From 69277753091e509c8c72e3b5ada38b96c3a0e5a7 Mon Sep 17 00:00:00 2001
From: Sebastian Moser <me@c2vi.dev>
Date: Tue, 21 Nov 2023 21:26:08 +0100
Subject: [PATCH] ...

---
 flake.lock       | 15 +++++++++------
 hosts/acern.nix  | 44 +++++++++++++++++++++++++++++++++++++++++++-
 hosts/lush.nix   | 11 +++++++++++
 hosts/main.nix   |  1 +
 hosts/rpi.nix    | 25 +------------------------
 programs/ssh.nix |  8 ++++----
 6 files changed, 69 insertions(+), 35 deletions(-)

diff --git a/flake.lock b/flake.lock
index cac13d9..d135eea 100644
--- a/flake.lock
+++ b/flake.lock
@@ -451,14 +451,17 @@
     },
     "networkmanager": {
       "locked": {
-        "lastModified": 1700588409,
-        "narHash": "sha256-mbQKI5yjy2fkjeJo9+EuEsEuOVu6LPyEDmrP4zsujbA=",
-        "path": "/home/me/work/config/gitignore/nixos-networkmanager-profiles",
-        "type": "path"
+        "lastModified": 1700593965,
+        "narHash": "sha256-xvzN3iI4OuWx4/LsPxnOy/yMixlb4XD6PMcyTfRqJ38=",
+        "owner": "c2vi",
+        "repo": "nixos-networkmanager-profiles",
+        "rev": "1d759f696c237419bf25273c80a8d78e6b2b8da7",
+        "type": "github"
       },
       "original": {
-        "path": "/home/me/work/config/gitignore/nixos-networkmanager-profiles",
-        "type": "path"
+        "owner": "c2vi",
+        "repo": "nixos-networkmanager-profiles",
+        "type": "github"
       }
     },
     "nix-doom-emacs": {
diff --git a/hosts/acern.nix b/hosts/acern.nix
index 8217d08..cfeaa88 100644
--- a/hosts/acern.nix
+++ b/hosts/acern.nix
@@ -1,8 +1,9 @@
-{ pkgs, inputs, ...}:
+{ pkgs, inputs, secretsDir, ...}:
 {
   imports = [
     inputs.nix-wsl.nixosModules.wsl
     ./users/me/headless.nix
+
     ./common/all.nix
     ./common/nixos-headless.nix
   ];
@@ -18,4 +19,45 @@
   };
 
   programs.bash.loginShellInit = "nixos-wsl-welcome";
+
+  # to build rpi images
+  boot.binfmt.emulatedSystems = [ 
+    "aarch64-linux"
+  ];
+
+
+  ######################### networking #####################################
+
+	networking.firewall.allowPing = true;
+	networking.firewall.enable = true;
+	networking.firewall.allowedUDPPorts = [
+  	3702 # wsdd
+    51820  # wireguard
+	];
+	networking.firewall.allowedTCPPorts = [
+    2222 # sshd
+  ];
+
+
+  networking.networkmanager.enable = true;
+
+  networking.networkmanager.profiles = {
+    me = {
+     connection = {
+        id = "me";
+        uuid = "fe45d3bc-21c6-41ff-bc06-c936017c6e02";
+        type = "wireguard";
+        autoconnect = "true";
+        interface-name = "me0";
+     };
+      wireguard = {
+        listen-port = "51820";
+        private-key = builtins.readFile "${secretsDir}/wg-private-acern";
+      };
+      ipv4 = {
+        address1 = "10.1.1.5/24";
+        method = "manual";
+      };
+    } // (import ../common/wg-peers.nix { inherit secretsDir; }) ;
+  };
 }
diff --git a/hosts/lush.nix b/hosts/lush.nix
index 5faac42..0c48719 100644
--- a/hosts/lush.nix
+++ b/hosts/lush.nix
@@ -19,6 +19,17 @@
 
   #nixpkgs.hostPlatform.system = "aarch64-linux";
   #nixpkgs.buildPlatform.system = "x86_64-linux";
+  nixpkgs.overlays = [
+    {
+      openfortivpn = pkgs.openfortivpn.overrideAttrs (final: prev: {
+        configureFlags = prev.configureFlags or [] ++ [
+          "--disable-proc"
+          "--with-rt_dst=yes"
+          "--with-pppd=/usr/sbin/pppd"
+        ];
+      });
+    }
+  ];
 
   hardware.enableRedistributableFirmware = true;
 
diff --git a/hosts/main.nix b/hosts/main.nix
index 89e0205..ea15ced 100644
--- a/hosts/main.nix
+++ b/hosts/main.nix
@@ -164,6 +164,7 @@
   networking.extraHosts = ''
     192.168.1.6 hpm
     192.168.1.2 rpi
+    192.168.5.5 lush
     127.0.0.1 youtube.com
     127.0.0.1 www.youtube.com
   '';
diff --git a/hosts/rpi.nix b/hosts/rpi.nix
index eb56637..1cdeb46 100644
--- a/hosts/rpi.nix
+++ b/hosts/rpi.nix
@@ -3,6 +3,7 @@
   imports = [
     "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
     #inputs.nixos-hardware.nixosModules.raspberry-pi-4
+    inputs.networkmanager.nixosModules.networkmanager
 
 		../common/all.nix
 		../common/nixos-headless.nix
@@ -69,30 +70,6 @@
 
   networking.hostName = "rpi";
 
-  networking = {
-		defaultGateway = {
-			address = "192.168.1.1";
-			interface = "eth0";
-		};
-
-    interfaces."eth0" = {
-				#name = "eth0";
-				ipv4.addresses = [
-					{ address = "192.168.1.2"; prefixLength = 24;}
-				];
-    };
-
-    interfaces."wlan0".useDHCP = true;
-
-    wireless = {
-      interfaces = [ "wlan0" ];
-      enable = true;
-      networks = {
-        seb-phone.psk = "hellogello";
-      };
-    };
-  };
-
 	networking.firewall.allowedTCPPorts = [
   	5357 # wsdd
 		8888 # for general usage
diff --git a/programs/ssh.nix b/programs/ssh.nix
index d42a659..d0cdf6d 100644
--- a/programs/ssh.nix
+++ b/programs/ssh.nix
@@ -16,10 +16,10 @@
         user = "me";
         hostname = "192.168.1.2";
       };
-      lush = {
-        user = "me";
-        hostname = "192.168.5.5";
-      };
+      #lush = {
+        #user = "me";
+        #hostname = "192.168.5.5";
+      #};
       phone = {
         user = "u0_a345";
         hostname = "192.168.44.1";