Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Kabbone:35c329c4d8570e8519ef13ea6b7aeed71dfa49d6
Branches Tags
Kabbone:main Kabbone:refactor
..
compare: Kabbone:ede4232f2853b7a4d269aabdef80052a70e2c815
Branches Tags
Kabbone:main Kabbone:refactor

3 Commits
35c329c4d8 ... ede4232f28

Author SHA1 Message Date
Kabbone
ede4232f28 hosts: enable zramswap 2023-01-07 08:56:04 +01:00
Kabbone
e44ba26ccb services: gitea use system ssh 2023-01-07 08:54:01 +01:00
Kabbone
cbc20ba224 hosts: put tmp on tmpfs 2023-01-07 08:38:47 +01:00
4 changed files with 7 additions and 11 deletions
Expand all files Collapse all files

2
hosts/desktop/hardware-configuration.nix
View File

@@ -21,6 +21,8 @@
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" "vfio_virqfd" ]; boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" "vfio_virqfd" ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.tmpOnTmpfs = true;
zramSwap.enable = true;
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-label/NIXROOT";

2
hosts/laptop/hardware-configuration.nix
View File

@@ -22,6 +22,8 @@
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.kernelParams = [ "mitigations=off" "luks.options=fido2-device=auto" ]; boot.kernelParams = [ "mitigations=off" "luks.options=fido2-device=auto" ];
boot.tmpOnTmpfs = true;
zramSwap.enable = true;
boot.initrd.luks = { boot.initrd.luks = {
fido2Support = true; fido2Support = true;

2
hosts/server/hardware-configuration.nix
View File

@@ -21,6 +21,8 @@
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" "vfio_virqfd" ]; boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" "vfio_virqfd" ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.tmpOnTmpfs = true;
zramSwap.enable = true;
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-label/NIXROOT";

12
modules/services/server/gitea.nix
View File

@@ -23,11 +23,7 @@
mailerPasswordFile = config.age.secrets."services/gitea/mailerPassword".path; mailerPasswordFile = config.age.secrets."services/gitea/mailerPassword".path;
settings = { settings = {
server = { server = {
START_SSH_SERVER = true; SSH_PORT = 2220;
SSH_PORT = 2222;
# SSH_SERVER_CIPHERS = "";
# SSH_SERVER_KEY_EXCHANGES = "";
# SSH_SERVER_MACS = "";
ENABLE_GZIP = true; ENABLE_GZIP = true;
}; };
security = { security = {
@@ -68,12 +64,6 @@
}; };
}; };
networking.firewall = {
interfaces.ens18 = {
allowedTCPPorts = [ 2222 ];
};
};
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;