From 34f6b85113141f4e6a0ceaf1c6d22a40d746ce2f Mon Sep 17 00:00:00 2001
From: Kenny Ballou <kballou@devnulllabs.io>
Date: Wed, 16 Dec 2020 00:42:22 -0700
Subject: daeva: complete configuration

Installation complete, luks container and boot loader configured.

Signed-off-by: Kenny Ballou <kballou@devnulllabs.io>
---
 daeva/configuration.nix  | 37 +++++++++++++++++++++++++++++++------
 daeva/nftables-rules.nft | 31 -------------------------------
 2 files changed, 31 insertions(+), 37 deletions(-)

diff --git a/daeva/configuration.nix b/daeva/configuration.nix
index a2ae9fa..5f18466 100644
--- a/daeva/configuration.nix
+++ b/daeva/configuration.nix
@@ -12,7 +12,6 @@
       ../unfree.nix
       ../services/clamav.nix
       ../services/firewall.nix
-      ../services/docker.nix
       ../services/dnsmasq.nix
       ../services/sound.nix
       ../services/x11.nix
@@ -40,16 +39,39 @@
     ];
 
   # Use the GRUB 2 boot loader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.systemd-boot = {
+    enable = true;
+    editor = false;
+  };
+  boot.loader.efi = {
+    canTouchEfiVariables = false;
+  };
+  boot.loader.grub = {
+    enable = true;
+    copyKernels = true;
+    efiInstallAsRemovable = true;
+    efiSupport = true;
+    fsIdentifier = "uuid";
+    splashMode = "stretch";
+    version = 2;
+    device = "nodev";
+    extraEntries = ''
+      menuentry "Reboot" {
+        reboot
+      }
+      menuentry "Poweroff" {
+        halt
+      }
+    '';
+  };
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
 
   boot.initrd.luks = {
     gpgSupport = true;
-    device = {
-      luks- = {
-        device = "/dev/disk/by-uuid/";
+    devices = {
+      luks-9e4050f4-5dce-4a64-88e8-61b82dd1d98b = {
+        device = "/dev/disk/by-uuid/9e4050f4-5dce-4a64-88e8-61b82dd1d98b";
         gpgCard = {
           publicKey = ./public.asc;
           encryptedPass = ./luks-passphrase.asc;
@@ -63,6 +85,9 @@
 
   networking.hostName = "daeva";
 
+  services.xserver.displayManager.gdm.wayland = true;
+
+  nix.maxJobs = 4;
   # Only keep a week instead of 2
   nix.gc.options = "--delete-older-than 7d";
 
diff --git a/daeva/nftables-rules.nft b/daeva/nftables-rules.nft
index 22ed7f9..8d78807 100644
--- a/daeva/nftables-rules.nft
+++ b/daeva/nftables-rules.nft
@@ -18,11 +18,6 @@ table inet filter {
     chain forward {
         type filter hook forward priority 0; policy drop;
         ct state established,related counter accept
-        ip saddr 172.16.0.0/12 ip daddr 0.0.0.0/8 counter accept
-        ip saddr 172.16.0.0/12 ip daddr 172.16.0.0/12 counter accept
-        iifname "docker0" oifname "enp0s25" counter accept
-        iifname "docker0" oifname "wlp2s0" counter accept
-        iifname "docker0" oifname != "docker0" counter accept
         counter
     }
 
@@ -61,29 +56,3 @@ table inet filter {
         counter
     }
 }
-
-table ip nat {
-    chain prerouting {
-        type nat hook prerouting priority 0;
-        counter
-   }
-   chain postrouting {
-        type nat hook postrouting priority 100;
-        ip saddr 172.16.0.0/12 oifname enp0s25 counter masquerade
-        ip saddr 172.16.0.0/12 oifname wlp2s0 counter masquerade
-        counter
-   }
-}
-
-table ip6 nat {
-    chain prerouting {
-        type nat hook prerouting priority 0;
-        counter
-   }
-   chain postrouting {
-        type nat hook postrouting priority 100;
-        ip6 saddr fcdd::/48 oifname enp0s25 counter masquerade
-        ip6 saddr fcdd::/48 oifname wlp2s0 counter masquerade
-        counter
-   }
-}
-- 
cgit v1.2.1