From e3dbd06b8251269c3110855de3a4d096272ae2e7 Mon Sep 17 00:00:00 2001 From: Crony Akatsuki Date: Sat, 1 Feb 2025 19:07:40 +0100 Subject: [PATCH] Move auto-cpufreq/firewall for wireguard to modules. --- hosts/nixos/configuration.nix | 32 -------------------------------- modules/nixos/auto-cpufreq.nix | 28 ++++++++++++++++++++++++++++ modules/nixos/default.nix | 4 ++++ modules/nixos/wireguard.nix | 26 ++++++++++++++++++++++++++ 4 files changed, 58 insertions(+), 32 deletions(-) create mode 100644 modules/nixos/auto-cpufreq.nix create mode 100644 modules/nixos/wireguard.nix diff --git a/hosts/nixos/configuration.nix b/hosts/nixos/configuration.nix index 8791c05..2dd464e 100644 --- a/hosts/nixos/configuration.nix +++ b/hosts/nixos/configuration.nix @@ -89,38 +89,6 @@ # Enable zram swap device zramSwap.enable = true; - # Setup auto-cpufreq - programs.auto-cpufreq = { - enable = true; - - settings = { - battery = { - governor = "powersave"; - turbo = "never"; - }; - - charger = { - governor = "performance"; - turbo = "auto"; - }; - }; - }; - - # Allow for wireguard traffic - networking.firewall = { - # if packets are still dropped, they will show up in dmesg - logReversePathDrops = true; - # wireguard trips rpfilter up - extraCommands = '' - ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN - ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN - ''; - extraStopCommands = '' - ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true - ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true - ''; - }; - # DO NOT CHANGE system.stateVersion = "24.11"; } diff --git a/modules/nixos/auto-cpufreq.nix b/modules/nixos/auto-cpufreq.nix new file mode 100644 index 0000000..f7eaa5c --- /dev/null +++ b/modules/nixos/auto-cpufreq.nix @@ -0,0 +1,28 @@ +{ + config, + lib, + ... +}: { + options = { + crony.auto-cpufreq.enable = lib.mkEnableOption "Enable auto-cpufreq and set it up for my laptop."; + }; + + config = lib.mkIf config.crony.auto-cpufreq.enable { + # Setup auto-cpufreq + programs.auto-cpufreq = { + enable = true; + + settings = { + battery = { + governor = "powersave"; + turbo = "never"; + }; + + charger = { + governor = "performance"; + turbo = "auto"; + }; + }; + }; + }; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index dcdbcc6..d9f043d 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -12,6 +12,8 @@ ./qemu.nix ./amdgpu.nix ./nfs-share.nix + ./auto-cpufreq.nix + ./wireguard.nix ]; crony.bluetooth.enable = lib.mkDefault true; @@ -26,4 +28,6 @@ crony.qemu.enable = lib.mkDefault true; crony.amdgpu.enable = lib.mkDefault true; crony.nfs-share.enable = lib.mkDefault true; + crony.auto-cpufreq.enable = lib.mkDefault true; + crony.wireguard.enable = lib.mkDefault true; } diff --git a/modules/nixos/wireguard.nix b/modules/nixos/wireguard.nix new file mode 100644 index 0000000..7986a08 --- /dev/null +++ b/modules/nixos/wireguard.nix @@ -0,0 +1,26 @@ +{ + config, + lib, + ... +}: { + options = { + crony.wireguard.enable = lib.mkEnableOption "Open ports in firewall for wireguard to work."; + }; + + config = lib.mkIf config.crony.wireguard.enable { + # Allow for wireguard traffic + networking.firewall = { + # if packets are still dropped, they will show up in dmesg + logReversePathDrops = true; + # wireguard trips rpfilter up + extraCommands = '' + ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN + ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN + ''; + extraStopCommands = '' + ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true + ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true + ''; + }; + }; +}