Clean up

2024-06-16 05:12:36 +03:00 · 2024-06-16 05:12:36 +03:00 · 101a66776f
commit 101a66776f
parent ecebe6e4de
2 changed files with 57 additions and 51 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -134,9 +134,42 @@
    networkmanager.enable = true;
    nameservers = [
      "127.0.0.1"
+
+      # cloudflare
      "1.1.1.1"
-      "1.0.0.1" # cloudflare
+      "1.0.0.1"
    ];
+
+    firewall = {
+      enable = true;
+      allowedUDPPortRanges = with config.services.coturn; [
+        {
+          from = min-port;
+          to = max-port;
+        }
+      ];
+      allowedUDPPorts = [
+        config.services.blocky.settings.ports.dns
+
+        # coturn
+        3478
+        5349
+      ];
+      allowedTCPPorts = [
+        config.services.blocky.settings.ports.dns
+
+        # HTTP/HTTPS
+        80
+        443
+
+        # coturn
+        3478
+        5349
+
+        settings.ports.privoxy
+        config.services.forgejo.settings.server.SSH_PORT
+      ];
+    };
  };

  time.timeZone = "Europe/Tallinn";
@ -167,7 +200,6 @@
      package = config.boot.kernelPackages.nvidiaPackages.stable;
      modesetting.enable = true;
      open = false;
-      nvidiaSettings = true;
    };
    nvidia-container-toolkit.enable = true;
  };
@ -190,7 +222,9 @@
    ssh.startAgent = true;
  };

-  security.acme = {
+  security = {
+    sudo.wheelNeedsPassword = false;
+    acme = {
      acceptTerms = true;
      defaults.email = "ssl@catnip.ee";

@ -202,6 +236,7 @@
        };
      };
    };
+  };

  services = {
    confess-web = {
@ -763,35 +798,6 @@
    };
  };

-  networking.firewall = {
-    enable = true;
-    allowedUDPPortRanges = with config.services.coturn; [{
-      from = min-port;
-      to = max-port;
-    }];
-    allowedUDPPorts = [
-      config.services.blocky.settings.ports.dns
-
-      # coturn
-      3478
-      5349
-    ];
-    allowedTCPPorts = [
-      config.services.blocky.settings.ports.dns
-
-      # HTTP/HTTPS
-      80
-      443
-
-      # coturn
-      3478
-      5349
-
-      settings.ports.privoxy
-      config.services.forgejo.settings.server.SSH_PORT
-    ];
-  };
-
  users = {
    defaultUserShell = pkgs.fish;

