.luarc.json

@@ -1,4 +0,0 @@
-{
-    "$schema": "https://raw.githubusercontent.com/sumneko/vscode-lua/master/setting/schema.json",
-    "Lua.workspace.checkThirdParty": false
-}

ssh/config

@@ -26,7 +26,13 @@ Host nioma
     IdentityFile ~/.ssh/free-aws.pem
     Port 22
 
-# NixOS Pegasust-gh@Linode
+# Ubuntu 22.04 LTS Pegasust@Linode
+Host ocolo-lab
+    HostName ocolo.pegasust.com
+    User root
+    Port 22
+
+# NixOS Pegasust@Linode
 Host nyx
     HostName nyx.pegasust.com
     User hungtr
@@ -37,9 +43,14 @@ Host lizzi
     User hungtr
     Port 22
 
-# Ubuntu 4G Pegasust-gh@Linode
 Host ash
     HostName 192.155.95.41
     User hungtr
     Port 22
 
+Host lester
+    HostName 139.144.185.207
+    User hungtr
+    Port 22
+
+

system-nix/configuration.nix

@@ -2,9 +2,9 @@
 let
   hostname = specialArgs.hostname;
   enableSSH = specialArgs.enableSSH or true;
-  _networking = { hostName = hostname; } // (specialArgs._networking or { });
+  networking = { hostName = hostname; } // (specialArgs.networking or { });
-  _boot = specialArgs._boot or { };
+  boot = specialArgs.boot or { };
-  _services = specialArgs._services or { };
+  services = specialArgs.services or { };
   includeHardware = specialArgs.includeHardware or true;
 in
 with lib;
@@ -14,7 +14,7 @@ with lib;
   ] else [ ]) ++ [
     "${modulesPath}/profiles/minimal.nix"
   ];
-  boot = _boot;
+  inherit boot;
 
   system.stateVersion = "22.05";
   # users.users.<defaultUser>.uid = 1000;
@@ -56,7 +56,7 @@ with lib;
   ];
   # tailscale is mandatory : ^)
   # inherit services;
-  services = _services // {
+  services = services // {
     tailscale.enable = true;
   };
   # create a oneshot job to authenticate to Tailscale
@@ -89,25 +89,23 @@ with lib;
   };
   # Don't touch networking.firewall.enable, just configure everything else.
   # inherit networking;
-  # inherit _networking;
+  networking = networking // {
-  networking = _networking // {
+    firewall = (networking.firewall.enable and {
-    firewall =
+      trustedInterfaces = networking.firewall.trustedInterfaces or [ ] ++ [
-      if _networking.firewall.enable ? false then {
-        trustedInterfaces = _networking.firewall.trustedInterfaces or [ ] ++ [
         "tailscale0"
       ];
-        allowedUDPPorts = _networking.firewall.allowedUDPPorts or [ ] ++ [
+      allowedUDPPorts = networking.firewall.allowedUDPPorts or [ ] ++ [
         config.services.tailscale.port
       ];
-        allowedTCPPorts = _networking.firewall.allowedTCPPorts or [ ] ++ [
+      allowedTCPPorts = networking.firewall.allowedTCPPorts or [ ] ++ [
         22
       ];
-        allowedUDPPortRanges = _networking.firewall.allowedUDPPortRanges or [ ] ++ [
+      allowedUDPPortRanges = networking.firewall.allowedUDPPortRanges or [ ] ++ [
         { from = 60000; to = 61000; } # mosh
 
       ];
       checkReversePath = "loose";
-      } else { enable = false; };
+    }) or {};
   };
 
 }

system-nix/flake.nix

@@ -17,7 +17,7 @@
         specialArgs = {
           # includeHardware = false;
           hostname = "Felia";
-          _services.openssh = {
+          services.openssh = {
             permitRootLogin = "no";
             enable = true;
           };
@@ -31,25 +31,36 @@
         ];
         specialArgs = {
           hostname = "lizzi";
-          _networking = {
+          networking = {
             interfaces.eth1.ipv4.addresses = [{
               address = "71.0.0.1";
               prefixLength = 24;
             }];
             firewall = {
               enable = false;
-              allowedTCPPorts = [ 80 443 ];
+              # Also wishing for nix-lsp to be a bit better here
+              # A man can only pray and cry
+              # How would we add such functionality to nix-lsp if nix is 
+              # inherently lazy?
+              #
+              # Can use the schema, maybe?
+              #
+              # Also wishing on the ability for services to declare their
+              # own ports now
+              #
+              # Maybe write a mkService?
+              allowedTCPPorts = [80 443];
             };
             useDHCP = false;
             interfaces.eth0.useDHCP = true;
           };
-          _boot.loader.grub.enable = true;
+          boot.loader.grub.enable = true;
-          _boot.loader.grub.version = 2;
+          boot.loader.grub.version = 2;
-          _services.openssh = {
+          services.openssh = {
             permitRootLogin = "no";
             enable = true;
           };
-          _services.gitea = {
+          services.gitea = {
             enable = true;
             stateDir = "/gitea";
             rootUrl = "https://git.pegasust.com";
@@ -60,7 +71,7 @@
               };
             };
           };
-          _services.nginx = {
+          services.nginx = {
             enable = true;
             clientMaxBodySize = "100m"; # Allow big file transfers over git :^)
             recommendedGzipSettings = true;
@@ -84,14 +95,14 @@
         ];
         specialArgs = {
           hostname = "lester";
-          _networking = {
+          networking = {
             firewall.enable = true;
             useDHCP = false;
             interfaces.eth0.useDHCP = true;
           };
-          _boot.loader.grub.enable = true;
+          boot.loader.grub.enable = true;
-          _boot.loader.grub.version = 2;
+          boot.loader.grub.version = 2;
-          _services.openssh = {
+          services.openssh = {
             permitRootLogin = "no";
             enable = true;
           };
@@ -104,7 +115,7 @@
         ];
         specialArgs = {
           hostname = "nyx";
-          _networking = {
+          networking = {
             interfaces.eth1.ipv4.addresses = [{
               address = "71.0.0.2";
               prefixLength = 24;
@@ -113,9 +124,9 @@
             useDHCP = false;
             interfaces.eth0.useDHCP = true;
           };
-          _boot.loader.grub.enable = true;
+          boot.loader.grub.enable = true;
-          _boot.loader.grub.version = 2;
+          boot.loader.grub.version = 2;
-          _services.openssh = {
+          services.openssh = {
             permitRootLogin = "no";
             enable = true;
           };

system-nix/profiles/lizzi/hardware-configuration.nix

@@ -1,47 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelParams = [ "console=ttyS0,19200n8" ];
-  boot.loader.grub.extraConfig = ''
-    serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1
-    terminal_input serial;
-    terminal_output serial
-  '';
-  boot.loader.grub.forceInstall = true;
-  boot.loader.grub.device = "nodev";
-  boot.loader.timeout = 10;
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems = {
-    "/" =  { device = "/dev/sda";
-      fsType = "ext4";
-    };
-    "/gitea" = {
-      device = "/dev/disk/by-id/scsi-0Linode_Volume_gitea";
-      fsType = "ext4";
-    };
-  };
-
-  swapDevices =
-    [ { device = "/dev/sdb"; }
-    ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp0s5.useDHCP = lib.mkDefault true;
-
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}