };
+  programs.nm-applet.enable = true;
   time.timeZone = "America/Toronto";
 
   security.rtkit.enable = true;
@@ -42,16 +51,16 @@
     pulse.enable = true;
     alsa.enable = true;
     alsa.support32Bit = true;
-  };
-  services.pipewire.wireplumber.extraConfig.bluetoothEnhancements = {
-    "wireplumber.settings" = {
-      "bluetooth.autoswitch-to-headset-profile" = false;
-    };
-    "monitor.bluez.properties" = {
-      "bluez5.enable-sbc-xq" = true;
-      "bluez5.enable-msbc" = true;
-      "bluez5.enable-hw-volume" = true;
-      "bluez5.roles" = [ "a2dp_sink" "a2dp_source" ];
+    wireplumber.extraConfig.bluetoothEnhancements = {
+      "wireplumber.settings" = {
+        "bluetooth.autoswitch-to-headset-profile" = false;
+      };
+      "monitor.bluez.properties" = {
+        "bluez5.enable-sbc-xq" = true;
+        "bluez5.enable-msbc" = true;
+        "bluez5.enable-hw-volume" = true;
+        "bluez5.roles" = [ "a2dp_sink" "a2dp_source" ];
+      };
     };
   };
 
@@ -86,6 +95,9 @@
       cosign
       azure-cli
       pavucontrol
+      btop
+      stockfish
+      cutechess
     ];
   };
 
@@ -113,7 +125,6 @@
     veracrypt
     bluetuith
     libimobiledevice
-    networkmanagerapplet
     pass-wayland
     htop
     file
@@ -125,8 +136,11 @@
     traceroute
     sops
     restic
+    nyx
   ];
 
+  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+
   system.stateVersion = "24.05";
 
   services.gnome.gnome-keyring.enable = true;
@@ -144,7 +158,13 @@
   fonts.packages = with pkgs; [
     nerdfonts
   ];
-  nixpkgs.config.allowUnfree = true;
+  nixpkgs.config = {
+    allowUnfree = true;
+    chromium = {
+      enableWideVine = true;
+      commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland --force-dark-mode --enable-features=WebUIDarkMode";
+    };
+  };
 
   hardware.bluetooth = {
     enable = true;
@@ -160,7 +180,7 @@
   };
 
   services.borgbackup.jobs.ytnixRsync = {
-    paths = [ "/root" "/home" "/var/lib" "/opt" "/etc" ];
+    paths = [ "/root" "/home" "/var/lib" "/var/log" "/opt" "/etc" ];
     exclude = [
       ".git"
       "**/.cache"
@@ -191,7 +211,7 @@
   };
   
   services.restic.backups.ytazure = {
-    paths = [ "/root" "/home" "/var/lib" "/opt" "/etc" ];
+    paths = [ "/root" "/home" "/var/lib" "/var/log" "/opt" "/etc" ];
     exclude = [
       ".git"
       "**/.cache"
@@ -222,13 +242,14 @@
     };
   };
 
-  services.btrbk.instances.local.settings = {
-    snapshot_preserve = "14d";
-    snapshot_preserve_min = "2d";
-    volume."/" = {
-      target = "/snapshots";
+  services.btrbk.instances.local = {
+    onCalendar = "hourly";
+    settings = {
+      snapshot_preserve = "8w 12m";
+      snapshot_preserve_min = "2d";
+      snapshot_dir = "/snapshots";
       subvolume = {
-        home = {};
+        "/home" = {};
         "/" = {};
       };
     };
@@ -265,16 +286,19 @@
   virtualisation.libvirtd.enable = true;
   programs.virt-manager.enable = true;
 
-  # https-dns-proxy doesn't work without this :(
-  services.resolved.enable = true;
-  services.https-dns-proxy = {
+  services.dnscrypt-proxy2 = {
     enable = true;
-    provider = {
-      url = "https://dns.cy7.sh/dns-query/yt-linux";
-      kind = "custom";
-      ips = [ "1.1.1.1" "8.8.8.8" ];
+    settings = {
+      ipv6_servers = true;
+      require_dnssec = true;
+      sources.public-resolvers = {
+        urls = [
+          "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
+          "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
+        ];
+        cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
+        minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
+      };
     };
-    # doesn't work otherwise :(
-    preferIPv4 = true;
   };
 }