[djamba][stitch] configs refactoring + multiple hosts

apps/apps-list.nix

@@ -0,0 +1,64 @@
+{ config, pkgs, lib, ... }:
+{
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  environment.systemPackages = with pkgs; [
+    nix-search-cli
+    alacritty
+    yazi
+    mc
+    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    neovim
+    ripgrep
+    gnumake
+    dconf-editor
+    git
+    pstree
+    jq
+    nixd
+    nixpkgs-fmt
+    bfg-repo-cleaner
+    lazygit
+    tmux
+    ripgrep
+    dig
+    xclip
+    wget
+    throne
+    nix-index
+    inetutils
+    pciutils
+    tcpdump
+    libstrangle # fps limmiter
+    gparted
+    inkscape
+    flameshot
+    thunderbird
+    vscode-fhs
+    gcc
+    python312
+    python312Packages.nsz
+    python312Packages.detect-secrets
+    nodejs_20
+    go
+    jdk
+    appimage-run
+    gnome-tweaks
+    desktop-file-utils
+    vimix-cursors
+    vimix-icon-theme
+    vimix-gtk-themes
+  ];
+
+  programs.nix-ld.enable = true;
+
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
+    dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+  };
+}

configuration.nix

@@ -1,310 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
-  imports =
-    [ # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-      ./wireguard.nix
-      ./apps/firefox.nix
-      ./apps/flameshot.nix
-    ];
-
-  # Bootloader.
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader = {
-    grub = {
-      enable = true;
-      useOSProber = true;
-      efiSupport = true;
-      device = "nodev";
-      gfxmodeEfi = "3440x1440";
-      font = "${pkgs.hack-font}/share/fonts/truetype/Hack-Regular.ttf";
-      fontSize = 36;
-    };
-  };
-
-  boot.kernelPackages = pkgs.linuxPackages_6_12;
-  # boot.kernelPatches = [
-  #   {
-  #     name = "amd-drm-glitch-fix";
-  #     patch = (pkgs.fetchurl {
-  #       url = "https://patchwork.freedesktop.org/patch/605900/raw/";
-  #       hash = "sha256-WR537QGQak5pwm4BnLiQ/pc7gAkn2SdI3QRvGTRZSFE=";
-  #     });
-  #   }
-  # ];
-  boot.kernelParams = ["amd_pstate=active" "iommu=relaxed"];
-  boot.supportedFilesystems = ["ntfs"];
-
-  networking.hostName = "nixos"; # Define your hostname.
-  networking.hosts = {
-    "127.0.0.1" = [ "dev.tolma.ch" ];
-  };
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  # Enable networking
-  networking.networkmanager.enable = true;
-
-  # Set your time zone.
-  time.timeZone = "Europe/Moscow";
-
-  environment.sessionVariables = rec {
-    # fixing disappering cursor in alacritty - https://github.com/NixOS/nixpkgs/issues/22652
-    XCURSOR_THEME = "Vimix-cursors";
-    # vscode wayland
-    NIXOS_OZONE_WL = 1;
-  };
-
-  # Select internationalisation properties.
-  i18n.defaultLocale = "ru_RU.UTF-8";
-
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "ru_RU.UTF-8";
-    LC_IDENTIFICATION = "ru_RU.UTF-8";
-    LC_MEASUREMENT = "ru_RU.UTF-8";
-    LC_MONETARY = "ru_RU.UTF-8";
-    LC_NAME = "ru_RU.UTF-8";
-    LC_NUMERIC = "ru_RU.UTF-8";
-    LC_PAPER = "ru_RU.UTF-8";
-    LC_TELEPHONE = "ru_RU.UTF-8";
-    LC_TIME = "ru_RU.UTF-8";
-  };
-
-  # Enable the X11 windowing system.
-  services.xserver.enable = true;
-
-  # Enable the GNOME Desktop Environment.
-  services.xserver.displayManager.gdm = {
-    enable = true;
-    wayland = true;
-  };
-
-  services.xserver.desktopManager.gnome = {
-    enable = true;
-    extraGSettingsOverridePackages = [ pkgs.mutter ];
-    extraGSettingsOverrides = ''
-      [org.gnome.mutter]
-      experimental-features=['scale-monitor-framebuffer']
-    '';
-  };
-
-  # Configure keymap in X11
-  services.xserver.xkb = {
-    layout = "us";
-    variant = "";
-  };
-
-  # Enable CUPS to print documents.
-  services.printing.enable = true;
-
-  services.udev.packages = with pkgs; [
-    platformio-core.udev
-    openocd
-  ];
-
-  # Enable sound with pipewire.
-  services.pulseaudio.enable = false;
