diff --git a/machines/cj/configuration.nix b/machines/cj/configuration.nix index d6d5c71..6985e7f 100644 --- a/machines/cj/configuration.nix +++ b/machines/cj/configuration.nix @@ -7,6 +7,10 @@ ./hardware-configuration-zfs.nix ]; + nixpkgs.config.permittedInsecurePackages = [ + "electron-27.3.11" + ]; + # This lets us pin the nixpkgs registry by default to the nixpkgs used to build this system. # Doing this means we are less likely to require the 30+MB download when # running commands like nix search or nix run @@ -75,11 +79,13 @@ wireless = { enable = false; # turn of wifi until needed userControlled.enable = true; - environmentFile = "/run/secrets/wifi/env"; + #environmentFile = "/run/secrets/wifi/env"; + secretsFile = "/run/secrets/wifi/env"; networks = { - "@SSID_HOME@" = { - pskRaw = "@PSKRAW_HOME@"; - }; + home.pskRaw = "ext:PSKRAW_HOME"; + #"@SSID_HOME@" = { + #pskRaw = "@PSKRAW_HOME@"; + #}; }; }; firewall = import ./firewall.nix; @@ -95,9 +101,6 @@ #}; hardware.bluetooth.enable = false; - # Enable sound. - sound.enable = false; - # Define a user account. Don't forget to set a password with ‘passwd’. users.users.jacob = { isNormalUser = true; @@ -194,7 +197,11 @@ syncthing = import ./syncthing.nix; - tailscale.enable = true; + tailscale = { + enable = true; + extraUpFlags = "--accept-dns=false"; + openFirewall = true; + }; timesyncd.enable = true; diff --git a/machines/cj/pihole.nix b/machines/cj/pihole.nix index f81d26f..0ff3265 100644 --- a/machines/cj/pihole.nix +++ b/machines/cj/pihole.nix @@ -1,9 +1,9 @@ { serverIP, serverIP6 } : { - image = "pihole/pihole:2025.04.0"; + image = "pihole/pihole:2025.06.2"; ports = [ "53:53/tcp" "53:53/udp" - #"8088:80" + "8585:80" #"4438:443" ]; environment = { @@ -24,7 +24,7 @@ ]; extraOptions = [ #"--cap-add=NET_ADMIN" - "--network=host" + #"--network=host" "--no-hosts" # do not populate internal /etc/hosts with container host's ]; }