index on master: 089ce7e
ssh: lester:nix-system-nix failed
parent
089ce7e6a3
commit
46d0f926f3
|
@ -0,0 +1,4 @@
|
||||||
|
{
|
||||||
|
"$schema": "https://raw.githubusercontent.com/sumneko/vscode-lua/master/setting/schema.json",
|
||||||
|
"Lua.workspace.checkThirdParty": false
|
||||||
|
}
|
|
@ -2,9 +2,9 @@
|
||||||
let
|
let
|
||||||
hostname = specialArgs.hostname;
|
hostname = specialArgs.hostname;
|
||||||
enableSSH = specialArgs.enableSSH or true;
|
enableSSH = specialArgs.enableSSH or true;
|
||||||
networking = { hostName = hostname; } // (specialArgs.networking or { });
|
_networking = { hostName = hostname; } // (specialArgs._networking or { });
|
||||||
boot = specialArgs.boot or { };
|
_boot = specialArgs._boot or { };
|
||||||
services = specialArgs.services or { };
|
_services = specialArgs._services or { };
|
||||||
includeHardware = specialArgs.includeHardware or true;
|
includeHardware = specialArgs.includeHardware or true;
|
||||||
in
|
in
|
||||||
with lib;
|
with lib;
|
||||||
|
@ -14,7 +14,7 @@ with lib;
|
||||||
] else [ ]) ++ [
|
] else [ ]) ++ [
|
||||||
"${modulesPath}/profiles/minimal.nix"
|
"${modulesPath}/profiles/minimal.nix"
|
||||||
];
|
];
|
||||||
inherit boot;
|
boot = _boot;
|
||||||
|
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
# users.users.<defaultUser>.uid = 1000;
|
# users.users.<defaultUser>.uid = 1000;
|
||||||
|
@ -56,7 +56,7 @@ with lib;
|
||||||
];
|
];
|
||||||
# tailscale is mandatory : ^)
|
# tailscale is mandatory : ^)
|
||||||
# inherit services;
|
# inherit services;
|
||||||
services = services // {
|
services = _services // {
|
||||||
tailscale.enable = true;
|
tailscale.enable = true;
|
||||||
};
|
};
|
||||||
# create a oneshot job to authenticate to Tailscale
|
# create a oneshot job to authenticate to Tailscale
|
||||||
|
@ -89,23 +89,25 @@ with lib;
|
||||||
};
|
};
|
||||||
# Don't touch networking.firewall.enable, just configure everything else.
|
# Don't touch networking.firewall.enable, just configure everything else.
|
||||||
# inherit networking;
|
# inherit networking;
|
||||||
networking = networking // {
|
# inherit _networking;
|
||||||
firewall = (networking.firewall.enable and {
|
networking = _networking // {
|
||||||
trustedInterfaces = networking.firewall.trustedInterfaces or [ ] ++ [
|
firewall =
|
||||||
"tailscale0"
|
if _networking.firewall.enable ? false then {
|
||||||
];
|
trustedInterfaces = _networking.firewall.trustedInterfaces or [ ] ++ [
|
||||||
allowedUDPPorts = networking.firewall.allowedUDPPorts or [ ] ++ [
|
"tailscale0"
|
||||||
config.services.tailscale.port
|
];
|
||||||
];
|
allowedUDPPorts = _networking.firewall.allowedUDPPorts or [ ] ++ [
|
||||||
allowedTCPPorts = networking.firewall.allowedTCPPorts or [ ] ++ [
|
config.services.tailscale.port
|
||||||
22
|
];
|
||||||
];
|
allowedTCPPorts = _networking.firewall.allowedTCPPorts or [ ] ++ [
|
||||||
allowedUDPPortRanges = networking.firewall.allowedUDPPortRanges or [ ] ++ [
|
22
|
||||||
{ from = 60000; to = 61000; } # mosh
|
];
|
||||||
|
allowedUDPPortRanges = _networking.firewall.allowedUDPPortRanges or [ ] ++ [
|
||||||
|
{ from = 60000; to = 61000; } # mosh
|
||||||
|
|
||||||
];
|
];
|
||||||
checkReversePath = "loose";
|
checkReversePath = "loose";
|
||||||
}) or {};
|
} else { enable = false; };
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
# includeHardware = false;
|
# includeHardware = false;
|
||||||
hostname = "Felia";
|
hostname = "Felia";
|
||||||
services.openssh = {
|
_services.openssh = {
|
||||||
permitRootLogin = "no";
|
permitRootLogin = "no";
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
|
@ -31,7 +31,7 @@
|
||||||
];
|
];
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
hostname = "lizzi";
|
hostname = "lizzi";
|
||||||
networking = {
|
_networking = {
|
||||||
interfaces.eth1.ipv4.addresses = [{
|
interfaces.eth1.ipv4.addresses = [{
|
||||||
address = "71.0.0.1";
|
address = "71.0.0.1";
|
||||||
prefixLength = 24;
|
prefixLength = 24;
|
||||||
|
@ -54,13 +54,13 @@
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
interfaces.eth0.useDHCP = true;
|
interfaces.eth0.useDHCP = true;
|
||||||
};
|
};
|
||||||
boot.loader.grub.enable = true;
|
_boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.version = 2;
|
_boot.loader.grub.version = 2;
|
||||||
services.openssh = {
|
_services.openssh = {
|
||||||
permitRootLogin = "no";
|
permitRootLogin = "no";
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
services.gitea = {
|
_services.gitea = {
|
||||||
enable = true;
|
enable = true;
|
||||||
stateDir = "/gitea";
|
stateDir = "/gitea";
|
||||||
rootUrl = "https://git.pegasust.com";
|
rootUrl = "https://git.pegasust.com";
|
||||||
|
@ -71,7 +71,7 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services.nginx = {
|
_services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
clientMaxBodySize = "100m"; # Allow big file transfers over git :^)
|
clientMaxBodySize = "100m"; # Allow big file transfers over git :^)
|
||||||
recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
|
@ -95,14 +95,14 @@
|
||||||
];
|
];
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
hostname = "lester";
|
hostname = "lester";
|
||||||
networking = {
|
_networking = {
|
||||||
firewall.enable = true;
|
firewall.enable = true;
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
interfaces.eth0.useDHCP = true;
|
interfaces.eth0.useDHCP = true;
|
||||||
};
|
};
|
||||||
boot.loader.grub.enable = true;
|
_boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.version = 2;
|
_boot.loader.grub.version = 2;
|
||||||
services.openssh = {
|
_services.openssh = {
|
||||||
permitRootLogin = "no";
|
permitRootLogin = "no";
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
|
@ -115,7 +115,7 @@
|
||||||
];
|
];
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
hostname = "nyx";
|
hostname = "nyx";
|
||||||
networking = {
|
_networking = {
|
||||||
interfaces.eth1.ipv4.addresses = [{
|
interfaces.eth1.ipv4.addresses = [{
|
||||||
address = "71.0.0.2";
|
address = "71.0.0.2";
|
||||||
prefixLength = 24;
|
prefixLength = 24;
|
||||||
|
@ -124,9 +124,9 @@
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
interfaces.eth0.useDHCP = true;
|
interfaces.eth0.useDHCP = true;
|
||||||
};
|
};
|
||||||
boot.loader.grub.enable = true;
|
_boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.version = 2;
|
_boot.loader.grub.version = 2;
|
||||||
services.openssh = {
|
_services.openssh = {
|
||||||
permitRootLogin = "no";
|
permitRootLogin = "no";
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue