From 46d0f926f326d8661e0fc570ca5ad895aaba37d0 Mon Sep 17 00:00:00 2001 From: pegasust Date: Fri, 25 Nov 2022 22:39:32 -0700 Subject: [PATCH] index on master: 089ce7e ssh: lester:nix-system-nix failed --- .luarc.json | 4 ++++ system-nix/configuration.nix | 44 +++++++++++++++++++----------------- system-nix/flake.nix | 30 ++++++++++++------------ 3 files changed, 42 insertions(+), 36 deletions(-) create mode 100644 .luarc.json diff --git a/.luarc.json b/.luarc.json new file mode 100644 index 0000000..e1b9d70 --- /dev/null +++ b/.luarc.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://raw.githubusercontent.com/sumneko/vscode-lua/master/setting/schema.json", + "Lua.workspace.checkThirdParty": false +} \ No newline at end of file diff --git a/system-nix/configuration.nix b/system-nix/configuration.nix index e11338d..972a6fa 100755 --- a/system-nix/configuration.nix +++ b/system-nix/configuration.nix @@ -2,9 +2,9 @@ let hostname = specialArgs.hostname; enableSSH = specialArgs.enableSSH or true; - networking = { hostName = hostname; } // (specialArgs.networking or { }); - boot = specialArgs.boot or { }; - services = specialArgs.services or { }; + _networking = { hostName = hostname; } // (specialArgs._networking or { }); + _boot = specialArgs._boot or { }; + _services = specialArgs._services or { }; includeHardware = specialArgs.includeHardware or true; in with lib; @@ -14,7 +14,7 @@ with lib; ] else [ ]) ++ [ "${modulesPath}/profiles/minimal.nix" ]; - inherit boot; + boot = _boot; system.stateVersion = "22.05"; # users.users..uid = 1000; @@ -56,7 +56,7 @@ with lib; ]; # tailscale is mandatory : ^) # inherit services; - services = services // { + services = _services // { tailscale.enable = true; }; # create a oneshot job to authenticate to Tailscale @@ -89,23 +89,25 @@ with lib; }; # Don't touch networking.firewall.enable, just configure everything else. # inherit networking; - networking = networking // { - firewall = (networking.firewall.enable and { - trustedInterfaces = networking.firewall.trustedInterfaces or [ ] ++ [ - "tailscale0" - ]; - allowedUDPPorts = networking.firewall.allowedUDPPorts or [ ] ++ [ - config.services.tailscale.port - ]; - allowedTCPPorts = networking.firewall.allowedTCPPorts or [ ] ++ [ - 22 - ]; - allowedUDPPortRanges = networking.firewall.allowedUDPPortRanges or [ ] ++ [ - { from = 60000; to = 61000; } # mosh + # inherit _networking; + networking = _networking // { + firewall = + if _networking.firewall.enable ? false then { + trustedInterfaces = _networking.firewall.trustedInterfaces or [ ] ++ [ + "tailscale0" + ]; + allowedUDPPorts = _networking.firewall.allowedUDPPorts or [ ] ++ [ + config.services.tailscale.port + ]; + allowedTCPPorts = _networking.firewall.allowedTCPPorts or [ ] ++ [ + 22 + ]; + allowedUDPPortRanges = _networking.firewall.allowedUDPPortRanges or [ ] ++ [ + { from = 60000; to = 61000; } # mosh - ]; - checkReversePath = "loose"; - }) or {}; + ]; + checkReversePath = "loose"; + } else { enable = false; }; }; } diff --git a/system-nix/flake.nix b/system-nix/flake.nix index c2acf60..cefd18a 100644 --- a/system-nix/flake.nix +++ b/system-nix/flake.nix @@ -17,7 +17,7 @@ specialArgs = { # includeHardware = false; hostname = "Felia"; - services.openssh = { + _services.openssh = { permitRootLogin = "no"; enable = true; }; @@ -31,7 +31,7 @@ ]; specialArgs = { hostname = "lizzi"; - networking = { + _networking = { interfaces.eth1.ipv4.addresses = [{ address = "71.0.0.1"; prefixLength = 24; @@ -54,13 +54,13 @@ useDHCP = false; interfaces.eth0.useDHCP = true; }; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - services.openssh = { + _boot.loader.grub.enable = true; + _boot.loader.grub.version = 2; + _services.openssh = { permitRootLogin = "no"; enable = true; }; - services.gitea = { + _services.gitea = { enable = true; stateDir = "/gitea"; rootUrl = "https://git.pegasust.com"; @@ -71,7 +71,7 @@ }; }; }; - services.nginx = { + _services.nginx = { enable = true; clientMaxBodySize = "100m"; # Allow big file transfers over git :^) recommendedGzipSettings = true; @@ -95,14 +95,14 @@ ]; specialArgs = { hostname = "lester"; - networking = { + _networking = { firewall.enable = true; useDHCP = false; interfaces.eth0.useDHCP = true; }; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - services.openssh = { + _boot.loader.grub.enable = true; + _boot.loader.grub.version = 2; + _services.openssh = { permitRootLogin = "no"; enable = true; }; @@ -115,7 +115,7 @@ ]; specialArgs = { hostname = "nyx"; - networking = { + _networking = { interfaces.eth1.ipv4.addresses = [{ address = "71.0.0.2"; prefixLength = 24; @@ -124,9 +124,9 @@ useDHCP = false; interfaces.eth0.useDHCP = true; }; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - services.openssh = { + _boot.loader.grub.enable = true; + _boot.loader.grub.version = 2; + _services.openssh = { permitRootLogin = "no"; enable = true; };