summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2024-11-13 08:41:39 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2024-11-13 08:41:39 +0100
commitf805ce37981a699981ae25dfd1943dc3db33b90e (patch)
tree36083abc2af2a3c0fed5b75ccd10450fac5c1045
parent5440c73f19ae9bfac70c79da83241c158ceb7d4a (diff)
downloadnixos-f805ce37981a699981ae25dfd1943dc3db33b90e.tar
nixos-f805ce37981a699981ae25dfd1943dc3db33b90e.tar.gz
nixos-f805ce37981a699981ae25dfd1943dc3db33b90e.tar.bz2
nixos-f805ce37981a699981ae25dfd1943dc3db33b90e.tar.xz
nixos-f805ce37981a699981ae25dfd1943dc3db33b90e.zip
...
-rw-r--r--accounts/gkleen@sif/default.nix1
-rw-r--r--accounts/gkleen@sif/libvirt/default.nix3
-rw-r--r--accounts/gkleen@sif/ssh-hosts.nix5
-rw-r--r--flake.lock6
-rw-r--r--hosts/surtr/default.nix11
-rw-r--r--hosts/surtr/dns/default.nix2
-rw-r--r--overlays/preserve-dscp/default.nix2
-rw-r--r--system-profiles/zfs.nix4
8 files changed, 22 insertions, 12 deletions
diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix
index 189fabfa..2de98765 100644
--- a/accounts/gkleen@sif/default.nix
+++ b/accounts/gkleen@sif/default.nix
@@ -708,6 +708,7 @@ in {
708 flakeInputs.deploy-rs.packages.${config.nixpkgs.system}.deploy-rs 708 flakeInputs.deploy-rs.packages.${config.nixpkgs.system}.deploy-rs
709 sieve-connect gimp inkscape udiskie glab nitrokey-app 709 sieve-connect gimp inkscape udiskie glab nitrokey-app
710 pynitrokey gtklock wlrctl remmina openscad spice-record 710 pynitrokey gtklock wlrctl remmina openscad spice-record
711 libguestfs-with-appliance
711 ]; 712 ];
712 713
713 file = { 714 file = {
diff --git a/accounts/gkleen@sif/libvirt/default.nix b/accounts/gkleen@sif/libvirt/default.nix
index 076a0d86..a5636ce2 100644
--- a/accounts/gkleen@sif/libvirt/default.nix
+++ b/accounts/gkleen@sif/libvirt/default.nix
@@ -29,7 +29,8 @@ with flakeInputs.nixVirt.lib;
29 # gl.enable = true; 29 # gl.enable = true;
30 }; 30 };
31 devices.interface = { 31 devices.interface = {
32 model.type = "virtio"; 32 # model.type = "virtio";
33 model.type = "e1000e";
33 type = "bridge"; 34 type = "bridge";
34 mac.address = "52:54:00:b9:f3:ed"; 35 mac.address = "52:54:00:b9:f3:ed";
35 source.bridge = "gre-0971"; 36 source.bridge = "gre-0971";
diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix
index ac930614..107f1e76 100644
--- a/accounts/gkleen@sif/ssh-hosts.nix
+++ b/accounts/gkleen@sif/ssh-hosts.nix
@@ -554,4 +554,9 @@
554 HostKeyAlgorithms = "+ecdsa-sha2-nistp256"; 554 HostKeyAlgorithms = "+ecdsa-sha2-nistp256";
555 }; 555 };
556 }; 556 };
557 "game01" =
558 { hostname = "game01.yggdrasil.li";
559 user = "factorio";
560 identityFile = "~/.ssh/gkleen@sif.midgard.yggdrasil";
561 };
557} 562}
diff --git a/flake.lock b/flake.lock
index c1e5e7b6..2bef2351 100644
--- a/flake.lock
+++ b/flake.lock
@@ -619,11 +619,11 @@
619 }, 619 },
620 "nixpkgs_2": { 620 "nixpkgs_2": {
621 "locked": { 621 "locked": {
622 "lastModified": 1729880355, 622 "lastModified": 1730785428,
