feat: uwsm not on ssh login

2025-01-03 12:56:45 +01:00 · 2025-01-03 12:56:45 +01:00 · 0bf5484e69
parent 9b2e40d47b
commit 0bf5484e69
3 changed files with 28 additions and 26 deletions
--- a/config/services/hostapd.nix
+++ b/config/services/hostapd.nix
@ -17,51 +17,48 @@
  ];
  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
  networking.nftables.firewall.zones.untrusted.interfaces = [
-    "lan-home"
+    "mv-home"
+    "br-home"
  ];
  hardware.wirelessRegulatoryDatabase = true;
  # systemd.network = {
-  #   netdevs."40-wifi-home" = {
+  #   netdevs."40-br-home" = {
  #     netdevConfig = {
  #       Name = "br-home";
  #       Kind = "bridge";
  #     };
  #   };
-  #   networks."10-home-bridge" = {
-  #     networkConfig.LinkLocalAddressing = "no";
-  #     matchConfig.Name = "lan-home";
+  #   networks."10-mv-home" = {
+  #     networkConfig = {
+  #       LinkLocalAddressing = "no";
+  #       IPv6AcceptRA = lib.mkForce false;
+  #       Bridge = "br-home";
+  #     };
+  #     matchConfig.Name = "mv-home";
  #     DHCP = "no";
-  #     extraConfig = ''
-  #       [Network]
-  #       Bridge=br-home
-  #     '';
  #   };
-  #   networks."10-home-" = {
+  #   networks."10-home" = {
  #     matchConfig.Name = "br-home";
  #     DHCP = "yes";
  #   };
+  #   networks."40-wifi" = {
+  #     matchConfig.Name = "wlan1";
+  #     networkConfig = {
+  #       LinkLocalAddressing = "no";
+  #       IPv6AcceptRA = lib.mkForce false;
+  #       Bridge = "br-home";
+  #     };
+  #     DHCP = "no";
+  #   };
  # };

-  # networking.nftables.firewall.zones.wlan.interfaces = [ "wlan1" ];
-  # networking.nftables.firewall.zones.home.interfaces = [ "lan-home" ];
+  networking.nftables.firewall.zones.wlan.interfaces = [ "wlan1" ];
+  networking.nftables.firewall.zones.home.interfaces = [ "mv-home" ];
  networking.nftables.firewall.rules.wifi-forward = {
    from = [ "wlan" ];
    to = [ "home" ];
    verdict = "accept";
  };
-  systemd.network.networks."40-wifi" = {
-    matchConfig.Name = "wlan1";
-    address = [
-      (lib.net.cidr.hostCidr (globals.services.hostapd.ip + 1) globals.net.vlans.home.cidrv4)
-      (lib.net.cidr.hostCidr (globals.services.hostapd.ip + 1) globals.net.vlans.home.cidrv6)
-    ];
-    gateway = [
-      (lib.net.cidr.host 1 globals.net.vlans.home.cidrv4)
-      (lib.net.cidr.host 1 globals.net.vlans.home.cidrv6)
-    ];
-
-  };
-
  services.hostapd = {
    enable = true;
    radios.wlan1 = {
--- a/users/patrick/default.nix
+++ b/users/patrick/default.nix
@ -9,6 +9,11 @@ lib.optionalAttrs (!minimal) {
  primaryUser = "patrick";
  users.users.patrick = {
    shell = pkgs.zsh;
+    openssh.authorizedKeys.keys = [
+      # Patrick
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZixkix0KfKuq7Q19whS5FQQg51/AJGB5BiNF/7h/LM"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxD4GOrwrBTG4/qQhm5hoSB2CP7W9g1LPWP11oLGOjQ"
+    ];
    isNormalUser = true;
    createHome = true;
    extraGroups = [
--- a/users/patrick/wayland/default.nix
+++ b/users/patrick/wayland/default.nix
@ -51,7 +51,7 @@
  ];
  # Autostart compositor if on tty1 (once, don't restart after logout)
  hm.programs.zsh.initExtra = lib.mkOrder 9999 ''
-    if uwsm check may-start ; then
+    if [[ -t 0 && "$(tty || true)" == /dev/tty1 ]] && uwsm check may-start ; then
    	exec systemd-cat -t uwsm_start uwsm start -S -F Hyprland
    fi
  '';