From c52ef025d79bd66bbde796dd64c0e325f29e24fc Mon Sep 17 00:00:00 2001
From: CDaut <git@cdaut.de>
Date: Tue, 20 Aug 2024 19:26:30 +0200
Subject: [PATCH] wireguard

---
 configuration.nix | 15 +++++++++++++++
 home.nix          |  1 +
 2 files changed, 16 insertions(+)

diff --git a/configuration.nix b/configuration.nix
index 607f862..8e379f6 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -304,6 +304,21 @@
     };
   };
 
+  # wireguard
+  networking.firewall = {
+    # if packets are still dropped, they will show up in dmesg
+    logReversePathDrops = true;
+    # wireguard trips rpfilter up
+    extraCommands = ''
+      ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
+      ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
+    '';
+    extraStopCommands = ''
+      ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
+      ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
+    '';
+  };
+
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave
diff --git a/home.nix b/home.nix
index d4a10f2..09f5fc5 100644
--- a/home.nix
+++ b/home.nix
@@ -86,6 +86,7 @@ let username = "clara"; in
     vdhcoapp
     inkscape
     prusa-slicer
+    light
   ] ++ (if x11mode then [
     arandr
     flameshot