batteredbunny/server.nix
1
0
Fork 0
Code Issues 11 Pull requests Projects Releases Packages Wiki Activity Actions

Clean up

Browse source
This commit is contained in:
batteredbunny 2024-06-16 05:12:36 +03:00
parent ecebe6e4de
commit 101a66776f
2 changed files with 57 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

88
configuration.nix
View file

@ -134,9 +134,42 @@
networkmanager.enable = true; networkmanager.enable = true;
nameservers = [ nameservers = [
"127.0.0.1" "127.0.0.1"
# cloudflare
"1.1.1.1" "1.1.1.1"
"1.0.0.1" # cloudflare "1.0.0.1"
]; ];
firewall = {
enable = true;
allowedUDPPortRanges = with config.services.coturn; [
{
from = min-port;
to = max-port;
}
];
allowedUDPPorts = [
config.services.blocky.settings.ports.dns
# coturn
3478
5349
];
allowedTCPPorts = [
config.services.blocky.settings.ports.dns
# HTTP/HTTPS
80
443
# coturn
3478
5349
settings.ports.privoxy
config.services.forgejo.settings.server.SSH_PORT
];
};
}; };
time.timeZone = "Europe/Tallinn"; time.timeZone = "Europe/Tallinn";
@ -167,7 +200,6 @@
package = config.boot.kernelPackages.nvidiaPackages.stable; package = config.boot.kernelPackages.nvidiaPackages.stable;
modesetting.enable = true; modesetting.enable = true;
open = false; open = false;
nvidiaSettings = true;
}; };
nvidia-container-toolkit.enable = true; nvidia-container-toolkit.enable = true;
}; };
@ -190,15 +222,18 @@
ssh.startAgent = true; ssh.startAgent = true;
}; };
security.acme = { security = {
acceptTerms = true; sudo.wheelNeedsPassword = false;
defaults.email = "ssl@catnip.ee"; acme = {
acceptTerms = true;
defaults.email = "ssl@catnip.ee";
certs = { certs = {
${config.services.coturn.realm} = { ${config.services.coturn.realm} = {
webroot = settings.turnAcmeDir; webroot = settings.turnAcmeDir;
postRun = "systemctl restart coturn.service"; postRun = "systemctl restart coturn.service";
group = config.systemd.services.coturn.serviceConfig.Group; group = config.systemd.services.coturn.serviceConfig.Group;
};
}; };
}; };
}; };
@ -763,35 +798,6 @@
}; };
}; };
networking.firewall = {
enable = true;
allowedUDPPortRanges = with config.services.coturn; [{
from = min-port;
to = max-port;
}];
allowedUDPPorts = [
config.services.blocky.settings.ports.dns
# coturn
3478
5349
];
allowedTCPPorts = [
config.services.blocky.settings.ports.dns
# HTTP/HTTPS
80
443
# coturn
3478
5349
settings.ports.privoxy
config.services.forgejo.settings.server.SSH_PORT
];
};
users = { users = {
defaultUserShell = pkgs.fish; defaultUserShell = pkgs.fish;
@ -805,8 +811,8 @@
isNormalUser = true; isNormalUser = true;