-  security.rtkit.enable = true;
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-    # If you want to use JACK applications, uncomment this
-    #jack.enable = true;
-
-    # use the example session manager (no others are packaged yet so this is enabled by default,
-    # no need to redefine it in your config for now)
-    #media-session.enable = true;
-  };
-
-  services.cpupower-gui.enable = true;
-  services.power-profiles-daemon.enable = false;
-  services.tlp = {
-    enable = true;
-    settings = {
-      CPU_SCALING_GOVERNOR_ON_AC = "performance";
-      CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
-
-      CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
-      CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
-
-      CPU_MIN_PERF_ON_AC = 0;
-      CPU_MAX_PERF_ON_AC = 100;
-      CPU_MIN_PERF_ON_BAT = 0;
-      CPU_MAX_PERF_ON_BAT = 20;
-
-      USB_EXCLUDE_BTUSB = 1;
-
-      #Optional helps save long term battery health
-      START_CHARGE_THRESH_BAT0 = 40; # 40 and bellow it starts to charge
-      STOP_CHARGE_THRESH_BAT0 = 80; # 80 and above it stops charging
-
-    };
-  };
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.venya = {
-    isNormalUser = true;
-    description = "Dmitry Chumak";
-    extraGroups = [ "networkmanager" "wheel" ];
-    packages = with pkgs; [
-    ];
-  };
-
-  # Install firefox.
-
-  programs.nix-ld.enable = true;
-
-  programs.steam = {
-    enable = true;
-    remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
-    dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
-  };
-
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-
-  services.flatpak.enable = true;
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-
-  services.syncthing = {
-    enable = true;
-    user = "venya";
-    dataDir = "/home/venya/Documents";    # Default folder for new synced folders
-    configDir = "/home/venya/.config/syncthing";   # Folder for Syncthing's settings and keys
-  };
-
-  environment.systemPackages = with pkgs; [
-    nix-search-cli
-    alacritty
-    yazi
-    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-    neovim
-    ripgrep
-    gnumake
-    dconf-editor
-    git
-    pstree
-    jq
-    nixd
-    nixpkgs-fmt
-    bfg-repo-cleaner
-    lazygit
-    tmux
-    ripgrep
-    dig
-    xclip
-    wget
-    nekoray
-    nix-index
-    inetutils
-    pciutils
-    tcpdump
-    libstrangle # fps limmiter
-    gparted
-    inkscape
-    flameshot
-    thunderbird
-    vscode-fhs
-    cpupower-gui
-    ryzenadj
-    powertop
-    gcc
-    python312
-    python312Packages.nsz
-    python312Packages.detect-secrets
-    nodejs_20
-    go
-    jdk
-    linuxKernel.packages.linux_6_12.cpupower
-    linuxKernel.packages.linux_6_12.ryzen-smu
-    appimage-run
-    desktop-file-utils
-    vimix-cursors
-    vimix-icon-theme
-    vimix-gtk-themes
-  ];
-
-
-  fonts = {
-    # https://www.programmingfonts.org/#roboto to check fonts visually
-    fontDir = {
-      enable = true;
-    };
-    fontconfig = {
-      defaultFonts = {
-        monospace = [
-	  "RecMonoLinear Nerd Font Mono"
-	  "Ubuntu Mono"
-	];
-      };
-      localConf = ''
-        <alias>
-          <family>RecMonoLinear Nerd Font Mono</family>
-          <prefer>
-            <family>Roboto Mono</family>
-          </prefer>
-        </alias>
-      '';
-    };
-    packages = with pkgs; [
-      # iosevka
-      ubuntu-classic
-      hack-font
-      cascadia-code
-      roboto-mono
-      nerd-fonts.fira-code
-      nerd-fonts.recursive-mono
-      nerd-fonts.iosevka
-      nerd-fonts.symbols-only
-      noto-fonts-cjk-sans
-    ];
-
-  };
-
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  # services.openssh.enable = true;
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
-
-  virtualisation.docker = {
-    enable = true;
-    rootless = {
-      enable = true;
-      setSocketVariable = true;
-    };
-  };
-
-}

