Merge

fish/shellInit.fish

@@ -72,6 +72,6 @@ if has_command rtx
 	rtx activate fish | source
 end
 
-for dir in $HOME/.cargo/bin
+for dir in ~/.cargo/bin ~/.nimble/bin
 	fish_add_path $dir
 end

home/user.nix

@@ -31,7 +31,7 @@ in
       pkgs.nixpkgs-fmt
 
       # TODO: os-specific scripts? macOS versus Linux (arch or nixos? do I need to distinguish at that point?)
-      (pkgs.buildEnv { name = "my-scripts"; paths = [ ../scripts ]; })
+      (pkgs.buildEnv { name = "my-scripts-common"; paths = [ ../scripts/common ]; })
     ];
 
     file = {
@@ -588,6 +588,3 @@ in
   # maybe we can share somehow so things for nix-y systems and non-nix-y systems alike
   # am I going to _have_ non-nix systems anymore?
 }
-
-
-

nixos/common.nix

@@ -1,11 +1,12 @@
-{ config, lib, inputs, system, ... }: 
-let 
+{ config, lib, inputs, system, ... }:
+let
   overlay = final: prev: {
     helix = prev.helix // inputs.helix.packages.${system}.helix;
     rtx = prev.rtx // inputs.rtx.packages.${system}.rtx;
   };
   pkgs = inputs.nixpkgs.legacyPackages.${system}.extend overlay;
-in {
+in
+{
   services.journald.extraConfig = "SystemMaxUse=1G";
 
   environment = {
@@ -97,7 +98,7 @@ in {
       };
 
       # tailscale handles this I think
-      openFirewall = lib.mkDefault false;
+      openFirewall = lib.mkDefault true;
 
       # listenAddresses = [
       #   { addr = "0.0.0.0"; port = 22; }
@@ -144,7 +145,7 @@ in {
     firewall = {
       enable = lib.mkDefault true;
       allowPing = lib.mkDefault true;
-      allowedTCPPorts = lib.mkDefault [ ];
+      allowedTCPPorts = lib.mkDefault [ 22 ];
       allowedUDPPorts = lib.mkDefault [ ];
     };
   };

nixos/thinker.nix

@@ -28,6 +28,15 @@
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
   services.printing.enable = true; # I own a printer in the year of our Lord 2023
 
+  networking = {
+    firewall = {
+      enable = true;
+      allowPing = true;
+      allowedTCPPorts = [ 22 ];
+      allowedUDPPorts = [ ];
+    };
+  };
+
   system.stateVersion = "23.05";
 }