diff --git a/NOTES.md b/NOTES.md index 92d2a29..33cb2ad 100644 --- a/NOTES.md +++ b/NOTES.md @@ -56,8 +56,7 @@ }; }; pkgs-args = { - inherit localSystem; - inherit overlays; + inherit localSystem overlays; config = { # .... }; diff --git a/flake.nix b/flake.nix index 341988c..466bb25 100644 --- a/flake.nix +++ b/flake.nix @@ -89,8 +89,7 @@ inputs.nix-ld-rs.overlays.default ]; pkgs-args = { - inherit system; - inherit overlays; + inherit system overlays; config = { allowUnfree = true; packageOverrides = pkgs: { }; @@ -117,9 +116,7 @@ envfs.nixosModules.envfs ]; args = { - inherit self; - inherit inputs; - inherit system; + inherit self inputs system; }; in { diff --git a/os-mods/network/default.nix b/os-mods/network/default.nix index acf55e0..5154324 100644 --- a/os-mods/network/default.nix +++ b/os-mods/network/default.nix @@ -5,7 +5,27 @@ }: { networking = { networkmanager.enable = true; + networkmanager.dispatcherScripts = [ + { + source = import ./moz-nm-hook.fish.nix { + inherit pkgs; + vpn_interface = "tailscale0"; + vpn_network = "100.64.0.0/16"; + }; + type = "basic"; + } + { + source = import ./moz-nm-hook.fish.nix { + inherit pkgs; + vpn_interface = "netmaker"; + vpn_network = "10.231.190.1/24"; + }; + type = "basic"; + } + ]; + useDHCP = lib.mkDefault true; + nameservers = [ "23.88.68.113#dns.vlt81.de" "2a01:4f8:272:5917::baad:c0de#dns.vlt81.de" diff --git a/os-mods/network/moz-nm-hook.fish.nix b/os-mods/network/moz-nm-hook.fish.nix new file mode 100644 index 0000000..c5250ce --- /dev/null +++ b/os-mods/network/moz-nm-hook.fish.nix @@ -0,0 +1,21 @@ +{ pkgs +, vpn_interface +, vpn_network +, ... +}: (pkgs.writeText "${vpn_interface}-route" '' + #!${pkgs.fish}/bin/fish + set MOZ_INTERFACE "moz0" + set VPN_INTERFACE "${vpn_interface}" + set VPN_NETWORK "${vpn_network}" + + sleep 1 # give mozillavpn time to create the rules we want to override + logger "NetworkManager dispatcher event: $argv[1], $argv[2]" + + # When MOZ interface comes up, check and add the Tailscale route + if test "$argv[1]" = "$MOZ_INTERFACE" -a "$argv[2]" = "up" + # Re-creating forces high priority in case the route already exists + ip route del $VPN_NETWORK dev $VPN_INTERFACE + ip route add $VPN_NETWORK dev $VPN_INTERFACE + logger "Added Tailscale route for $VPN_NETWORK via $VPN_INTERFACE" + end +'') diff --git a/systems/nixos-he4/default.nix b/systems/nixos-he4/default.nix index 6af8c00..d704fda 100644 --- a/systems/nixos-he4/default.nix +++ b/systems/nixos-he4/default.nix @@ -53,11 +53,7 @@ users.tristand = import ../../users/admin-shell.nix { username = "tristand"; - inherit pkgs; - inherit config; - inherit inputs; - inherit system; - inherit lib; + inherit pkgs config inputs system lib; }; }; diff --git a/systems/nixos-karl-kvm-guest/default.nix b/systems/nixos-karl-kvm-guest/default.nix index 7b71d7d..94b7c50 100644 --- a/systems/nixos-karl-kvm-guest/default.nix +++ b/systems/nixos-karl-kvm-guest/default.nix @@ -85,11 +85,7 @@ users.reopen5194 = import ../../users/admin-thin.nix { username = "reopen5194"; - inherit pkgs; - inherit config; - inherit inputs; - inherit system; - inherit lib; + inherit pkgs config inputs system lib; }; }; diff --git a/users/default.nix b/users/default.nix index 0ba8ff5..4327b9e 100644 --- a/users/default.nix +++ b/users/default.nix @@ -28,20 +28,12 @@ users.tester = import ./admin-thin.nix { username = "tester"; - inherit pkgs; - inherit config; - inherit inputs; - inherit system; - inherit lib; + inherit pkgs config inputs system lib; }; users.tristand = import ./admin-fat.nix { username = "tristand"; - inherit pkgs; - inherit config; - inherit inputs; - inherit system; - inherit lib; + inherit pkgs config inputs system lib; }; }; }