diff options
| -rw-r--r-- | accounts/gkleen@sif/default.nix | 1 | ||||
| -rw-r--r-- | accounts/gkleen@sif/libvirt/default.nix | 3 | ||||
| -rw-r--r-- | accounts/gkleen@sif/ssh-hosts.nix | 5 | ||||
| -rw-r--r-- | flake.lock | 6 | ||||
| -rw-r--r-- | hosts/surtr/default.nix | 11 | ||||
| -rw-r--r-- | hosts/surtr/dns/default.nix | 2 | ||||
| -rw-r--r-- | overlays/preserve-dscp/default.nix | 2 | ||||
| -rw-r--r-- | system-profiles/zfs.nix | 4 |
8 files changed, 22 insertions, 12 deletions
diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix index 189fabfa..2de98765 100644 --- a/accounts/gkleen@sif/default.nix +++ b/accounts/gkleen@sif/default.nix | |||
| @@ -708,6 +708,7 @@ in { | |||
| 708 | flakeInputs.deploy-rs.packages.${config.nixpkgs.system}.deploy-rs | 708 | flakeInputs.deploy-rs.packages.${config.nixpkgs.system}.deploy-rs |
| 709 | sieve-connect gimp inkscape udiskie glab nitrokey-app | 709 | sieve-connect gimp inkscape udiskie glab nitrokey-app |
| 710 | pynitrokey gtklock wlrctl remmina openscad spice-record | 710 | pynitrokey gtklock wlrctl remmina openscad spice-record |
| 711 | libguestfs-with-appliance | ||
| 711 | ]; | 712 | ]; |
| 712 | 713 | ||
| 713 | file = { | 714 | file = { |
diff --git a/accounts/gkleen@sif/libvirt/default.nix b/accounts/gkleen@sif/libvirt/default.nix index 076a0d86..a5636ce2 100644 --- a/accounts/gkleen@sif/libvirt/default.nix +++ b/accounts/gkleen@sif/libvirt/default.nix | |||
| @@ -29,7 +29,8 @@ with flakeInputs.nixVirt.lib; | |||
| 29 | # gl.enable = true; | 29 | # gl.enable = true; |
| 30 | }; | 30 | }; |
| 31 | devices.interface = { | 31 | devices.interface = { |
| 32 | model.type = "virtio"; | 32 | # model.type = "virtio"; |
| 33 | model.type = "e1000e"; | ||
| 33 | type = "bridge"; | 34 | type = "bridge"; |
| 34 | mac.address = "52:54:00:b9:f3:ed"; | 35 | mac.address = "52:54:00:b9:f3:ed"; |
| 35 | source.bridge = "gre-0971"; | 36 | source.bridge = "gre-0971"; |
diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix index ac930614..107f1e76 100644 --- a/accounts/gkleen@sif/ssh-hosts.nix +++ b/accounts/gkleen@sif/ssh-hosts.nix | |||
| @@ -554,4 +554,9 @@ | |||
| 554 | HostKeyAlgorithms = "+ecdsa-sha2-nistp256"; | 554 | HostKeyAlgorithms = "+ecdsa-sha2-nistp256"; |
| 555 | }; | 555 | }; |
| 556 | }; | 556 | }; |
| 557 | "game01" = | ||
| 558 | { hostname = "game01.yggdrasil.li"; | ||
| 559 | user = "factorio"; | ||
| 560 | identityFile = "~/.ssh/gkleen@sif.midgard.yggdrasil"; | ||
| 561 | }; | ||
| 557 | } | 562 | } |
| @@ -619,11 +619,11 @@ | |||
| 619 | }, | 619 | }, |
| 620 | "nixpkgs_2": { | 620 | "nixpkgs_2": { |
| 621 | "locked": { | 621 | "locked": { |
| 622 | "lastModified": 1729880355, | 622 | "lastModified": 1730785428, |
| 623 | "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=", | 623 | "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", |
| 624 | "owner": "NixOS", | 624 | "owner": "NixOS", |
| 625 | "repo": "nixpkgs", | 625 | "repo": "nixpkgs", |
| 626 | "rev": "18536bf04cd71abd345f9579158841376fdd0c5a", | 626 | "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", |
| 627 | "type": "github" | 627 | "type": "github" |
