From 5fac176a068455be5b67a4922256596176a8b9c4 Mon Sep 17 00:00:00 2001
From: Kabbone <tobias@opel-online.de>
Date: Tue, 6 Dec 2022 22:24:15 +0100
Subject: [PATCH] prepaid-host adjustment

---
 hosts/configuration_desktop.nix         |  3 +-
 hosts/configuration_server.nix          |  7 ++++-
 hosts/default.nix                       |  4 +--
 hosts/server/default.nix                | 10 +++---
 hosts/server/hardware-configuration.nix | 41 ++++++++++++-------------
 5 files changed, 35 insertions(+), 30 deletions(-)

diff --git a/hosts/configuration_desktop.nix b/hosts/configuration_desktop.nix
index 7190b40..bc5ac9b 100644
--- a/hosts/configuration_desktop.nix
+++ b/hosts/configuration_desktop.nix
@@ -20,7 +20,7 @@
 
   users.users.${user} = {                   # System User
     isNormalUser = true;
-    extraGroups = [ "wheel" "video" "audio" "camera" "networkmanager" "lp" "kvm" "libvirtd" "adb" ];
+    extraGroups = [ "wheel" "video" "audio" "camera" "networkmanager" "lp" "kvm" "libvirtd" "adb" "dialout" ];
     shell = pkgs.zsh;                       # Default shell
     uid = 2000;
 #    initialPassword = "password95";
@@ -95,6 +95,7 @@
       at-spi2-core
       bind
       dig
+      qmk-udev-rules
     ];
   };
 
diff --git a/hosts/configuration_server.nix b/hosts/configuration_server.nix
index 313ebee..761fa06 100644
--- a/hosts/configuration_server.nix
+++ b/hosts/configuration_server.nix
@@ -92,8 +92,13 @@
     openssh = {                             # SSH: secure shell (remote connection to shell of server)
       enable = true;                        # local: $ ssh <user>@<ip>
       passwordAuthentication = false;
+      permitRootLogin = "no";
+      ports = [ 2220 ];
+      openFirewall = true;
+    };
+    fail2ban = {
+        enable = true
     };
-    qemuGuest.enable = true;
 
     #flatpak.enable = true;                  # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up
                                             # sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused
diff --git a/hosts/default.nix b/hosts/default.nix
index d37df5e..69d5adb 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -78,7 +78,7 @@ in
     ];
   };
 
-  dmz-services = lib.nixosSystem {                                # Desktop profile
+  dmz = lib.nixosSystem {                                # Desktop profile
     inherit system;
     #user = "dmz-user";
     specialArgs = { inherit inputs user location nixos-hardware nur; };
@@ -86,7 +86,7 @@ in
       nur.nixosModules.nur
       ./server
       ./configuration_server.nix
-      nixos-hardware.nixosModules.common-cpu-intel
+      nixos-hardware.nixosModules.common-cpu-amd
       nixos-hardware.nixosModules.common-pc-ssd
 
       home-manager.nixosModules.home-manager {
diff --git a/hosts/server/default.nix b/hosts/server/default.nix
index 06d568b..93c9bae 100644
--- a/hosts/server/default.nix
+++ b/hosts/server/default.nix
@@ -29,11 +29,11 @@
     kernelPackages = pkgs.linuxPackages_latest;
 
     loader = {                              # EFI Boot
-      systemd-boot.enable = true;
-      efi = {
-        canTouchEfiVariables = true;
-        efiSysMountPoint = "/boot";
-      };
+    grub = {
+        enable = true;
+        version = 2;
+        device = "/dev/sda";
+    };
       timeout = 1;                          # Grub auto select time
     };
   };
diff --git a/hosts/server/hardware-configuration.nix b/hosts/server/hardware-configuration.nix
index 86c6ab3..c9d425d 100644
--- a/hosts/server/hardware-configuration.nix
+++ b/hosts/server/hardware-configuration.nix
@@ -17,9 +17,9 @@
     [ (modulesPath + "/profiles/qemu-guest.nix")
     ];
 
-  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
+  boot.initrd.availableKernelModules = [  "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod" ];
   boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" "vfio_virqfd" ];
-  boot.kernelModules = [ "kvm-intel" ];
+  boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
@@ -52,11 +52,6 @@
       options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
     };
 
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-label/NIXBOOT";
-      fsType = "vfat";
-    };
-
 
   swapDevices = [ ];
   
@@ -67,22 +62,26 @@
       enable = true;
     };
     interfaces = {
-      enp6s18 = {
-        useDHCP = true;                     # For versatility sake, manually edit IP on nm-applet.
-        #ipv4.addresses = [ {
-        #    address = "192.168.0.51";
-        #    prefixLength = 24;
-        #} ];
+      ens18 = {
+        useDHCP = false;                     # For versatility sake, manually edit IP on nm-applet.
+        ipv4.addresses = [ {
+            address = "45.142.114.153";
+            prefixLength = 24;
+        } ];
+        ipv6.addresses = [ {
+            address = "2a00:ccc1:101:19D::2";
+            prefixLength = 64;
+        } ];
       };
     };
-    #defaultGateway = "192.168.0.1";
-    #nameservers = [ "192.168.0.4" ];
-    #firewall = {
-    #  enable = false;
-    #  #allowedUDPPorts = [ 53 67 ];
-    #  #allowedTCPPorts = [ 53 80 443 9443 ];
-    #};
+    defaultGateway = "45.142.114.1";
+    nameservers = [ "9.9.9.9" "2620:fe::fe" ];
+    firewall = {
+      enable = true;
+      allowedUDPPorts = [  ];
+      allowedTCPPorts = [  ];
+    };
   };
 
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }