diff options
Diffstat (limited to 'hosts/fangorn/default.nix')
| -rw-r--r-- | hosts/fangorn/default.nix | 67 |
1 files changed, 24 insertions, 43 deletions
diff --git a/hosts/fangorn/default.nix b/hosts/fangorn/default.nix index 9194dae..9a41013 100644 --- a/hosts/fangorn/default.nix +++ b/hosts/fangorn/default.nix @@ -1,4 +1,4 @@ -{ config, inputs, outputs, pkgs, ... }: { +{ config, inputs, lib, outputs, pkgs, ... }: { boot = { kernelPackages = pkgs.linuxPackages_6_12; loader = { @@ -15,7 +15,6 @@ environment.systemPackages = with pkgs; [ signal-desktop - #master.wsmancli wpa_supplicant ]; @@ -24,16 +23,17 @@ ./hardware-configuration.nix ../common/core #../common/optional/db.nix - #../common/optional/dev.nix - #../common/optional/ebooks.nix + ../common/optional/dev.nix + ../common/optional/ebooks.nix #../common/optional/games.nix - #../common/optional/misc.nix - #../common/optional/multimedia.nix + ../common/optional/misc.nix + ../common/optional/multimedia.nix ../common/optional/pipewire.nix + ../common/optional/services/nolid.nix ../common/optional/services/openssh.nix #../common/optional/services/tlp.nix - #../common/optional/services/xorg.nix - #../common/optional/sound.nix + ../common/optional/services/xorg.nix + ../common/optional/sound.nix ../common/optional/wdt.nix ../common/optional/zfs.nix ../common/users/don @@ -42,6 +42,9 @@ ]; networking = { + firewall.extraInputRules = '' + iifname "wg0" tcp dport ssh counter accept + ''; hostId = "6f1faddc"; hostName = "fangorn"; networkmanager.enable = true; @@ -59,45 +62,23 @@ ]; }; - services.openssh.settings.X11Forwarding = true; + services.openssh = { + openFirewall = false; + settings.X11Forwarding = true; + }; + services.xserver.desktopManager.xfce.enable = true; services.xserver.videoDrivers = [ "amdgpu" ]; - #sops = { - # age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - # defaultSopsFile = ../secrets/fangorn.yaml; + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ../secrets/fangorn.yaml; - # secrets = { - # "nftables/ssh" = {}; - # "nix-access-token-github" = {}; - # "ssh_config".path = "/root/.ssh/config"; - # }; - #}; + secrets = { + "nix-access-token-github" = {}; + }; + }; system.stateVersion = "23.11"; - #systemd.services."nftables-extra" = let rules_script = '' - # ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} - # ''; in { - # description = "nftables extra firewall rules"; - # reload = rules_script; - # script = rules_script; - # serviceConfig = { - # RemainAfterExit = true; - # Type = "oneshot"; - # }; - # unitConfig = { - # ConditionPathExists = config.sops.secrets."nftables/ssh".path; - # ReloadPropagatedFrom = "nftables.service"; - # }; - # wantedBy = [ "multi-user.target" ]; - # after = [ "nftables.service" ]; - # partOf = [ "nftables.service" ]; - #}; - - #systemd.paths."nftables-extra" = { - # pathConfig = { - # PathExists = config.sops.secrets."nftables/ssh".path; - # }; - # wantedBy = [ "multi-user.target" ]; - #}; + time.timeZone = lib.mkForce "America/Chicago"; } |