623 "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=", 623 "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=",
624 "owner": "NixOS", 624 "owner": "NixOS",
625 "repo": "nixpkgs", 625 "repo": "nixpkgs",
626 "rev": "18536bf04cd71abd345f9579158841376fdd0c5a", 626 "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7",
627 "type": "github" 627 "type": "github"
628 }, 628 },
629 "original": { 629 "original": {
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix
index 705f69b3..223e1f10 100644
--- a/hosts/surtr/default.nix
+++ b/hosts/surtr/default.nix
@@ -65,6 +65,12 @@ with lib;
65 enable = true; 65 enable = true;
66 rulesetFile = ./ruleset.nft; 66 rulesetFile = ./ruleset.nft;
67 }; 67 };
68 resolvconf = {
69 enable = true;
70 extraConfig = ''
71 name_servers='127.0.0.53'
72 '';
73 };
68 }; 74 };
69 75
70 systemd.network = { 76 systemd.network = {
@@ -78,10 +84,7 @@ with lib;
78 }; 84 };
79 }; 85 };
80 86
81 services.resolved = { 87 services.resolved.enable = false;
82 llmnr = "false";
83 dnssec = "false"; # unbound does dnssec validation for us
84 };
85 88
86 services.ndppd = { 89 services.ndppd = {
87 enable = true; 90 enable = true;
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index 65f46b35..53df798e 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -212,7 +212,7 @@ in {
212 212
213 settings = { 213 settings = {
214 server = { 214 server = {
215 interface = ["lo@5353"]; 215 interface = ["lo@5353" "127.0.0.53"];
216 prefer-ip6 = true; 216 prefer-ip6 = true;
217 access-control = ["127.0.0.0/8 allow" "::1/128 allow"]; 217 access-control = ["127.0.0.0/8 allow" "::1/128 allow"];
218 root-hints = "${pkgs.dns-root-data}/root.hints"; 218 root-hints = "${pkgs.dns-root-data}/root.hints";
diff --git a/overlays/preserve-dscp/default.nix b/overlays/preserve-dscp/default.nix
index a1064591..105eccb9 100644
--- a/overlays/preserve-dscp/default.nix
+++ b/overlays/preserve-dscp/default.nix
@@ -16,7 +16,7 @@
16 outputs = [ "out" "lib" ]; 16 outputs = [ "out" "lib" ];
17 17
18 buildInputs = with final; [ elfutils libpcap zlib ]; 18 buildInputs = with final; [ elfutils libpcap zlib ];
19 nativeBuildInputs = with final; [ llvmPackages.clang llvmPackages.llvm pkg-config bpftool libmnl gnum4 glibc_multi makeWrapper ]; 19 nativeBuildInputs = with final; [ llvmPackages.clang llvmPackages.llvm pkg-config bpftools libmnl gnum4 glibc_multi makeWrapper ];
20 20
21 installPhase = '' 21 installPhase = ''
22 mkdir -p $lib/lib/bpf 22 mkdir -p $lib/lib/bpf
diff --git a/system-profiles/zfs.nix b/system-profiles/zfs.nix
index 49386363..149decee 100644
--- a/system-profiles/zfs.nix
+++ b/system-profiles/zfs.nix
@@ -1,8 +1,8 @@
1{ pkgs, lib, ... } : { 1{ pkgs, lib, ... } : {
2 config = { 2 config = {
3 boot = { 3 boot = {
4 kernelPackages = pkgs.linuxPackages_6_10; 4 kernelPackages = pkgs.linuxPackages_6_11;
5 zfs.package = pkgs.zfs_2_2; 5 zfs.package = pkgs.zfs_unstable;
6 6
7 supportedFilesystems.zfs = true; 7 supportedFilesystems.zfs = true;
8 }; 8 };