c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Migrate deprecated settings

This commit is contained in:
Sandro - 2023-06-16 20:08:33 +02:00
parent 076c42f090
commit 00000040af
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
13 changed files with 46 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
config/default.nix
View File

@ -21,7 +21,7 @@
];
boot = {
cleanTmpDir = true;
tmp.cleanOnBoot = true;
kernel.sysctl = {
"net.ipv4.tcp_congestion_control" = "bbr";
};
@ -188,8 +188,10 @@
openssh = {
# Required for deployment and sops
enable = true;
passwordAuthentication = lib.mkIf (!config.c3d2.k-ot.enable) false;
permitRootLogin = lib.mkOverride 900 "prohibit-password";
settings = {
PasswordAuthentication = lib.mkIf (!config.c3d2.k-ot.enable) false;
PermitRootLogin = lib.mkOverride 900 "prohibit-password";
};
};
portunus = with zentralwerk.lib.config.site.net.serv; {

6
hosts/dacbert/default.nix
View File

@ -90,8 +90,10 @@ in
"compat_uts_machine=armv6l"
];
tmpOnTmpfs = true;
tmpOnTmpfsSize = "80%";
tmp = {
useTmpfs = true;
tmpfsSize = "80%";
};
};
# hardware.raspberry-pi."4" = {
# fkms-3d.enable = true;

16
hosts/freifunk/default.nix
View File

@ -55,13 +55,15 @@ in {
"${modulesPath}/profiles/minimal.nix"
];
boot.tmpOnTmpfs = true;
boot.postBootCommands = ''
if [ ! -c /dev/net/tun ]; then
mkdir -p /dev/net
mknod -m 666 /dev/net/tun c 10 200
fi
'';
boot = {
postBootCommands = ''
if [ ! -c /dev/net/tun ]; then
mkdir -p /dev/net
mknod -m 666 /dev/net/tun c 10 200
fi
'';
tmp.useTmpfs = true;
};
c3d2 = {
hq.statistics.enable = true;
deployment = {

6
hosts/hydra/default.nix
View File

@ -16,8 +16,10 @@ in
};
boot = {
tmpOnTmpfs = true;
tmpOnTmpfsSize = "80%";
tmp = {
useTmpfs = true;
tmpfsSize = "80%";
};
kernelModules = [ "kvm-intel" ];
kernelParams = [ "mitigations=off" "preempt=none" ];
loader = {

2
hosts/pulsebert/default.nix
View File

@ -17,7 +17,7 @@
loader.grub.enable = false;
loader.efi.canTouchEfiVariables = true;
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
tmpOnTmpfs = true;
tmp.useTmpfs = true;
};
hardware = {

2
hosts/riscbert/default.nix
View File

@ -26,7 +26,7 @@
];
};
tmpOnTmpfs = true;
tmp.useTmpfs = true;
};
fileSystems."/mnt/sd" = {

2
hosts/schalter/default.nix
View File

@ -18,7 +18,7 @@
# no zfs required
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
tmpOnTmpfs = true;
tmp.useTmpfs = true;
};
nixpkgs.config.packageOverrides = pkgs: {

6
hosts/server10/default.nix
View File

@ -23,8 +23,10 @@
# No server/router runs any untrusted user code
"mitigations=off"
];
tmpOnTmpfs = true;
tmpOnTmpfsSize = "80%";
tmp = {
useTmpfs = true;
tmpfsSize = "80%";
};
};
networking = {

6
hosts/server6/default.nix
View File

@ -21,8 +21,10 @@ _:
# No server/router runs any untrusted user code
"mitigations=off"
];
tmpOnTmpfs = true;
tmpOnTmpfsSize = "80%";
tmp = {
useTmpfs = true;
tmpfsSize = "80%";
};
};
disko.disks = [ {

6
hosts/server7/default.nix
View File

@ -22,8 +22,10 @@
# No server/router runs any untrusted user code
"mitigations=off"
];
tmpOnTmpfs = true;
tmpOnTmpfsSize = "80%";
tmp = {
useTmpfs = true;
tmpfsSize = "80%";
};
};
networking = {

6
hosts/server8/default.nix
View File

@ -22,8 +22,10 @@
# No server/router runs any untrusted user code
"mitigations=off"
];
tmpOnTmpfs = true;
tmpOnTmpfsSize = "80%";
tmp = {
useTmpfs = true;
tmpfsSize = "80%";
};
};
networking = {

6
hosts/server9/default.nix
View File

@ -21,8 +21,10 @@
# No server/router runs any untrusted user code
"mitigations=off"
];
tmpOnTmpfs = true;
tmpOnTmpfsSize = "80%";
tmp = {
useTmpfs = true;
tmpfsSize = "80%";
};
};
networking = {

2
modules/rpi-netboot.nix
View File

@ -36,7 +36,7 @@
];
};
tmpOnTmpfs = true;
tmp.useTmpfs = true;
};
hardware.deviceTree.enable = true;