acpid: inc/dec brightness by 1 instead of 10

[julm/julm-nix.git] / nixos / profiles / openvpn / calyx.nix

diff --git a/nixos/profiles/openvpn/calyx.nix b/nixos/profiles/openvpn/calyx.nix
index 5c28ceaf47220fdcb9102463255a83d65d1fa666..28fe78fa1299b5dd1c8243e360c02f8ab97826f0 100644 (file)
--- a/nixos/profiles/openvpn/calyx.nix
+++ b/nixos/profiles/openvpn/calyx.nix
@@ -39,7 +39,6 @@ in
       script-security = 2;
       tls-cipher = "TLS-DHE-RSA-WITH-AES-128-CBC-SHA";
       tls-client = true;
-      tun-ipv6 = true;
       up-restart = true;
       verb = 3;
     };
@@ -69,6 +68,24 @@ in
   services.netns.namespaces.${netns} = {
     nftables = lib.mkBefore ''
       include "${../networking/nftables.txt}"
+      table inet filter {
+        chain output-lan {
+          meta l4proto { udp, tcp } th dport domain counter accept comment "DNS"
+          log prefix "calyx: output-lan: " counter drop
+        }
+        chain output-net {
+          tcp dport { http, https } counter accept comment "HTTP"
+          log prefix "calyx: output-net: " counter drop
+        }
+        chain output {
+          ip daddr 10.0.0.0/8 counter goto output-lan
+          ip daddr 172.16.0.0/12 counter goto output-lan
+          ip daddr 192.168.0.0/16 counter goto output-lan
+          ip daddr 224.0.0.0/3 counter goto output-lan
+          jump output-net
+          log prefix "calyx: output: " counter drop
+        }
+      }
     '';
   };
 }