chore: comment out sops stuff - for now

2025-10-12 18:53:39 -03:00 · 2025-10-12 18:53:39 -03:00 · 6f7b69d96d
commit 6f7b69d96d
parent 3d5554a8bf
11 changed files with 152 additions and 31 deletions
--- a/hosts/Nixstation/default.nix
+++ b/hosts/Nixstation/default.nix
@ -93,7 +93,7 @@
    };

    avahi = {
-      enable = true;
+      enable = false;
      nssmdns4 = true;
      openFirewall = true;
      extraConfig = ''
--- a/hosts/common/network.nix
+++ b/hosts/common/network.nix
@ -1,21 +1,38 @@
 { pkgs, ... }:
 {
+  environment.systemPackages = [ pkgs.opensnitch-ui ];
  networking = {
    networkmanager.enable = true;

    firewall = {
      enable = true;
      allowPing = true;
-      allowedTCPPorts = [ 2375 4780 11470 25565 ];
-      allowedUDPPorts = [ 3478 41641 8888 8899 ];
+      allowedTCPPorts = [
+        2375
+        4780
+        11470
+        25565
+      ];
+      allowedUDPPorts = [
+        3478
+        41641
+        8888
+        8899
+      ];
    };
  };

  services = {
+    opensnitch = {
+      enable = true;
+    };
    tailscale = {
      enable = true;
      useRoutingFeatures = "client";
-      extraUpFlags = [ "--accept-dns=false" "--reset" ];
+      extraUpFlags = [
+        "--accept-dns=false"
+        "--reset"
+      ];
    };
    openssh.enable = true;
    # openssh.settings.X11Forwarding = true;
@ -58,7 +75,10 @@
    services.docker.serviceConfig = {
      StandardOutput = "journal";
      StandardError = "journal";
-      logFilterPatterns = [ ".*skip loading plugin.*" "skip plugin" ];
+      logFilterPatterns = [
+        ".*skip loading plugin.*"
+        "skip plugin"
+      ];
    };
    tmpfiles.rules = [
      "d /usr/local/share/polkit-1 0755 root root -"
--- a/hosts/husky.nix
+++ b/hosts/husky.nix