@ -805,8 +811,8 @@
        isNormalUser = true;
        extraGroups = [ "networkmanager" "wheel" "docker" ];
        openssh.authorizedKeys.keys = [
-          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDhXnulnINZ/hBBwHhzl35UsFcFUwxwaaFVFwCgIgOHmlJhknhpq5UQDbV6JoouFMgN48uBDD5/vcYjvS0UYFMBTox0MmJK+Yt4AnNusHkf8j1XCiXxHsicQilxJgu7yZJJRd2TAIqWlautW+VjuXOssN08x0pvtiupefDz6Li7A4SnS1iGsNTgypJaemquEYRge3hC043kaubuSgqNKknK65zA9aLp9h31r9W5K6N+k+ll+TPyyWZdsJMnaqWmoIS1+fpAdG5wMPZbR503dLPFzdprwy8FSoTzkD8aKyEdtzzQboS3b7s2DfFvOy3uoKy5bcMOl6Fm1dos90TFiOjCQmF9+WKG8qteeAtizd04Fmi8JRipODCgkvDFj8YAHaB2w5+xNpCYwJTOdHQZflOo25725aIDXZ2afg3evSdVZgJ0PPiWs6fnJMqbJCrzLsBxfN7vAbWzHHTBIuXrtidwY/x/XTs5n4mm4OukyOQF5YjYXy39WIlzjk3uMR0m8ec= lain@navi"
-          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTbuZLmu2F2EWMl1cXwZqYQwuFDyMyPf+d6MospDs+UaFzKFJdtDlb5+uFkkz9gHf8rCBOnXi6bLGgZNxUhTgEBka0RQVCIqRDjOJAWtwG0zLg/mQ9c1Ug2/9kH/PRjy+GGGzz3GVw7HNZNUjAkNr/kIX4t0L8uBqqkgcM/woBH8S/rV3Xs30XWi9mNkx1J4Z5fqtBBeF2GAd02i2PsUMnGfZSwwJy3mhBhI+Vw5mtsS1QJWd9LrsRfLbtzVHWm4MGr3O0F34ij8BV1uzaHfopn0vKilI/dq8HfjuYjKr33CB5f3C1OdcuFfwqE3ZDxZcaOshqXimt9MrYLXaMv0i7I7a3r33ij2hl9d9oh3Z72yt+wAAdgTJ23Xrwzr4P9Iu4BsayG5bQC6IVLv3Eef5TcPKSXmmtCr2hFLYUMQmlPptrUOf1tmB/7oYo3vJe2cz07PxuxZZ20F3MXugoUTfsnuwAH2chT4xL/TnS4Kbs12QoPFjdG1v/0Z8fVD1ysoU= mina@navi"
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDhXnulnINZ/hBBwHhzl35UsFcFUwxwaaFVFwCgIgOHmlJhknhpq5UQDbV6JoouFMgN48uBDD5/vcYjvS0UYFMBTox0MmJK+Yt4AnNusHkf8j1XCiXxHsicQilxJgu7yZJJRd2TAIqWlautW+VjuXOssN08x0pvtiupefDz6Li7A4SnS1iGsNTgypJaemquEYRge3hC043kaubuSgqNKknK65zA9aLp9h31r9W5K6N+k+ll+TPyyWZdsJMnaqWmoIS1+fpAdG5wMPZbR503dLPFzdprwy8FSoTzkD8aKyEdtzzQboS3b7s2DfFvOy3uoKy5bcMOl6Fm1dos90TFiOjCQmF9+WKG8qteeAtizd04Fmi8JRipODCgkvDFj8YAHaB2w5+xNpCYwJTOdHQZflOo25725aIDXZ2afg3evSdVZgJ0PPiWs6fnJMqbJCrzLsBxfN7vAbWzHHTBIuXrtidwY/x/XTs5n4mm4OukyOQF5YjYXy39WIlzjk3uMR0m8ec= lain@navi" # desktop
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTbuZLmu2F2EWMl1cXwZqYQwuFDyMyPf+d6MospDs+UaFzKFJdtDlb5+uFkkz9gHf8rCBOnXi6bLGgZNxUhTgEBka0RQVCIqRDjOJAWtwG0zLg/mQ9c1Ug2/9kH/PRjy+GGGzz3GVw7HNZNUjAkNr/kIX4t0L8uBqqkgcM/woBH8S/rV3Xs30XWi9mNkx1J4Z5fqtBBeF2GAd02i2PsUMnGfZSwwJy3mhBhI+Vw5mtsS1QJWd9LrsRfLbtzVHWm4MGr3O0F34ij8BV1uzaHfopn0vKilI/dq8HfjuYjKr33CB5f3C1OdcuFfwqE3ZDxZcaOshqXimt9MrYLXaMv0i7I7a3r33ij2hl9d9oh3Z72yt+wAAdgTJ23Xrwzr4P9Iu4BsayG5bQC6IVLv3Eef5TcPKSXmmtCr2hFLYUMQmlPptrUOf1tmB/7oYo3vJe2cz07PxuxZZ20F3MXugoUTfsnuwAH2chT4xL/TnS4Kbs12QoPFjdG1v/0Z8fVD1ysoU= mina@navi" # laptop
        ];
        packages = with pkgs; [
          firefox
--- a/gui.nix
+++ b/gui.nix
@ -5,10 +5,7 @@
    displayManager.sddm.enable = true;
    xserver = {
      enable = true;
-      xkb = {
-        variant = "";
-        layout = "us";
-      };
+      xkb.layout = "us";
      videoDrivers = [ "nvidia" ];

      # Enable the KDE Plasma Desktop Environment.
@ -16,16 +13,19 @@
    };
    pipewire = {
      enable = true;
-      alsa.enable = true;
-      alsa.support32Bit = true;
+      alsa = {
+        enable = true;
+        support32Bit = true;
+      };
+
      pulse.enable = true;
    };
  };

  sound.enable = true;
-  hardware.pulseaudio.enable = false;
-  security = {
-    sudo.wheelNeedsPassword = false;
-    rtkit.enable = true;
+  security.rtkit.enable = true;
+  hardware = {
+    nvidia.nvidiaSettings = true;
+    pulseaudio.enable = false;
  };
 }