diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2024-11-13 08:41:39 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2024-11-13 08:41:39 +0100 |
commit | f805ce37981a699981ae25dfd1943dc3db33b90e (patch) | |
tree | 36083abc2af2a3c0fed5b75ccd10450fac5c1045 | |
parent | 5440c73f19ae9bfac70c79da83241c158ceb7d4a (diff) | |
download | nixos-f805ce37981a699981ae25dfd1943dc3db33b90e.tar nixos-f805ce37981a699981ae25dfd1943dc3db33b90e.tar.gz nixos-f805ce37981a699981ae25dfd1943dc3db33b90e.tar.bz2 nixos-f805ce37981a699981ae25dfd1943dc3db33b90e.tar.xz nixos-f805ce37981a699981ae25dfd1943dc3db33b90e.zip |
...
-rw-r--r-- | accounts/gkleen@sif/default.nix | 1 | ||||
-rw-r--r-- | accounts/gkleen@sif/libvirt/default.nix | 3 | ||||
-rw-r--r-- | accounts/gkleen@sif/ssh-hosts.nix | 5 | ||||
-rw-r--r-- | flake.lock | 6 | ||||
-rw-r--r-- | hosts/surtr/default.nix | 11 | ||||
-rw-r--r-- | hosts/surtr/dns/default.nix | 2 | ||||
-rw-r--r-- | overlays/preserve-dscp/default.nix | 2 | ||||
-rw-r--r-- | system-profiles/zfs.nix | 4 |
8 files changed, 22 insertions, 12 deletions
diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix index 189fabfa..2de98765 100644 --- a/accounts/gkleen@sif/default.nix +++ b/accounts/gkleen@sif/default.nix | |||
@@ -708,6 +708,7 @@ in { | |||
708 | flakeInputs.deploy-rs.packages.${config.nixpkgs.system}.deploy-rs | 708 | flakeInputs.deploy-rs.packages.${config.nixpkgs.system}.deploy-rs |
709 | sieve-connect gimp inkscape udiskie glab nitrokey-app | 709 | sieve-connect gimp inkscape udiskie glab nitrokey-app |
710 | pynitrokey gtklock wlrctl remmina openscad spice-record | 710 | pynitrokey gtklock wlrctl remmina openscad spice-record |
711 | libguestfs-with-appliance | ||
711 | ]; | 712 | ]; |
712 | 713 | ||
713 | file = { | 714 | file = { |
diff --git a/accounts/gkleen@sif/libvirt/default.nix b/accounts/gkleen@sif/libvirt/default.nix index 076a0d86..a5636ce2 100644 --- a/accounts/gkleen@sif/libvirt/default.nix +++ b/accounts/gkleen@sif/libvirt/default.nix | |||
@@ -29,7 +29,8 @@ with flakeInputs.nixVirt.lib; | |||
29 | # gl.enable = true; | 29 | # gl.enable = true; |
30 | }; | 30 | }; |
31 | devices.interface = { | 31 | devices.interface = { |
32 | model.type = "virtio"; | 32 | # model.type = "virtio"; |
33 | model.type = "e1000e"; | ||
33 | type = "bridge"; | 34 | type = "bridge"; |
34 | mac.address = "52:54:00:b9:f3:ed"; | 35 | mac.address = "52:54:00:b9:f3:ed"; |
35 | source.bridge = "gre-0971"; | 36 | source.bridge = "gre-0971"; |
diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix index ac930614..107f1e76 100644 --- a/accounts/gkleen@sif/ssh-hosts.nix +++ b/accounts/gkleen@sif/ssh-hosts.nix | |||
@@ -554,4 +554,9 @@ | |||
554 | HostKeyAlgorithms = "+ecdsa-sha2-nistp256"; | 554 | HostKeyAlgorithms = "+ecdsa-sha2-nistp256"; |
555 | }; | 555 | }; |
556 | }; | 556 | }; |
557 | "game01" = | ||
558 | { hostname = "game01.yggdrasil.li"; | ||
559 | user = "factorio"; | ||
560 | identityFile = "~/.ssh/gkleen@sif.midgard.yggdrasil"; | ||
561 | }; | ||
557 | } | 562 | } |
@@ -619,11 +619,11 @@ | |||
619 | }, | 619 | }, |
620 | "nixpkgs_2": { | 620 | "nixpkgs_2": { |
621 | "locked": { | 621 | "locked": { |
622 | "lastModified": 1729880355, | 622 | "lastModified": 1730785428, |
623 | "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=", | 623 | "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", |
