index on master: 089ce7e ssh: lester:nix-system-nix failed

nix-components
pegasust 2022-11-25 22:39:32 -07:00
parent 089ce7e6a3
commit 46d0f926f3
3 changed files with 42 additions and 36 deletions

4
.luarc.json Normal file
View File

@ -0,0 +1,4 @@
{
"$schema": "https://raw.githubusercontent.com/sumneko/vscode-lua/master/setting/schema.json",
"Lua.workspace.checkThirdParty": false
}

View File

@ -2,9 +2,9 @@
let let
hostname = specialArgs.hostname; hostname = specialArgs.hostname;
enableSSH = specialArgs.enableSSH or true; enableSSH = specialArgs.enableSSH or true;
networking = { hostName = hostname; } // (specialArgs.networking or { }); _networking = { hostName = hostname; } // (specialArgs._networking or { });
boot = specialArgs.boot or { }; _boot = specialArgs._boot or { };
services = specialArgs.services or { }; _services = specialArgs._services or { };
includeHardware = specialArgs.includeHardware or true; includeHardware = specialArgs.includeHardware or true;
in in
with lib; with lib;
@ -14,7 +14,7 @@ with lib;
] else [ ]) ++ [ ] else [ ]) ++ [
"${modulesPath}/profiles/minimal.nix" "${modulesPath}/profiles/minimal.nix"
]; ];
inherit boot; boot = _boot;
system.stateVersion = "22.05"; system.stateVersion = "22.05";
# users.users.<defaultUser>.uid = 1000; # users.users.<defaultUser>.uid = 1000;
@ -56,7 +56,7 @@ with lib;
]; ];
# tailscale is mandatory : ^) # tailscale is mandatory : ^)
# inherit services; # inherit services;
services = services // { services = _services // {
tailscale.enable = true; tailscale.enable = true;
}; };
# create a oneshot job to authenticate to Tailscale # create a oneshot job to authenticate to Tailscale
@ -89,23 +89,25 @@ with lib;
}; };
# Don't touch networking.firewall.enable, just configure everything else. # Don't touch networking.firewall.enable, just configure everything else.
# inherit networking; # inherit networking;
networking = networking // { # inherit _networking;
firewall = (networking.firewall.enable and { networking = _networking // {
trustedInterfaces = networking.firewall.trustedInterfaces or [ ] ++ [ firewall =
"tailscale0" if _networking.firewall.enable ? false then {
]; trustedInterfaces = _networking.firewall.trustedInterfaces or [ ] ++ [
allowedUDPPorts = networking.firewall.allowedUDPPorts or [ ] ++ [ "tailscale0"
config.services.tailscale.port ];
]; allowedUDPPorts = _networking.firewall.allowedUDPPorts or [ ] ++ [
allowedTCPPorts = networking.firewall.allowedTCPPorts or [ ] ++ [ config.services.tailscale.port
22 ];
]; allowedTCPPorts = _networking.firewall.allowedTCPPorts or [ ] ++ [
allowedUDPPortRanges = networking.firewall.allowedUDPPortRanges or [ ] ++ [ 22
{ from = 60000; to = 61000; } # mosh ];
allowedUDPPortRanges = _networking.firewall.allowedUDPPortRanges or [ ] ++ [
{ from = 60000; to = 61000; } # mosh
]; ];
checkReversePath = "loose"; checkReversePath = "loose";
}) or {}; } else { enable = false; };
}; };
} }

View File

@ -17,7 +17,7 @@
specialArgs = { specialArgs = {
# includeHardware = false; # includeHardware = false;
hostname = "Felia"; hostname = "Felia";
services.openssh = { _services.openssh = {
permitRootLogin = "no"; permitRootLogin = "no";
enable = true; enable = true;
}; };
@ -31,7 +31,7 @@
]; ];
specialArgs = { specialArgs = {
hostname = "lizzi"; hostname = "lizzi";
networking = { _networking = {
interfaces.eth1.ipv4.addresses = [{ interfaces.eth1.ipv4.addresses = [{
address = "71.0.0.1"; address = "71.0.0.1";
prefixLength = 24; prefixLength = 24;
@ -54,13 +54,13 @@
useDHCP = false; useDHCP = false;
interfaces.eth0.useDHCP = true; interfaces.eth0.useDHCP = true;
}; };
boot.loader.grub.enable = true; _boot.loader.grub.enable = true;
boot.loader.grub.version = 2; _boot.loader.grub.version = 2;
services.openssh = { _services.openssh = {
permitRootLogin = "no"; permitRootLogin = "no";
enable = true; enable = true;
}; };
services.gitea = { _services.gitea = {
enable = true; enable = true;
stateDir = "/gitea"; stateDir = "/gitea";
rootUrl = "https://git.pegasust.com"; rootUrl = "https://git.pegasust.com";
@ -71,7 +71,7 @@
}; };
}; };
}; };
services.nginx = { _services.nginx = {
enable = true; enable = true;
clientMaxBodySize = "100m"; # Allow big file transfers over git :^) clientMaxBodySize = "100m"; # Allow big file transfers over git :^)
recommendedGzipSettings = true; recommendedGzipSettings = true;
@ -95,14 +95,14 @@
]; ];
specialArgs = { specialArgs = {
hostname = "lester"; hostname = "lester";
networking = { _networking = {
firewall.enable = true; firewall.enable = true;
useDHCP = false; useDHCP = false;
interfaces.eth0.useDHCP = true; interfaces.eth0.useDHCP = true;
}; };
boot.loader.grub.enable = true; _boot.loader.grub.enable = true;
boot.loader.grub.version = 2; _boot.loader.grub.version = 2;
services.openssh = { _services.openssh = {
permitRootLogin = "no"; permitRootLogin = "no";
enable = true; enable = true;
}; };
@ -115,7 +115,7 @@
]; ];
specialArgs = { specialArgs = {
hostname = "nyx"; hostname = "nyx";
networking = { _networking = {
interfaces.eth1.ipv4.addresses = [{ interfaces.eth1.ipv4.addresses = [{
address = "71.0.0.2"; address = "71.0.0.2";
prefixLength = 24; prefixLength = 24;
@ -124,9 +124,9 @@
useDHCP = false; useDHCP = false;
interfaces.eth0.useDHCP = true; interfaces.eth0.useDHCP = true;
}; };
boot.loader.grub.enable = true; _boot.loader.grub.enable = true;
boot.loader.grub.version = 2; _boot.loader.grub.version = 2;
services.openssh = { _services.openssh = {
permitRootLogin = "no"; permitRootLogin = "no";
enable = true; enable = true;
}; };