hosts: enable zramswap

hosts/desktop/hardware-configuration.nix

@@ -21,6 +21,8 @@
   boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" "vfio_virqfd" ];
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
+  boot.tmpOnTmpfs = true;
+  zramSwap.enable = true;
 
   fileSystems."/" =
     { device = "/dev/disk/by-label/NIXROOT";

hosts/laptop/hardware-configuration.nix

@@ -22,6 +22,8 @@
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
   boot.kernelParams = [ "mitigations=off" "luks.options=fido2-device=auto" ];
+  boot.tmpOnTmpfs = true;
+  zramSwap.enable = true;
 
   boot.initrd.luks = {
     fido2Support = true;

hosts/server/hardware-configuration.nix

@@ -21,6 +21,8 @@
   boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" "vfio_virqfd" ];
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
+  boot.tmpOnTmpfs = true;
+  zramSwap.enable = true;
 
   fileSystems."/" =
     { device = "/dev/disk/by-label/NIXROOT";

modules/services/server/gitea.nix

@@ -23,11 +23,7 @@
     mailerPasswordFile = config.age.secrets."services/gitea/mailerPassword".path;
     settings = {
         server = {
-            START_SSH_SERVER = true;
-            SSH_PORT = 2222;
-#            SSH_SERVER_CIPHERS = "";
-#            SSH_SERVER_KEY_EXCHANGES = "";
-#            SSH_SERVER_MACS = "";
+            SSH_PORT = 2220;
             ENABLE_GZIP = true;
         };
         security = {
@@ -68,12 +64,6 @@
     };
   };
 
-  networking.firewall = {
-    interfaces.ens18 = {
-      allowedTCPPorts = [ 2222 ];
-    };
-  };
-
   services.nginx = {
     enable = true;
     recommendedTlsSettings = true;