From 24725d02174345af3a5865bbef43617c59e4c4f0 Mon Sep 17 00:00:00 2001 From: Don Harper Date: Wed, 3 Apr 2024 16:03:23 -0500 Subject: [PATCH] Updated new config for use on servers --- flake.nix | 4 +++ hosts/fred/default.nix | 1 + hosts/server/default.nix | 51 ++++++++++++++++++++++++++++++++--- hosts/workstation/default.nix | 1 + 4 files changed, 53 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index 63123ad..7c7a2e7 100644 --- a/flake.nix +++ b/flake.nix @@ -87,6 +87,10 @@ modules = [ ./hosts/display ]; specialArgs = { inherit inputs outputs; }; }; + fred = lib.nixosSystem { + modules = [ ./hosts/fred ]; + specialArgs = { inherit inputs outputs; }; + }; harper2 = lib.nixosSystem { modules = [ ./hosts/harper2 ]; specialArgs = { inherit inputs outputs; }; diff --git a/hosts/fred/default.nix b/hosts/fred/default.nix index 3044397..8306b5c 100644 --- a/hosts/fred/default.nix +++ b/hosts/fred/default.nix @@ -4,6 +4,7 @@ imports = [ ./hardware-configuration.nix + ../server ./podman.nix ]; networking.hostName = "fred"; diff --git a/hosts/server/default.nix b/hosts/server/default.nix index 90e104d..1dff141 100644 --- a/hosts/server/default.nix +++ b/hosts/server/default.nix @@ -3,7 +3,7 @@ let my-python-packages = python-packages: with python-packages; [ pip - pipx + # pipx python-dateutil setuptools requests @@ -31,18 +31,31 @@ in ./upgrade-diff.nix ]; + # Enable networking networking.networkmanager.enable = true; networking.enableIPv6 = true; networking.useDHCP = false; + # Set your time zone. time = { timeZone = "America/Chicago"; hardwareClockInLocalTime = false; }; - i18n.defaultLocale = "en_US.utf8"; + # Select internationalisation properties. + i18n.defaultLocale = "en_US.utf8"; + i18n.inputMethod = { + enabled = "fcitx5"; + fcitx5.addons = with pkgs; [ + fcitx5-mozc + fcitx5-gtk + ]; + }; + + # Bootloader. boot = { + kernelPackages = pkgs.linuxPackages_latest; kernelParams = [ "consoleblank=60" ]; loader = { systemd-boot = { @@ -63,6 +76,9 @@ in }; security = { + polkit = { + enable = true; + }; sudo.enable = false; doas = { enable = true; @@ -78,6 +94,13 @@ in pcscd = { enable = true; }; + avahi = { + enable = true; + nssmdns4 = true; + }; + printing = { + enable = true; + }; udisks2 = { enable = true; }; @@ -168,15 +191,35 @@ in # Open ports in the firewall. networking.firewall = { - enable = false; + enable = true; + # always allow traffic from your Tailscale network trustedInterfaces = [ "tailscale0" ]; checkReversePath = "loose"; + + # allow the Tailscale UDP port through the firewall allowedUDPPorts = [ config.services.tailscale.port ]; + allowedTCPPortRanges = [ { from = 1714 ; to = 1764; } ]; + allowedUDPPortRanges = [ { from = 1714 ; to = 1764; } ]; + + # allow you to SSH in over the public internet allowedTCPPorts = [ 22 ]; + interfaces = { + "tailscale0" = { + allowedTCPPorts = [ 22 8080 8443 ]; + allowedTCPPortRanges = [ { from = 1714 ; to = 1764; } ]; + allowedUDPPortRanges = [ { from = 1714 ; to = 1764; } ]; + }; + }; }; - system.stateVersion = "23.11"; + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leavecatenate(variables, "bootdev", bootdev) + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? programs.msmtp = { enable = true; accounts = { diff --git a/hosts/workstation/default.nix b/hosts/workstation/default.nix index ad2e6ed..4a8aaf0 100644 --- a/hosts/workstation/default.nix +++ b/hosts/workstation/default.nix @@ -218,6 +218,7 @@ in isync libsForQt5.qtkeychain lsb-release + lsof pkg-config playerctl poppler_utils