prepaid-host adjustment
This commit is contained in:
parent
ffdbf1c581
commit
5fac176a06
SSH Key Fingerprint:
SHA256:A5zPB5I6u5V78V51c362BBdCwhDhfDUVbt7NfKdjWBY
@ -20,7 +20,7 @@
|
|||||||
|
|
||||||
users.users.${user} = { # System User
|
users.users.${user} = { # System User
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "wheel" "video" "audio" "camera" "networkmanager" "lp" "kvm" "libvirtd" "adb" ];
|
extraGroups = [ "wheel" "video" "audio" "camera" "networkmanager" "lp" "kvm" "libvirtd" "adb" "dialout" ];
|
||||||
shell = pkgs.zsh; # Default shell
|
shell = pkgs.zsh; # Default shell
|
||||||
uid = 2000;
|
uid = 2000;
|
||||||
# initialPassword = "password95";
|
# initialPassword = "password95";
|
||||||
@ -95,6 +95,7 @@
|
|||||||
at-spi2-core
|
at-spi2-core
|
||||||
bind
|
bind
|
||||||
dig
|
dig
|
||||||
|
qmk-udev-rules
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@ -92,8 +92,13 @@
|
|||||||
openssh = { # SSH: secure shell (remote connection to shell of server)
|
openssh = { # SSH: secure shell (remote connection to shell of server)
|
||||||
enable = true; # local: $ ssh <user>@<ip>
|
enable = true; # local: $ ssh <user>@<ip>
|
||||||
passwordAuthentication = false;
|
passwordAuthentication = false;
|
||||||
|
permitRootLogin = "no";
|
||||||
|
ports = [ 2220 ];
|
||||||
|
openFirewall = true;
|
||||||
|
};
|
||||||
|
fail2ban = {
|
||||||
|
enable = true
|
||||||
};
|
};
|
||||||
qemuGuest.enable = true;
|
|
||||||
|
|
||||||
#flatpak.enable = true; # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up
|
#flatpak.enable = true; # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up
|
||||||
# sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused
|
# sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused
|
||||||
|
|||||||
@ -78,7 +78,7 @@ in
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
dmz-services = lib.nixosSystem { # Desktop profile
|
dmz = lib.nixosSystem { # Desktop profile
|
||||||
inherit system;
|
inherit system;
|
||||||
#user = "dmz-user";
|
#user = "dmz-user";
|
||||||
specialArgs = { inherit inputs user location nixos-hardware nur; };
|
specialArgs = { inherit inputs user location nixos-hardware nur; };
|
||||||
@ -86,7 +86,7 @@ in
|
|||||||
nur.nixosModules.nur
|
nur.nixosModules.nur
|
||||||
./server
|
./server
|
||||||
./configuration_server.nix
|
./configuration_server.nix
|
||||||
nixos-hardware.nixosModules.common-cpu-intel
|
nixos-hardware.nixosModules.common-cpu-amd
|
||||||
nixos-hardware.nixosModules.common-pc-ssd
|
nixos-hardware.nixosModules.common-pc-ssd
|
||||||
|
|
||||||
home-manager.nixosModules.home-manager {
|
home-manager.nixosModules.home-manager {
|
||||||
|
|||||||
@ -29,11 +29,11 @@
|
|||||||
kernelPackages = pkgs.linuxPackages_latest;
|
kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
|
||||||
loader = { # EFI Boot
|
loader = { # EFI Boot
|
||||||
systemd-boot.enable = true;
|
grub = {
|
||||||
efi = {
|
enable = true;
|
||||||
canTouchEfiVariables = true;
|
version = 2;
|
||||||
efiSysMountPoint = "/boot";
|
device = "/dev/sda";
|
||||||
};
|
};
|
||||||
timeout = 1; # Grub auto select time
|
timeout = 1; # Grub auto select time
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
@ -17,9 +17,9 @@
|
|||||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
|
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod" ];
|
||||||
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" "vfio_virqfd" ];
|
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" "vfio_virqfd" ];
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-amd" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" =
|
||||||
@ -52,11 +52,6 @@
|
|||||||
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
|
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/boot" =
|
|
||||||
{ device = "/dev/disk/by-label/NIXBOOT";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
swapDevices = [ ];
|
swapDevices = [ ];
|
||||||
|
|
||||||
@ -67,22 +62,26 @@
|
|||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
interfaces = {
|
interfaces = {
|
||||||
enp6s18 = {
|
ens18 = {
|
||||||
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
|
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
|
||||||
#ipv4.addresses = [ {
|
ipv4.addresses = [ {
|
||||||
# address = "192.168.0.51";
|
address = "45.142.114.153";
|
||||||
# prefixLength = 24;
|
prefixLength = 24;
|
||||||
#} ];
|
} ];
|
||||||
|
ipv6.addresses = [ {
|
||||||
|
address = "2a00:ccc1:101:19D::2";
|
||||||
|
prefixLength = 64;
|
||||||
|
} ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
#defaultGateway = "192.168.0.1";
|
defaultGateway = "45.142.114.1";
|
||||||
#nameservers = [ "192.168.0.4" ];
|
nameservers = [ "9.9.9.9" "2620:fe::fe" ];
|
||||||
#firewall = {
|
firewall = {
|
||||||
# enable = false;
|
enable = true;
|
||||||
# #allowedUDPPorts = [ 53 67 ];
|
allowedUDPPorts = [ ];
|
||||||
# #allowedTCPPorts = [ 53 80 443 9443 ];
|
allowedTCPPorts = [ ];
|
||||||
#};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user