summary refs log tree commit diff stats
path: root/system/linde.nix
diff options
context:
space:
mode:
Diffstat (limited to 'system/linde.nix')
-rw-r--r--system/linde.nix72
1 files changed, 29 insertions, 43 deletions
diff --git a/system/linde.nix b/system/linde.nix
index 20d71e55..e82236d0 100644
--- a/system/linde.nix
+++ b/system/linde.nix
@@ -6,14 +6,14 @@
 
 with lib;
 let
-  netif = "enp1s0";
+  netif = "eth0";
   hostname = "linde";
   net-ip4 = "116.203.248.56";
-  net-mask4 = "32";
+  net-mask4 = 32;
   net-gw = "172.31.1.1";
   net-ip6 = "2a01:4f8:c012:23a4::1";
   net-redisip = "2a01:4f8:c012:23a4::6379";
-  net-mask6 = "64";
+  net-mask6 = 64;
   net-gw6 = "fe80::1";
   domain = "alanpearce.eu";
   ts-domain = "hydra-pinecone.ts.net";
@@ -56,9 +56,6 @@ in
     };
   };
 
-  # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
   boot.loader.efi.efiSysMountPoint = "/boot/efi";
 
   time.timeZone = "Europe/Berlin";
@@ -85,8 +82,6 @@ in
     enable = true;
     settings = {
       PermitRootLogin = "without-password";
-      PasswordAuthentication = false;
-      KbdInteractiveAuthentication = false;
     };
   };
   services.sshguard = {
@@ -134,6 +129,7 @@ in
     secretKeyFile = config.age.secrets.binarycache.path;
   };
 
+  programs.vim.defaultEditor = false;
   programs.neovim = {
     enable = true;
     defaultEditor = true;
@@ -144,7 +140,6 @@ in
   networking = {
     hostName = hostname;
     inherit domain;
-    useDHCP = false;
     dhcpcd.enable = false;
     nameservers = [
       "2606:4700:4700::1111"
@@ -157,6 +152,30 @@ in
       ${net-ip6} = [ "${hostname}.${domain}" hostname ];
       ${net-redisip} = [ "redis" ];
     };
+    defaultGateway = {
+      address = net-gw;
+      interface = netif;
+    };
+    defaultGateway6 = {
+      address = net-gw6;
+      interface = netif;
+    };
+    interfaces.${netif} = {
+      ipv4 = {
+        addresses = [
+          { address = net-ip4; prefixLength = net-mask4; }
+        ];
+        routes = [
+          { address = net-gw; prefixLength = 32; }
+        ];
+      };
+      ipv6 = {
+        addresses = [
+          { address = net-ip6; prefixLength = net-mask6; }
+          { address = net-redisip; prefixLength = net-mask6; }
+        ];
+      };
+    };
     firewall = {
       enable = true;
       allowPing = true;
@@ -188,44 +207,12 @@ in
       useLocalResolver = false;
     };
   };
+  services.cloud-init.network.enable = false;
   services.resolved = {
     enable = true;
     llmnr = "false";
     dnssec = "true";
   };
-  systemd.network = {
-    enable = true;
-    networks.${netif} =
-      {
-        name = netif;
-        routes = [
-          {
-            Gateway = net-gw6;
-            PreferredSource = net-ip6;
-            QuickAck = true;
-            InitialCongestionWindow = 30;
-            InitialAdvertisedReceiveWindow = 30;
-          }
-          {
-            Gateway = net-gw;
-            QuickAck = true;
-            InitialCongestionWindow = 30;
-            InitialAdvertisedReceiveWindow = 30;
-          }
-        ];
-        address = [
-          "${net-ip6}/${net-mask6}"
-          "${net-redisip}/${net-mask6}"
-        ];
-        addresses = [{
-          Address = "${net-ip4}/${net-mask4}";
-          Peer = "${net-gw}/32";
-        }];
-      };
-    wait-online = {
-      extraArgs = [ "--interface=${netif}" ];
-    };
-  };
 
   services.tailscale = {
     enable = true;
@@ -283,7 +270,6 @@ in
       "net.ipv4.tcp_slow_start_after_idle" = false;
     };
 
-  security.sudo.execWheelOnly = true;
   security.sudo.extraConfig = ''
     Defaults:root,%wheel env_keep+=EDITOR
   '';
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-02-08 01:03:46 +0000