miloignis/nix_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'main' of forge.room409.xyz:miloignis/nix_config

Browse Source
This commit is contained in:
Nathan Braswell
2023-09-26 20:11:40 -04:00
parent 96a283f505 d5ac189e66
commit 90113aa08e
1 changed files with 19 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
flake.nix
View File

@@ -359,7 +359,6 @@
fileSystems."/" = { device = "/dev/disk/by-uuid/ae8e4a92-53dd-49b5-bf3a-aeb9a109c01e"; fsType = "ext4"; }; fileSystems."/" = { device = "/dev/disk/by-uuid/ae8e4a92-53dd-49b5-bf3a-aeb9a109c01e"; fsType = "ext4"; };
fileSystems."/boot" = { device = "/dev/disk/by-uuid/28E9-0409"; fsType = "vfat"; }; fileSystems."/boot" = { device = "/dev/disk/by-uuid/28E9-0409"; fsType = "vfat"; };
swapDevices = [ ]; swapDevices = [ ];
nix.maxJobs = lib.mkDefault 16;
# END HARDWARE # END HARDWARE
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
@@ -455,7 +454,6 @@
{ device = "/dev/disk/by-uuid/b9470789-6d82-4ad4-9a4a-7e19b8fcc8dc"; { device = "/dev/disk/by-uuid/b9470789-6d82-4ad4-9a4a-7e19b8fcc8dc";
fsType = "ext4"; fsType = "ext4";
}; };
nix.maxJobs = lib.mkDefault 1;
# END HARDWARE # END HARDWARE
nix.gc.automatic = true; nix.gc.automatic = true;
@@ -489,7 +487,6 @@
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
swapDevices = [{ swapDevices = [{
@@ -506,8 +503,8 @@
networking.firewall = { networking.firewall = {
#allowedTCPPorts = [ 22 80 443 3478 3479 ]; #allowedTCPPorts = [ 22 80 443 3478 3479 ];
#allowedUDPPorts = [ 22 80 443 5349 5350 51820 ]; #allowedUDPPorts = [ 22 80 443 5349 5350 51820 ];
allowedTCPPorts = [ 22 80 443 ]; allowedTCPPorts = [ 22 80 443 30000 ]; #30000 is minetest
allowedUDPPorts = [ 22 80 443 51820 ]; allowedUDPPorts = [ 22 80 443 51820 30000 ];
#extraCommands = '' #extraCommands = ''
# iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#''; #'';
@@ -547,9 +544,11 @@
#}; #};
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.passwordAuthentication = false; services.openssh.settings = {
services.openssh.kbdInteractiveAuthentication = false; PasswordAuthentication = false;
services.openssh.permitRootLogin = "prohibit-password"; KbdInteractiveAuthentication = false;
PermitRootLogin = "prohibit-password";
};
services.mastodon = { services.mastodon = {
enable = true; enable = true;
@@ -618,11 +617,13 @@
services.gitea = { services.gitea = {
enable = true; enable = true;
disableRegistration = true; settings.service.DISABLE_REGISTRATION = true;
appName = "Room409.xyz Forge"; appName = "Room409.xyz Forge";
domain = "forge.room409.xyz"; settings.server = {
rootUrl = "https://forge.room409.xyz/"; DOMAIN = "forge.room409.xyz";
httpPort = 3001; ROOT_URL = "https://forge.room409.xyz/";
HTTP_PORT = 3001;
};
}; };
#systemd.services.lemmy.environment.RUST_BACKTRACE = "full"; #systemd.services.lemmy.environment.RUST_BACKTRACE = "full";
@@ -652,8 +653,8 @@
enable = true; enable = true;
address = "0.0.0.0"; address = "0.0.0.0";
port = 8789; port = 8789;
serverUrl = "https://headscale.room409.xyz"; settings.serverUrl = "https://headscale.room409.xyz";
dns.baseDomain = "wg.test"; settings.dns_config.baseDomain = "wg.test";
settings.logtail.enabled = false; settings.logtail.enabled = false;
}; };
@@ -665,8 +666,10 @@
clientOptions.fontFamily="Recursive"; clientOptions.fontFamily="Recursive";
}; };
security.acme.email = "miloignis@gmail.com"; security.acme = {
security.acme.acceptTerms = true; acceptTerms = true;
defaults.email = "miloignis@gmail.com";
};
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;