defaults/default.nix

@@ -0,0 +1,129 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # Bootloader.
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader = {
+    grub = {
+      enable = true;
+      useOSProber = true;
+      efiSupport = true;
+      device = "nodev";
+      gfxmodeEfi = "3440x1440";
+      font = "${pkgs.hack-font}/share/fonts/truetype/Hack-Regular.ttf";
+      fontSize = 36;
+    };
+  };
+
+  # Set your time zone.
+  time.timeZone = "Europe/Moscow";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "ru_RU.UTF-8";
+  i18n.supportedLocales = [
+    "en_US.UTF-8/UTF-8"
+    "ru_RU.UTF-8/UTF-8"
+  ];
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "ru_RU.UTF-8";
+    LC_IDENTIFICATION = "ru_RU.UTF-8";
+    LC_MEASUREMENT = "ru_RU.UTF-8";
+    LC_MONETARY = "ru_RU.UTF-8";
+    LC_NAME = "ru_RU.UTF-8";
+    LC_NUMERIC = "ru_RU.UTF-8";
+    LC_PAPER = "ru_RU.UTF-8";
+    LC_TELEPHONE = "ru_RU.UTF-8";
+    LC_TIME = "ru_RU.UTF-8";
+  };
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+
+  # Configure keymap in X11
+  services.xserver.xkb = {
+    layout = "us";
+    variant = "";
+  };
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable sound with pipewire.
+  services.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+  };
+
+  services.flatpak.enable = true;
+  systemd.services.flatpak-repo = {
+    wantedBy = [ "multi-user.target" ];
+    path = [ pkgs.flatpak ];
+    script = ''
+      flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
+    '';
+  };
+
+  services.syncthing = {
+    enable = true;
+    user = "venya";
+    dataDir = "/home/venya/Documents";    # Default folder for new synced folders
+    configDir = "/home/venya/.config/syncthing";   # Folder for Syncthing's settings and keys
+  };
+
+
+  fonts = {
+    # https://www.programmingfonts.org/#roboto to check fonts visually
+    fontDir = {
+      enable = true;
+    };
+    fontconfig = {
+      defaultFonts = {
+        monospace = [
+          "RecMonoLinear Nerd Font Mono"
+          "Ubuntu Mono"
+        ];
+        serif = [
+          "Noto Serif CJK SC"
+        ];
+        sansSerif = [
+          "Noto Sans CJK SC"
+        ];
+      };
+      localConf = ''
+        <alias>
+          <family>RecMonoLinear Nerd Font Mono</family>
+          <prefer>
+            <family>Roboto Mono</family>
+          </prefer>
+        </alias>
+      '';
+    };
+    packages = with pkgs; [
+      # iosevka
+      ubuntu-classic
+      hack-font
+      cascadia-code
+      roboto-mono
+      nerd-fonts.fira-code
+      nerd-fonts.recursive-mono
+      nerd-fonts.iosevka
+      nerd-fonts.symbols-only
+      noto-fonts-cjk-sans
+      noto-fonts-cjk-serif
+    ];
+
+  };
+
+  virtualisation.docker = {
+    enable = true;
+    rootless = {
+      enable = true;
+      setSocketVariable = true;
+    };
+  };
+}

desktop-environments/gnome.nix

@@ -0,0 +1,45 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # Enable the GNOME Desktop Environment.
+  services.displayManager.gdm = {
+    enable = true;
+    wayland = true;
+  };
+
+  services.desktopManager.gnome = {
+    enable = true;
+    extraGSettingsOverridePackages = [ pkgs.mutter ];
+    extraGSettingsOverrides = ''
+      [org.gnome.mutter]
+      experimental-features=['scale-monitor-framebuffer']
+    '';
+  };
+  
+  programs.dconf.profiles.user.databases = [
+    {
+      lockAll = true; # prevents overriding
+      settings = {
+        # re-login to activate
+        "org/gnome/mutter" = {
+          dynamic-workspaces = false;
+        };
+        "org/gnome/desktop/wm/preferences" = {
+          num-workspaces = lib.gvariant.mkInt32 6;
+        };
+        "org/gnome/desktop/wm/keybindings" = {
+          switch-to-workspace-1 = ["<Control>1"];
+          switch-to-workspace-2 = ["<Control>2"];
+          switch-to-workspace-3 = ["<Control>3"];
+          switch-to-workspace-4 = ["<Control>4"];
+          switch-to-workspace-5 = ["<Control>5"];
+        };
+        "org/gnome/desktop/interface" = {
+          document-font-name = "Noto Sans CJK SC 12 @wght=400";
+          font-name = "Noto Sans CJK SC 11 @wght=400";
+          monospace-font-name = "RecMonoLinear Nerd Font Mono 11";
+        };
+      };
+    }
+  ];
+}

