messed around with quite a lot

home-manager/home.nix

@@ -9,6 +9,7 @@
     outputs.homeManagerModules.shellColors
     outputs.homeManagerModules.microColors
     outputs.homeManagerModules.gnomeBindings
+    outputs.homeManagerModules.disableNews
   ];
 
   home.username = "oatmealine";
@@ -29,12 +30,14 @@
     ripgrep jq
     # nix
     nil nix-output-monitor
+    # dev
+    sqlitebrowser sqlite-interactive
     # system
     btop sysstat lm_sensors ethtool pciutils usbutils powertop killall
     # debug
     strace ltrace lsof
     # apps
-    vivaldi telegram-desktop onlyoffice-bin gnome.gnome-tweaks discord
+    vivaldi telegram-desktop onlyoffice-bin gnome.gnome-tweaks discord mpv
     # misc
     cowsay file which tree gnused grc
     # um

modules/home-manager/default.nix

@@ -5,4 +5,5 @@
   shellColors = import ./shell-colors.nix;
   microColors = import ./micro-colors.nix;
   gnomeBindings = import ./gnome-bindings.nix;
+  disableNews = import ./disable-news.nix;
 }

modules/home-manager/disable-news.nix

@@ -0,0 +1,13 @@
+# It doesn't even work out of the box with flakes...
+# <https://github.com/nix-community/home-manager/issues/2033#issuecomment-1801557851>
+#
+# Include this in the `modules` passed to
+# `inputs.home-manager.lib.homeManagerConfiguration`.
+{ lib, ... }: {
+  # disabledModules = [ "misc/news.nix" ];
+  config = {
+    news.display = "silent";
+    news.json = lib.mkForce { };
+    news.entries = lib.mkForce [ ];
+  };
+}

nixos/configuration.nix

@@ -16,6 +16,7 @@
       ./security.nix
       ./users.nix
       ./software.nix
+      ./wireguard.nix
     ];
 
   nixpkgs.config.allowUnfree = true;

nixos/security.nix

@@ -1,11 +1,9 @@
 {
   #security.sudo.enable = false;
-  security.doas = {
-    enable = true;
-    extraRules = [
-      { users = [ "oatmealine" ]; noPass = true; persist = false; keepEnv = true; }
-    ];
-  };
+  security.doas.enable = true;
+  security.doas.extraRules = [
+    { users = [ "oatmealine" ]; noPass = true; persist = false; keepEnv = true; }
+  ];
 
   # Open ports in the firewall.
   # networking.firewall.allowedTCPPorts = [ ... ];

nixos/software.nix

@@ -1,4 +1,4 @@
-{ pkgs, inputs, ... }:
+{ pkgs, ... }:
 
 {
   # Enable sound with pipewire.
@@ -32,6 +32,7 @@
     doas
     catppuccin-gtk
     home-manager
+    wireguard-tools
   ];
 
   environment.variables.EDITOR = "micro";

nixos/wireguard.nix

@@ -0,0 +1,24 @@
+{ ... }:
+{
+  /*
+  networking.firewall.checkReversePath = false; 
+  networking.firewall.allowedUDPPorts = [ 51820 ];
+
+  networking.wg-quick.interfaces.wg0 = {
+    address = [ "10.100.0.6/32" ];
+    privateKeyFile = "/home/oatmealine/wireguard-keys/private";
+
+    listenPort = 51820;
+
+    peers = [
+      {
+        publicKey = "fOb9kJS1992n5dHu0YvzEMEHkSdc1tDzfRFILQLj6W8=";
+        allowedIPs = [ "0.0.0.0/0" "::/0" ];
+        endpoint = "46.4.96.113:51820";
+        # ensure connection is stable under NATs
+        persistentKeepalive = 25;
+      }
+    ];
+  };
+  */
+}