extraGroups = [ "networkmanager" "wheel" "docker" ]; extraGroups = [ "networkmanager" "wheel" "docker" ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDhXnulnINZ/hBBwHhzl35UsFcFUwxwaaFVFwCgIgOHmlJhknhpq5UQDbV6JoouFMgN48uBDD5/vcYjvS0UYFMBTox0MmJK+Yt4AnNusHkf8j1XCiXxHsicQilxJgu7yZJJRd2TAIqWlautW+VjuXOssN08x0pvtiupefDz6Li7A4SnS1iGsNTgypJaemquEYRge3hC043kaubuSgqNKknK65zA9aLp9h31r9W5K6N+k+ll+TPyyWZdsJMnaqWmoIS1+fpAdG5wMPZbR503dLPFzdprwy8FSoTzkD8aKyEdtzzQboS3b7s2DfFvOy3uoKy5bcMOl6Fm1dos90TFiOjCQmF9+WKG8qteeAtizd04Fmi8JRipODCgkvDFj8YAHaB2w5+xNpCYwJTOdHQZflOo25725aIDXZ2afg3evSdVZgJ0PPiWs6fnJMqbJCrzLsBxfN7vAbWzHHTBIuXrtidwY/x/XTs5n4mm4OukyOQF5YjYXy39WIlzjk3uMR0m8ec= lain@navi" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDhXnulnINZ/hBBwHhzl35UsFcFUwxwaaFVFwCgIgOHmlJhknhpq5UQDbV6JoouFMgN48uBDD5/vcYjvS0UYFMBTox0MmJK+Yt4AnNusHkf8j1XCiXxHsicQilxJgu7yZJJRd2TAIqWlautW+VjuXOssN08x0pvtiupefDz6Li7A4SnS1iGsNTgypJaemquEYRge3hC043kaubuSgqNKknK65zA9aLp9h31r9W5K6N+k+ll+TPyyWZdsJMnaqWmoIS1+fpAdG5wMPZbR503dLPFzdprwy8FSoTzkD8aKyEdtzzQboS3b7s2DfFvOy3uoKy5bcMOl6Fm1dos90TFiOjCQmF9+WKG8qteeAtizd04Fmi8JRipODCgkvDFj8YAHaB2w5+xNpCYwJTOdHQZflOo25725aIDXZ2afg3evSdVZgJ0PPiWs6fnJMqbJCrzLsBxfN7vAbWzHHTBIuXrtidwY/x/XTs5n4mm4OukyOQF5YjYXy39WIlzjk3uMR0m8ec= lain@navi" # desktop
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTbuZLmu2F2EWMl1cXwZqYQwuFDyMyPf+d6MospDs+UaFzKFJdtDlb5+uFkkz9gHf8rCBOnXi6bLGgZNxUhTgEBka0RQVCIqRDjOJAWtwG0zLg/mQ9c1Ug2/9kH/PRjy+GGGzz3GVw7HNZNUjAkNr/kIX4t0L8uBqqkgcM/woBH8S/rV3Xs30XWi9mNkx1J4Z5fqtBBeF2GAd02i2PsUMnGfZSwwJy3mhBhI+Vw5mtsS1QJWd9LrsRfLbtzVHWm4MGr3O0F34ij8BV1uzaHfopn0vKilI/dq8HfjuYjKr33CB5f3C1OdcuFfwqE3ZDxZcaOshqXimt9MrYLXaMv0i7I7a3r33ij2hl9d9oh3Z72yt+wAAdgTJ23Xrwzr4P9Iu4BsayG5bQC6IVLv3Eef5TcPKSXmmtCr2hFLYUMQmlPptrUOf1tmB/7oYo3vJe2cz07PxuxZZ20F3MXugoUTfsnuwAH2chT4xL/TnS4Kbs12QoPFjdG1v/0Z8fVD1ysoU= mina@navi" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTbuZLmu2F2EWMl1cXwZqYQwuFDyMyPf+d6MospDs+UaFzKFJdtDlb5+uFkkz9gHf8rCBOnXi6bLGgZNxUhTgEBka0RQVCIqRDjOJAWtwG0zLg/mQ9c1Ug2/9kH/PRjy+GGGzz3GVw7HNZNUjAkNr/kIX4t0L8uBqqkgcM/woBH8S/rV3Xs30XWi9mNkx1J4Z5fqtBBeF2GAd02i2PsUMnGfZSwwJy3mhBhI+Vw5mtsS1QJWd9LrsRfLbtzVHWm4MGr3O0F34ij8BV1uzaHfopn0vKilI/dq8HfjuYjKr33CB5f3C1OdcuFfwqE3ZDxZcaOshqXimt9MrYLXaMv0i7I7a3r33ij2hl9d9oh3Z72yt+wAAdgTJ23Xrwzr4P9Iu4BsayG5bQC6IVLv3Eef5TcPKSXmmtCr2hFLYUMQmlPptrUOf1tmB/7oYo3vJe2cz07PxuxZZ20F3MXugoUTfsnuwAH2chT4xL/TnS4Kbs12QoPFjdG1v/0Z8fVD1ysoU= mina@navi" # laptop
]; ];
packages = with pkgs; [ packages = with pkgs; [
firefox firefox

20
gui.nix
View file

@ -5,10 +5,7 @@
displayManager.sddm.enable = true; displayManager.sddm.enable = true;
xserver = { xserver = {
enable = true; enable = true;
xkb = { xkb.layout = "us";
variant = "";
layout = "us";
};
videoDrivers = [ "nvidia" ]; videoDrivers = [ "nvidia" ];
# Enable the KDE Plasma Desktop Environment. # Enable the KDE Plasma Desktop Environment.
@ -16,16 +13,19 @@
}; };
pipewire = { pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa = {
alsa.support32Bit = true; enable = true;
support32Bit = true;
};
pulse.enable = true; pulse.enable = true;
}; };
}; };
sound.enable = true; sound.enable = true;
hardware.pulseaudio.enable = false; security.rtkit.enable = true;
security = { hardware = {
sudo.wheelNeedsPassword = false; nvidia.nvidiaSettings = true;
rtkit.enable = true; pulseaudio.enable = false;
}; };
} }