hosts/djamba.nix

@@ -0,0 +1,59 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, lib, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hw-djamba.nix
+      ../defaults/default.nix
+      ../apps/apps-list.nix
+      ../apps/firefox.nix
+      ../apps/flameshot.nix
+      ../desktop-environments/gnome.nix
+    ];
+
+  # Use latest kernel.
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  networking.hostName = "djamba"; # Define your hostname.
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  environment.sessionVariables = rec {
+    # fixing disappering cursor in alacritty - https://github.com/NixOS/nixpkgs/issues/22652
+    XCURSOR_THEME = "Vimix-cursors";
+    # vscode wayland
+    NIXOS_OZONE_WL = 1;
+  };
+
+  services.sunshine = {
+    enable = true;
+    autoStart = true;
+    capSysAdmin = true; # only needed for Wayland -- omit this when using with Xorg
+    openFirewall = true;
+  };
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.venya = {
+    isNormalUser = true;
+    description = "Dmitry Chumak";
+    extraGroups = [ "networkmanager" "wheel" ];
+  };
+
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.11"; # Did you read the comment?
+
+}

hosts/hw-djamba.nix

@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/62e051d3-bc3d-440a-9d2b-076ac1dcc19f";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/1882-7312";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/stitch.nix

@@ -0,0 +1,100 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hw-stitch.nix
+      ../defaults/default.nix
+      ../apps/apps-list.nix
+      ../apps/firefox.nix
+      ../apps/flameshot.nix
+      ../desktop-environments/gnome.nix
+    ];
+
+  boot.kernelPackages = pkgs.linuxPackages_6_12;
+  # boot.kernelPatches = [
+  #   {
+  #     name = "amd-drm-glitch-fix";
+  #     patch = (pkgs.fetchurl {
+  #       url = "https://patchwork.freedesktop.org/patch/605900/raw/";
+  #       hash = "sha256-WR537QGQak5pwm4BnLiQ/pc7gAkn2SdI3QRvGTRZSFE=";
+  #     });
+  #   }
+  # ];
+  boot.kernelParams = ["amd_pstate=active" "iommu=relaxed"];
+  boot.supportedFilesystems = ["ntfs"];
+
+  networking.hostName = "nixos"; # Define your hostname.
+  networking.hosts = {
+    "127.0.0.1" = [ "dev.tolma.ch" ];
+  };
+
+  networking.networkmanager.enable = true;
+
+  environment.sessionVariables = rec {
+    # fixing disappering cursor in alacritty - https://github.com/NixOS/nixpkgs/issues/22652
+    XCURSOR_THEME = "Vimix-cursors";
+    # vscode wayland
+    NIXOS_OZONE_WL = 1;
+  };
+
+  # xteink4 crosspoint env
+  services.udev.packages = with pkgs; [
+    platformio-core.udev
+    openocd
+  ];
+
+  services.cpupower-gui.enable = true;
+  services.power-profiles-daemon.enable = false;
+  services.tlp = {
+    enable = true;
+    settings = {
+      CPU_SCALING_GOVERNOR_ON_AC = "performance";
+      CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
+
+      CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
+      CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
+
+      CPU_MIN_PERF_ON_AC = 0;
+      CPU_MAX_PERF_ON_AC = 100;
+      CPU_MIN_PERF_ON_BAT = 0;
+      CPU_MAX_PERF_ON_BAT = 20;
+
+      USB_EXCLUDE_BTUSB = 1;
+
+      #Optional helps save long term battery health
+      START_CHARGE_THRESH_BAT0 = 40; # 40 and bellow it starts to charge
+      STOP_CHARGE_THRESH_BAT0 = 80; # 80 and above it stops charging
+
+    };
+  };
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.venya = {
+    isNormalUser = true;
+    description = "Dmitry Chumak";
+    extraGroups = [ "networkmanager" "wheel" ];
+    packages = with pkgs; [
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    cpupower-gui
+    ryzenadj
+    powertop
+    linuxKernel.packages.linux_6_12.cpupower
+    linuxKernel.packages.linux_6_12.ryzen-smu
+  ];
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.11"; # Did you read the comment?
+}

nix-alien.nix

@@ -1,15 +0,0 @@
-{ ... }:
-
-let
-  nix-alien-pkgs = import (
-    builtins.fetchTarball "https://github.com/thiagokokada/nix-alien/tarball/master"
-  ) { };
-in
-{
-  environment.systemPackages = with nix-alien-pkgs; [
-    nix-alien
-  ];
-
-  # Optional, but this is needed for `nix-alien-ld` command
-  programs.nix-ld.enable = true;
-}

wireguard.nix

@@ -1,18 +0,0 @@
-# { config, pkgs, lib, ... }:{
-#   networking.firewall.checkReversePath = "loose"; 
-# }
-{ config, pkgs, lib, ... }:{
-  networking.firewall = {
-   # if packets are still dropped, they will show up in dmesg
-   logReversePathDrops = true;
-   # wireguard trips rpfilter up
-   extraCommands = ''
-     ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 16632 -j RETURN
-     ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 16632 -j RETURN
-   '';
-   extraStopCommands = ''
-     ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 16632 -j RETURN || true
-     ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 16632 -j RETURN || true
-   '';
-  };
-}