Migrate deprecated settings
This commit is contained in:
parent
076c42f090
commit
00000040af
|
@ -21,7 +21,7 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
cleanTmpDir = true;
|
tmp.cleanOnBoot = true;
|
||||||
kernel.sysctl = {
|
kernel.sysctl = {
|
||||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||||
};
|
};
|
||||||
|
@ -188,8 +188,10 @@
|
||||||
openssh = {
|
openssh = {
|
||||||
# Required for deployment and sops
|
# Required for deployment and sops
|
||||||
enable = true;
|
enable = true;
|
||||||
passwordAuthentication = lib.mkIf (!config.c3d2.k-ot.enable) false;
|
settings = {
|
||||||
permitRootLogin = lib.mkOverride 900 "prohibit-password";
|
PasswordAuthentication = lib.mkIf (!config.c3d2.k-ot.enable) false;
|
||||||
|
PermitRootLogin = lib.mkOverride 900 "prohibit-password";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
portunus = with zentralwerk.lib.config.site.net.serv; {
|
portunus = with zentralwerk.lib.config.site.net.serv; {
|
||||||
|
|
|
@ -90,8 +90,10 @@ in
|
||||||
"compat_uts_machine=armv6l"
|
"compat_uts_machine=armv6l"
|
||||||
];
|
];
|
||||||
|
|
||||||
tmpOnTmpfs = true;
|
tmp = {
|
||||||
tmpOnTmpfsSize = "80%";
|
useTmpfs = true;
|
||||||
|
tmpfsSize = "80%";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
# hardware.raspberry-pi."4" = {
|
# hardware.raspberry-pi."4" = {
|
||||||
# fkms-3d.enable = true;
|
# fkms-3d.enable = true;
|
||||||
|
|
|
@ -55,13 +55,15 @@ in {
|
||||||
"${modulesPath}/profiles/minimal.nix"
|
"${modulesPath}/profiles/minimal.nix"
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.tmpOnTmpfs = true;
|
boot = {
|
||||||
boot.postBootCommands = ''
|
postBootCommands = ''
|
||||||
if [ ! -c /dev/net/tun ]; then
|
if [ ! -c /dev/net/tun ]; then
|
||||||
mkdir -p /dev/net
|
mkdir -p /dev/net
|
||||||
mknod -m 666 /dev/net/tun c 10 200
|
mknod -m 666 /dev/net/tun c 10 200
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
tmp.useTmpfs = true;
|
||||||
|
};
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
hq.statistics.enable = true;
|
hq.statistics.enable = true;
|
||||||
deployment = {
|
deployment = {
|
||||||
|
|
|
@ -16,8 +16,10 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
tmpOnTmpfs = true;
|
tmp = {
|
||||||
tmpOnTmpfsSize = "80%";
|
useTmpfs = true;
|
||||||
|
tmpfsSize = "80%";
|
||||||
|
};
|
||||||
kernelModules = [ "kvm-intel" ];
|
kernelModules = [ "kvm-intel" ];
|
||||||
kernelParams = [ "mitigations=off" "preempt=none" ];
|
kernelParams = [ "mitigations=off" "preempt=none" ];
|
||||||
loader = {
|
loader = {
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
loader.grub.enable = false;
|
loader.grub.enable = false;
|
||||||
loader.efi.canTouchEfiVariables = true;
|
loader.efi.canTouchEfiVariables = true;
|
||||||
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
|
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
|
||||||
tmpOnTmpfs = true;
|
tmp.useTmpfs = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
hardware = {
|
hardware = {
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
tmpOnTmpfs = true;
|
tmp.useTmpfs = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/mnt/sd" = {
|
fileSystems."/mnt/sd" = {
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
# no zfs required
|
# no zfs required
|
||||||
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
|
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
|
||||||
|
|
||||||
tmpOnTmpfs = true;
|
tmp.useTmpfs = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs.config.packageOverrides = pkgs: {
|
nixpkgs.config.packageOverrides = pkgs: {
|
||||||
|
|
|
@ -23,8 +23,10 @@
|
||||||
# No server/router runs any untrusted user code
|
# No server/router runs any untrusted user code
|
||||||
"mitigations=off"
|
"mitigations=off"
|
||||||
];
|
];
|
||||||
tmpOnTmpfs = true;
|
tmp = {
|
||||||
tmpOnTmpfsSize = "80%";
|
useTmpfs = true;
|
||||||
|
tmpfsSize = "80%";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
|
|
|
@ -21,8 +21,10 @@ _:
|
||||||
# No server/router runs any untrusted user code
|
# No server/router runs any untrusted user code
|
||||||
"mitigations=off"
|
"mitigations=off"
|
||||||
];
|
];
|
||||||
tmpOnTmpfs = true;
|
tmp = {
|
||||||
tmpOnTmpfsSize = "80%";
|
useTmpfs = true;
|
||||||
|
tmpfsSize = "80%";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
disko.disks = [ {
|
disko.disks = [ {
|
||||||
|
|
|
@ -22,8 +22,10 @@
|
||||||
# No server/router runs any untrusted user code
|
# No server/router runs any untrusted user code
|
||||||
"mitigations=off"
|
"mitigations=off"
|
||||||
];
|
];
|
||||||
tmpOnTmpfs = true;
|
tmp = {
|
||||||
tmpOnTmpfsSize = "80%";
|
useTmpfs = true;
|
||||||
|
tmpfsSize = "80%";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
|
|
|
@ -22,8 +22,10 @@
|
||||||
# No server/router runs any untrusted user code
|
# No server/router runs any untrusted user code
|
||||||
"mitigations=off"
|
"mitigations=off"
|
||||||
];
|
];
|
||||||
tmpOnTmpfs = true;
|
tmp = {
|
||||||
tmpOnTmpfsSize = "80%";
|
useTmpfs = true;
|
||||||
|
tmpfsSize = "80%";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
|
|
|
@ -21,8 +21,10 @@
|
||||||
# No server/router runs any untrusted user code
|
# No server/router runs any untrusted user code
|
||||||
"mitigations=off"
|
"mitigations=off"
|
||||||
];
|
];
|
||||||
tmpOnTmpfs = true;
|
tmp = {
|
||||||
tmpOnTmpfsSize = "80%";
|
useTmpfs = true;
|
||||||
|
tmpfsSize = "80%";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
|
|
|
@ -36,7 +36,7 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
tmpOnTmpfs = true;
|
tmp.useTmpfs = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
hardware.deviceTree.enable = true;
|
hardware.deviceTree.enable = true;
|
||||||
|
|
Loading…
Reference in New Issue