2023-03-11

3 files changed, 43 insertions, 18 deletions

diff --git a/nixosConfigurations/eonwe/default.nix b/nixosConfigurations/eonwe/default.nix
index a5a07ab..f66478d 100644
--- a/nixosConfigurations/eonwe/default.nix
+++ b/nixosConfigurations/eonwe/default.nix
@@ -59,13 +59,17 @@ with lib; {
     # some patching and whatnot.
     kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
 
-    # Silence benign MCE errors:
-    # ```
-    # mce: [Hardware Error]: CPU 1: Machine Check: 0 Bank 29: ffffffffffffffff
-    # mce: [Hardware Error]: TSC 0 MISC ff1fffffffffffff SYND ffffffffffffffff IPID ffffffffffffffff
-    # mce: [Hardware Error]: PROCESSOR 2:a60f12 TIME 1669988017 SOCKET 0 APIC 2 microcode a601201
-    # ```
-    kernelParams = ["mce=nobootlog"];
+    kernelParams = [
+      # Silence benign MCE errors:
+      # ```
+      # mce: [Hardware Error]: CPU 1: Machine Check: 0 Bank 29: ffffffffffffffff
+      # mce: [Hardware Error]: TSC 0 MISC ff1fffffffffffff SYND ffffffffffffffff IPID ffffffffffffffff
+      # mce: [Hardware Error]: PROCESSOR 2:a60f12 TIME 1669988017 SOCKET 0 APIC 2 microcode a601201
+      # ```
+      "mce=nobootlog"
+      # Required for Hogwats Legacy.
+      "clearcpuid=514"
+    ];
 
     # The boot drive is Samsung SSD 980 PRO 2TB.
     initrd.kernelModules = ["nvme"];
diff --git a/nixosConfigurations/manwe/default.nix b/nixosConfigurations/manwe/default.nix
index 12d929e..a47cd88 100644
--- a/nixosConfigurations/manwe/default.nix
+++ b/nixosConfigurations/manwe/default.nix
@@ -1,5 +1,6 @@
 {
   config,
+  inputs,
   lib,
   ...
 }:
@@ -34,6 +35,7 @@ with lib; {
       enable = true;
       domain = my.domain.azahi;
     };
+    murmur.enable = true;
     radicale.enable = true;
     rss-bridge.enable = true;
     shadowsocks.enable = true;
@@ -44,6 +46,35 @@ with lib; {
     vaultwarden.enable = true;
   };
 
+  # To play old LAN games with the boys.
+  secrets."wireguard-private-key-70".file = "${inputs.self}/secrets/wireguard-private-key-70";
+  networking = mkIf config.nixfiles.modules.wireguard.server.enable {
+    wireguard.interfaces.wg70 = {
+      ips = ["10.70.0.1/16"];
+      listenPort = 7070;
+      privateKeyFile = config.secrets."wireguard-private-key-70".path;
+      peers = [
+        {
+          publicKey = "@PUBLIC_KEY@";
+          allowedIPs = ["10.70.1.1/32"];
+        }
+        {
+          publicKey = "@PUBLIC_KEY@";
+          allowedIPs = ["10.70.1.2/32"];
+        }
+        {
+          publicKey = "@PUBLIC_KEY@";
+          allowedIPs = ["10.70.1.3/32"];
+        }
+        {
+          publicKey = "@PUBLIC_KEY@";
+          allowedIPs = ["10.70.1.4/32"];
+        }
+      ];
+    };
+    firewall.allowedUDPPorts = [7070];
+  };
+
   boot = {
     loader.grub = {
       enable = true;
diff --git a/nixosConfigurations/varda/default.nix b/nixosConfigurations/varda/default.nix
index ea1dc3c..340ea8b 100644
--- a/nixosConfigurations/varda/default.nix
+++ b/nixosConfigurations/varda/default.nix
@@ -5,10 +5,7 @@ with lib; {
 
     acme.enable = true;
 
-    games.minecraft.server = {
-      enable = false; # Disabled because no one is playing now.
-      memory = "6G";
-    };
+    k3s.enable = true;
   };
 
   boot = {
@@ -47,13 +44,6 @@ with lib; {
     }
   ];
 
-  # TODO
-  services.k3s = {
-    enable = false;
-    role = "server";
-    extraFlags = "--disable traefik";
-  };
-
   zramSwap = {
     enable = true;
     memoryPercent = 25;