diff options
Diffstat (limited to 'system/prefect.nix')
| -rw-r--r-- | system/prefect.nix | 97 |
1 files changed, 77 insertions, 20 deletions
diff --git a/system/prefect.nix b/system/prefect.nix index 28905d10..980e35ff 100644 --- a/system/prefect.nix +++ b/system/prefect.nix @@ -10,20 +10,20 @@ ./settings/configuration/user.nix ./settings/hardware/audio.nix ./settings/hardware/bare-metal.nix - ./settings/hardware/personal-computer.nix ./settings/hardware/mouse.nix ./settings/hardware/systemd-boot.nix ./settings/hardware/nvidia-gpu.nix ./settings/hardware/keyboard.nix ./settings/hardware/keyboard-lofree.nix + ./settings/hardware/trezor.nix ./settings/services/syncthing.nix - ./settings/services/zeroconf.nix + ./settings/services/virtualisation.nix ./settings/user-interface.nix ./settings/programs/base.nix - ./settings/programs/gnupg.nix ./settings/programs/kde.nix ./settings/programs/shell.nix ./settings/programs/docker.nix + ./settings/dev.nix ./settings/gaming.nix <nixos-hardware/common/cpu/amd> <nixos-hardware/common/cpu/amd/pstate.nix> @@ -32,6 +32,26 @@ <nixos-hardware/common/gpu/nvidia> ]; + virtualisation.vmVariant = { + disabledModules = [ + ./settings/hardware/nvidia-gpu.nix + ./settings/hardware/bare-metal.nix + ./settings/gaming.nix + ./settings/user-interface.nix + ./settings/programs/kde.nix + <nixos-hardware/common/cpu/amd> + <nixos-hardware/common/cpu/amd/pstate.nix> + <nixos-hardware/common/pc/ssd> + <nixos-hardware/common/pc> + <nixos-hardware/common/gpu/nvidia> + ]; + services.qemuGuest.enable = true; + virtualisation = { + memorySize = 4096; + cores = 4; + }; + }; + nixpkgs.hostPlatform = "x86_64-linux"; services.xserver.screenSection = '' @@ -45,9 +65,6 @@ user = "alan"; enable = true; }; - services.displayManager.sddm = { - enableHidpi = false; - }; boot.kernelPackages = pkgs.linuxPackages_xanmod; boot.extraModulePackages = with config.boot.kernelPackages; [ @@ -107,40 +124,80 @@ }; systemd.network = { - enable = true; networks."40-enp7s0" = { + matchConfig = { + Name = "enp7s0"; + }; dhcpV4Config = { - UseDNS = true; + UseDomains = true; + }; + dhcpV6Config = { + UseDomains = true; }; ipv6AcceptRAConfig = { - UseDNS = true; + UseDomains = true; + }; + networkConfig = { + MulticastDNS = true; }; }; }; networking = { + hostName = "prefect"; useDHCP = false; useNetworkd = true; interfaces.enp7s0 = { useDHCP = true; }; + hosts = { + "fd7a:115c:a1e0::53" = [ "tailscale" "ts" ]; + }; + + nftables = { + enable = true; + }; + firewall = { + extraInputRules = '' + ip saddr 10.0.0.0/8 accept + ip6 saddr { fd00::/8, fe80::/10 } accept + ''; + }; }; - networking.nftables = { - enable = true; - }; - networking.firewall = { - allowedTCPPorts = [ 80 443 139 445 1024 ]; - extraInputRules = '' - ip saddr 10.0.0.0/8 accept - ip6 saddr { fd00::/8, fe80::/10 } accept - ''; + + services.resolved = { + llmnr = "false"; + dnssec = "true"; }; - networking = { - hostName = "prefect"; + services.tailscale = { + enable = true; + extraUpFlags = [ + "--accept-dns=true" + "--accept-routes=false" + ]; }; system.stateVersion = "23.05"; + security.pki.certificates = [ + '' + -----BEGIN CERTIFICATE----- + MIIBozCCAUqgAwIBAgIRAJ1slNK3lsucmYYUbtGRUvswCgYIKoZIzj0EAwIwMDEu + MCwGA1UEAxMlQ2FkZHkgTG9jYWwgQXV0aG9yaXR5IC0gMjAyNCBFQ0MgUm9vdDAe + Fw0yNDA2MjYxNTM3MTJaFw0zNDA1MDUxNTM3MTJaMDAxLjAsBgNVBAMTJUNhZGR5 + IExvY2FsIEF1dGhvcml0eSAtIDIwMjQgRUNDIFJvb3QwWTATBgcqhkjOPQIBBggq + hkjOPQMBBwNCAAR1fc1TOhp9oNy/p40BfUd+E13b1/URwwocuZ5w0SKHTE/t8Hp+ + 7Zd9ZTYvQ7WxFfaVxmBCcFMUJsTm7bbYTEvlo0UwQzAOBgNVHQ8BAf8EBAMCAQYw + EgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUcnlbpAM2ZCRsiCzdFiM5EjCm + aoEwCgYIKoZIzj0EAwIDRwAwRAIgcKf3vRiF87G0r2+vgBbyfWo4D2TDQWkSrfek + Q0f1Q5UCIEmyeqrifbp5JnZqtm3IlGVIEQcUeVygqnV/xW3xCAgT + -----END CERTIFICATE----- + '' + ]; + networking.hosts = { + "127.0.0.80" = [ "alanpearce.test" "alanpearce.localhost" ]; + }; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; nix.settings.trusted-users = [ "root" "nixremote" ]; services.displayManager.hiddenUsers = [ "nixremote" ]; |