cleanup
This commit is contained in:
mjallen18
@@ -3,6 +3,7 @@
|
||||
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
||||
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
namespace,
|
||||
...
|
||||
@@ -14,8 +15,6 @@
|
||||
./filesystems.nix
|
||||
./boot.nix
|
||||
./apps.nix
|
||||
./grafana.nix
|
||||
./networking.nix # - moved to modules/nixos/network
|
||||
./ups.nix
|
||||
./users.nix
|
||||
./samba.nix
|
||||
@@ -28,9 +27,22 @@
|
||||
powerManagement.cpuFreqGovernor = "powersave";
|
||||
|
||||
${namespace} = {
|
||||
# ###################################################
|
||||
# # Boot # #
|
||||
# ###################################################
|
||||
|
||||
bootloader.lanzaboote.enable = true;
|
||||
impermanence.enable = true;
|
||||
|
||||
# ###################################################
|
||||
# # Desktop # #
|
||||
# ###################################################
|
||||
|
||||
desktop.cosmic.enable = false;
|
||||
|
||||
# ###################################################
|
||||
# # Development # #
|
||||
# ###################################################
|
||||
|
||||
development = {
|
||||
enable = true;
|
||||
includeLanguages = [
|
||||
@@ -39,7 +51,11 @@
|
||||
];
|
||||
includeContainers = true;
|
||||
};
|
||||
monitoring.enable = true;
|
||||
|
||||
# ###################################################
|
||||
# # Hardware # #
|
||||
# ###################################################
|
||||
|
||||
hardware.nvidia = {
|
||||
enable = true;
|
||||
enableBeta = true;
|
||||
@@ -47,6 +63,23 @@
|
||||
nvidiaSettings = true;
|
||||
enableNvidiaDocker = true;
|
||||
};
|
||||
|
||||
# ###################################################
|
||||
# # Impermanence # #
|
||||
# ###################################################
|
||||
|
||||
impermanence.enable = true;
|
||||
|
||||
# ###################################################
|
||||
# # Monitoring # #
|
||||
# ###################################################
|
||||
|
||||
monitoring.enable = true;
|
||||
|
||||
# ###################################################
|
||||
# # Network # #
|
||||
# ###################################################
|
||||
|
||||
network = {
|
||||
ipv4 = {
|
||||
address = "10.0.1.3/24";
|
||||
@@ -54,7 +87,6 @@
|
||||
gateway = "10.0.1.1";
|
||||
interface = "wlp6s0";
|
||||
};
|
||||
useNetworkd = true;
|
||||
hostId = "4b501480";
|
||||
nat = {
|
||||
enable = true;
|
||||
@@ -66,12 +98,50 @@
|
||||
enable = true;
|
||||
allowPing = true;
|
||||
trustedInterfaces = [ "tailscale0" ];
|
||||
allowedTCPPorts = [
|
||||
8008 # restic
|
||||
9000 # authentik
|
||||
2342 # grafana
|
||||
51820 # wireguard
|
||||
1025
|
||||
1143
|
||||
10200
|
||||
10300
|
||||
8127
|
||||
9943 # onlyoffice
|
||||
4000 # netbootxyz
|
||||
4080 # netbootxyz
|
||||
3000 # gitea
|
||||
2222 # gitea ssh
|
||||
3300
|
||||
9898
|
||||
6754 # lubelogger
|
||||
2283 # immich
|
||||
4444 # code-server
|
||||
9012
|
||||
|
||||
8192
|
||||
];
|
||||
allowedUDPPorts = config.${namespace}.network.firewall.allowedTCPPorts;
|
||||
};
|
||||
};
|
||||
|
||||
# ###################################################
|
||||
# # User # #
|
||||
# ###################################################
|
||||
|
||||
user = {
|
||||
name = "admin";
|
||||
linger = true;
|
||||
};
|
||||
|
||||
# ###################################################
|
||||
# # Services # #
|
||||
# ###################################################
|
||||
|
||||
services = {
|
||||
grafana.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
security.tpm2 = {
|
||||
@@ -115,7 +185,4 @@
|
||||
nvidiaSupport = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Additional virtualization beyond what's in development module
|
||||
virtualisation.libvirtd.enable = true;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user