624 | "owner": "NixOS", | 624 | "owner": "NixOS", |
625 | "repo": "nixpkgs", | 625 | "repo": "nixpkgs", |
626 | "rev": "18536bf04cd71abd345f9579158841376fdd0c5a", | 626 | "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", |
627 | "type": "github" | 627 | "type": "github" |
628 | }, | 628 | }, |
629 | "original": { | 629 | "original": { |
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix index 705f69b3..223e1f10 100644 --- a/hosts/surtr/default.nix +++ b/hosts/surtr/default.nix | |||
@@ -65,6 +65,12 @@ with lib; | |||
65 | enable = true; | 65 | enable = true; |
66 | rulesetFile = ./ruleset.nft; | 66 | rulesetFile = ./ruleset.nft; |
67 | }; | 67 | }; |
68 | resolvconf = { | ||
69 | enable = true; | ||
70 | extraConfig = '' | ||
71 | name_servers='127.0.0.53' | ||
72 | ''; | ||
73 | }; | ||
68 | }; | 74 | }; |
69 | 75 | ||
70 | systemd.network = { | 76 | systemd.network = { |
@@ -78,10 +84,7 @@ with lib; | |||
78 | }; | 84 | }; |
79 | }; | 85 | }; |
80 | 86 | ||
81 | services.resolved = { | 87 | services.resolved.enable = false; |
82 | llmnr = "false"; | ||
83 | dnssec = "false"; # unbound does dnssec validation for us | ||
84 | }; | ||
85 | 88 | ||
86 | services.ndppd = { | 89 | services.ndppd = { |
87 | enable = true; | 90 | enable = true; |
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 65f46b35..53df798e 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix | |||
@@ -212,7 +212,7 @@ in { | |||
212 | 212 | ||
213 | settings = { | 213 | settings = { |
214 | server = { | 214 | server = { |
215 | interface = ["lo@5353"]; | 215 | interface = ["lo@5353" "127.0.0.53"]; |
216 | prefer-ip6 = true; | 216 | prefer-ip6 = true; |
217 | access-control = ["127.0.0.0/8 allow" "::1/128 allow"]; | 217 | access-control = ["127.0.0.0/8 allow" "::1/128 allow"]; |
218 | root-hints = "${pkgs.dns-root-data}/root.hints"; | 218 | root-hints = "${pkgs.dns-root-data}/root.hints"; |
diff --git a/overlays/preserve-dscp/default.nix b/overlays/preserve-dscp/default.nix index a1064591..105eccb9 100644 --- a/overlays/preserve-dscp/default.nix +++ b/overlays/preserve-dscp/default.nix | |||
@@ -16,7 +16,7 @@ | |||
16 | outputs = [ "out" "lib" ]; | 16 | outputs = [ "out" "lib" ]; |
17 | 17 | ||
18 | buildInputs = with final; [ elfutils libpcap zlib ]; | 18 | buildInputs = with final; [ elfutils libpcap zlib ]; |
19 | nativeBuildInputs = with final; [ llvmPackages.clang llvmPackages.llvm pkg-config bpftool libmnl gnum4 glibc_multi makeWrapper ]; | 19 | nativeBuildInputs = with final; [ llvmPackages.clang llvmPackages.llvm pkg-config bpftools libmnl gnum4 glibc_multi makeWrapper ]; |
20 | 20 | ||
21 | installPhase = '' | 21 | installPhase = '' |
22 | mkdir -p $lib/lib/bpf | 22 | mkdir -p $lib/lib/bpf |
diff --git a/system-profiles/zfs.nix b/system-profiles/zfs.nix index 49386363..149decee 100644 --- a/system-profiles/zfs.nix +++ b/system-profiles/zfs.nix | |||
@@ -1,8 +1,8 @@ | |||
1 | { pkgs, lib, ... } : { | 1 | { pkgs, lib, ... } : { |
2 | config = { | 2 | config = { |
3 | boot = { | 3 | boot = { |
4 | kernelPackages = pkgs.linuxPackages_6_10; | 4 | kernelPackages = pkgs.linuxPackages_6_11; |
5 | zfs.package = pkgs.zfs_2_2; | 5 | zfs.package = pkgs.zfs_unstable; |
6 | 6 | ||
7 | supportedFilesystems.zfs = true; | 7 | supportedFilesystems.zfs = true; |
8 | }; | 8 | }; |