diff --git a/fish/shellInit.fish b/fish/shellInit.fish index 6c8d832..4951264 100644 --- a/fish/shellInit.fish +++ b/fish/shellInit.fish @@ -72,6 +72,6 @@ if has_command rtx rtx activate fish | source end -for dir in $HOME/.cargo/bin +for dir in ~/.cargo/bin ~/.nimble/bin fish_add_path $dir end diff --git a/home/user.nix b/home/user.nix index a94d694..3d539a8 100644 --- a/home/user.nix +++ b/home/user.nix @@ -31,7 +31,7 @@ in pkgs.nixpkgs-fmt # TODO: os-specific scripts? macOS versus Linux (arch or nixos? do I need to distinguish at that point?) - (pkgs.buildEnv { name = "my-scripts"; paths = [ ../scripts ]; }) + (pkgs.buildEnv { name = "my-scripts-common"; paths = [ ../scripts/common ]; }) ]; file = { @@ -588,6 +588,3 @@ in # maybe we can share somehow so things for nix-y systems and non-nix-y systems alike # am I going to _have_ non-nix systems anymore? } - - - diff --git a/nixos/common.nix b/nixos/common.nix index 02e18d1..60a8a6b 100644 --- a/nixos/common.nix +++ b/nixos/common.nix @@ -1,11 +1,12 @@ -{ config, lib, inputs, system, ... }: -let +{ config, lib, inputs, system, ... }: +let overlay = final: prev: { helix = prev.helix // inputs.helix.packages.${system}.helix; rtx = prev.rtx // inputs.rtx.packages.${system}.rtx; }; pkgs = inputs.nixpkgs.legacyPackages.${system}.extend overlay; -in { +in +{ services.journald.extraConfig = "SystemMaxUse=1G"; environment = { @@ -97,7 +98,7 @@ in { }; # tailscale handles this I think - openFirewall = lib.mkDefault false; + openFirewall = lib.mkDefault true; # listenAddresses = [ # { addr = "0.0.0.0"; port = 22; } @@ -144,7 +145,7 @@ in { firewall = { enable = lib.mkDefault true; allowPing = lib.mkDefault true; - allowedTCPPorts = lib.mkDefault [ ]; + allowedTCPPorts = lib.mkDefault [ 22 ]; allowedUDPPorts = lib.mkDefault [ ]; }; }; diff --git a/nixos/thinker.nix b/nixos/thinker.nix index 05f7490..3f1771c 100644 --- a/nixos/thinker.nix +++ b/nixos/thinker.nix @@ -28,6 +28,15 @@ powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; services.printing.enable = true; # I own a printer in the year of our Lord 2023 + networking = { + firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [ 22 ]; + allowedUDPPorts = [ ]; + }; + }; + system.stateVersion = "23.05"; }