| 628 | }, | 628 | }, |
| 629 | "original": { | 629 | "original": { |
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix index 705f69b3..223e1f10 100644 --- a/hosts/surtr/default.nix +++ b/hosts/surtr/default.nix | |||
| @@ -65,6 +65,12 @@ with lib; | |||
| 65 | enable = true; | 65 | enable = true; |
| 66 | rulesetFile = ./ruleset.nft; | 66 | rulesetFile = ./ruleset.nft; |
| 67 | }; | 67 | }; |
| 68 | resolvconf = { | ||
| 69 | enable = true; | ||
| 70 | extraConfig = '' | ||
| 71 | name_servers='127.0.0.53' | ||
| 72 | ''; | ||
| 73 | }; | ||
| 68 | }; | 74 | }; |
| 69 | 75 | ||
| 70 | systemd.network = { | 76 | systemd.network = { |
| @@ -78,10 +84,7 @@ with lib; | |||
| 78 | }; | 84 | }; |
| 79 | }; | 85 | }; |
| 80 | 86 | ||
| 81 | services.resolved = { | 87 | services.resolved.enable = false; |
| 82 | llmnr = "false"; | ||
| 83 | dnssec = "false"; # unbound does dnssec validation for us | ||
| 84 | }; | ||
| 85 | 88 | ||
| 86 | services.ndppd = { | 89 | services.ndppd = { |
| 87 | enable = true; | 90 | enable = true; |
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 65f46b35..53df798e 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix | |||
| @@ -212,7 +212,7 @@ in { | |||
| 212 | 212 | ||
| 213 | settings = { | 213 | settings = { |
| 214 | server = { | 214 | server = { |
| 215 | interface = ["lo@5353"]; | 215 | interface = ["lo@5353" "127.0.0.53"]; |
| 216 | prefer-ip6 = true; | 216 | prefer-ip6 = true; |
| 217 | access-control = ["127.0.0.0/8 allow" "::1/128 allow"]; | 217 | access-control = ["127.0.0.0/8 allow" "::1/128 allow"]; |
| 218 | root-hints = "${pkgs.dns-root-data}/root.hints"; | 218 | root-hints = "${pkgs.dns-root-data}/root.hints"; |
diff --git a/overlays/preserve-dscp/default.nix b/overlays/preserve-dscp/default.nix index a1064591..105eccb9 100644 --- a/overlays/preserve-dscp/default.nix +++ b/overlays/preserve-dscp/default.nix | |||
| @@ -16,7 +16,7 @@ | |||
| 16 | outputs = [ "out" "lib" ]; | 16 | outputs = [ "out" "lib" ]; |
| 17 | 17 | ||
| 18 | buildInputs = with final; [ elfutils libpcap zlib ]; | 18 | buildInputs = with final; [ elfutils libpcap zlib ]; |
| 19 | nativeBuildInputs = with final; [ llvmPackages.clang llvmPackages.llvm pkg-config bpftool libmnl gnum4 glibc_multi makeWrapper ]; | 19 | nativeBuildInputs = with final; [ llvmPackages.clang llvmPackages.llvm pkg-config bpftools libmnl gnum4 glibc_multi makeWrapper ]; |
| 20 | 20 | ||
| 21 | installPhase = '' | 21 | installPhase = '' |
| 22 | mkdir -p $lib/lib/bpf | 22 | mkdir -p $lib/lib/bpf |
diff --git a/system-profiles/zfs.nix b/system-profiles/zfs.nix index 49386363..149decee 100644 --- a/system-profiles/zfs.nix +++ b/system-profiles/zfs.nix | |||
| @@ -1,8 +1,8 @@ | |||
| 1 | { pkgs, lib, ... } : { | 1 | { pkgs, lib, ... } : { |
| 2 | config = { | 2 | config = { |
| 3 | boot = { | 3 | boot = { |
| 4 | kernelPackages = pkgs.linuxPackages_6_10; | 4 | kernelPackages = pkgs.linuxPackages_6_11; |
| 5 | zfs.package = pkgs.zfs_2_2; | 5 | zfs.package = pkgs.zfs_unstable; |
| 6 | 6 | ||
| 7 | supportedFilesystems.zfs = true; | 7 | supportedFilesystems.zfs = true; |
| 8 | }; | 8 | }; |