c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Migrate deprecated settings

This commit is contained in:
Sandro - 2023-06-16 20:08:33 +02:00
parent 076c42f090
commit 00000040af
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
13 changed files with 46 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
config/default.nix
View File

@ -21,7 +21,7 @@
]; ];
boot = { boot = {
cleanTmpDir = true; tmp.cleanOnBoot = true;
kernel.sysctl = { kernel.sysctl = {
"net.ipv4.tcp_congestion_control" = "bbr"; "net.ipv4.tcp_congestion_control" = "bbr";
}; };
@ -188,8 +188,10 @@
openssh = { openssh = {
# Required for deployment and sops # Required for deployment and sops
enable = true; enable = true;
passwordAuthentication = lib.mkIf (!config.c3d2.k-ot.enable) false; settings = {
permitRootLogin = lib.mkOverride 900 "prohibit-password"; PasswordAuthentication = lib.mkIf (!config.c3d2.k-ot.enable) false;
PermitRootLogin = lib.mkOverride 900 "prohibit-password";
};
}; };
portunus = with zentralwerk.lib.config.site.net.serv; { portunus = with zentralwerk.lib.config.site.net.serv; {

6
hosts/dacbert/default.nix
View File

@ -90,8 +90,10 @@ in
"compat_uts_machine=armv6l" "compat_uts_machine=armv6l"
]; ];
tmpOnTmpfs = true; tmp = {
tmpOnTmpfsSize = "80%"; useTmpfs = true;
tmpfsSize = "80%";
};
}; };
# hardware.raspberry-pi."4" = { # hardware.raspberry-pi."4" = {
# fkms-3d.enable = true; # fkms-3d.enable = true;

16
hosts/freifunk/default.nix
View File

@ -55,13 +55,15 @@ in {
"${modulesPath}/profiles/minimal.nix" "${modulesPath}/profiles/minimal.nix"
]; ];
boot.tmpOnTmpfs = true; boot = {
boot.postBootCommands = '' postBootCommands = ''
if [ ! -c /dev/net/tun ]; then if [ ! -c /dev/net/tun ]; then
mkdir -p /dev/net mkdir -p /dev/net
mknod -m 666 /dev/net/tun c 10 200 mknod -m 666 /dev/net/tun c 10 200
fi fi
''; '';
tmp.useTmpfs = true;
};
c3d2 = { c3d2 = {
hq.statistics.enable = true; hq.statistics.enable = true;
deployment = { deployment = {

6
hosts/hydra/default.nix
View File

@ -16,8 +16,10 @@ in
}; };
boot = { boot = {
tmpOnTmpfs = true; tmp = {
tmpOnTmpfsSize = "80%"; useTmpfs = true;
tmpfsSize = "80%";
};
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
kernelParams = [ "mitigations=off" "preempt=none" ]; kernelParams = [ "mitigations=off" "preempt=none" ];
loader = { loader = {

2
hosts/pulsebert/default.nix
View File

@ -17,7 +17,7 @@
loader.grub.enable = false; loader.grub.enable = false;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ]; supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
tmpOnTmpfs = true; tmp.useTmpfs = true;
}; };
hardware = { hardware = {

2
hosts/riscbert/default.nix
View File

@ -26,7 +26,7 @@
]; ];
}; };
tmpOnTmpfs = true; tmp.useTmpfs = true;
}; };
fileSystems."/mnt/sd" = { fileSystems."/mnt/sd" = {

2
hosts/schalter/default.nix
View File

@ -18,7 +18,7 @@
# no zfs required # no zfs required
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ]; supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
tmpOnTmpfs = true; tmp.useTmpfs = true;
}; };
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: {

6
hosts/server10/default.nix
View File

@ -23,8 +23,10 @@
# No server/router runs any untrusted user code # No server/router runs any untrusted user code
"mitigations=off" "mitigations=off"
]; ];
tmpOnTmpfs = true; tmp = {
tmpOnTmpfsSize = "80%"; useTmpfs = true;
tmpfsSize = "80%";
};
}; };
networking = { networking = {

6
hosts/server6/default.nix
View File

@ -21,8 +21,10 @@ _:
# No server/router runs any untrusted user code # No server/router runs any untrusted user code
"mitigations=off" "mitigations=off"
]; ];
tmpOnTmpfs = true; tmp = {
tmpOnTmpfsSize = "80%"; useTmpfs = true;
tmpfsSize = "80%";
};
}; };
disko.disks = [ { disko.disks = [ {

6
hosts/server7/default.nix
View File

@ -22,8 +22,10 @@
# No server/router runs any untrusted user code # No server/router runs any untrusted user code
"mitigations=off" "mitigations=off"
]; ];
tmpOnTmpfs = true; tmp = {
tmpOnTmpfsSize = "80%"; useTmpfs = true;
tmpfsSize = "80%";
};
}; };
networking = { networking = {

6
hosts/server8/default.nix
View File

@ -22,8 +22,10 @@
# No server/router runs any untrusted user code # No server/router runs any untrusted user code
"mitigations=off" "mitigations=off"
]; ];
tmpOnTmpfs = true; tmp = {
tmpOnTmpfsSize = "80%"; useTmpfs = true;
tmpfsSize = "80%";
};
}; };
networking = { networking = {

6
hosts/server9/default.nix
View File

@ -21,8 +21,10 @@
# No server/router runs any untrusted user code # No server/router runs any untrusted user code
"mitigations=off" "mitigations=off"
]; ];
tmpOnTmpfs = true; tmp = {
tmpOnTmpfsSize = "80%"; useTmpfs = true;
tmpfsSize = "80%";
};
}; };
networking = { networking = {

2
modules/rpi-netboot.nix
View File

@ -36,7 +36,7 @@
]; ];
}; };
tmpOnTmpfs = true; tmp.useTmpfs = true;
}; };
hardware.deviceTree.enable = true; hardware.deviceTree.enable = true;