Firewall
This commit is contained in:
parent
fec19d0d9b
commit
de6df90c79
4 changed files with 60 additions and 31 deletions
66
flake.lock
66
flake.lock
|
@ -135,6 +135,21 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"flake-utils_4": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1644229661,
|
||||||
|
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"helix": {
|
"helix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"crane": "crane",
|
"crane": "crane",
|
||||||
|
@ -158,7 +173,9 @@
|
||||||
},
|
},
|
||||||
"home-manager": {
|
"home-manager": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": "nixpkgs_4"
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1693208669,
|
"lastModified": 1693208669,
|
||||||
|
@ -240,22 +257,6 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_4": {
|
"nixpkgs_4": {
|
||||||
"locked": {
|
|
||||||
"lastModified": 1693771906,
|
|
||||||
"narHash": "sha256-32EnPCaVjOiEERZ+o/2Ir7JH9pkfwJZJ27SKHNvt4yk=",
|
|
||||||
"owner": "nixos",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "da5adce0ffaff10f6d0fee72a02a5ed9d01b52fc",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nixos",
|
|
||||||
"ref": "nixos-23.05",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs_5": {
|
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1692794066,
|
"lastModified": 1692794066,
|
||||||
"narHash": "sha256-H0aG8r16dj0x/Wz6wQhQxc9V7AsObOiHPaKxQgH6Y08=",
|
"narHash": "sha256-H0aG8r16dj0x/Wz6wQhQxc9V7AsObOiHPaKxQgH6Y08=",
|
||||||
|
@ -271,7 +272,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_6": {
|
"nixpkgs_5": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1693844670,
|
"lastModified": 1693844670,
|
||||||
"narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=",
|
"narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=",
|
||||||
|
@ -287,7 +288,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_7": {
|
"nixpkgs_6": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1693844670,
|
"lastModified": 1693844670,
|
||||||
"narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=",
|
"narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=",
|
||||||
|
@ -309,15 +310,16 @@
|
||||||
"disko": "disko",
|
"disko": "disko",
|
||||||
"helix": "helix",
|
"helix": "helix",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
"nixpkgs": "nixpkgs_5",
|
"nixpkgs": "nixpkgs_4",
|
||||||
"rtx": "rtx",
|
"rtx": "rtx",
|
||||||
"sops-nix": "sops-nix"
|
"sops-nix": "sops-nix",
|
||||||
|
"utils": "utils"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"rtx": {
|
"rtx": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-utils": "flake-utils_3",
|
"flake-utils": "flake-utils_3",
|
||||||
"nixpkgs": "nixpkgs_6"
|
"nixpkgs": "nixpkgs_5"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1693923183,
|
"lastModified": 1693923183,
|
||||||
|
@ -360,7 +362,7 @@
|
||||||
},
|
},
|
||||||
"sops-nix": {
|
"sops-nix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": "nixpkgs_7",
|
"nixpkgs": "nixpkgs_6",
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
|
@ -406,6 +408,24 @@
|
||||||
"repo": "default",
|
"repo": "default",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
"utils": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-utils": "flake-utils_4"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1657226504,
|
||||||
|
"narHash": "sha256-GIYNjuq4mJlFgqKsZ+YrgzWm0IpA4axA3MCrdKYj7gs=",
|
||||||
|
"owner": "gytis-ivaskevicius",
|
||||||
|
"repo": "flake-utils-plus",
|
||||||
|
"rev": "2bf0f91643c2e5ae38c1b26893ac2927ac9bd82a",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "gytis-ivaskevicius",
|
||||||
|
"repo": "flake-utils-plus",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"root": "root",
|
"root": "root",
|
||||||
|
|
|
@ -1,9 +1,15 @@
|
||||||
{
|
{
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
|
||||||
|
utils.url = "github:gytis-ivaskevicius/flake-utils-plus";
|
||||||
# nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-channels/nixos-unstable";
|
# nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-channels/nixos-unstable";
|
||||||
api-lyte-dev.url = "git+ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git";
|
api-lyte-dev.url = "git+ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git";
|
||||||
home-manager.url = "github:nix-community/home-manager/release-23.05";
|
home-manager = {
|
||||||
|
url = "github:nix-community/home-manager/release-23.05";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
inputs.utils.follows = "utils";
|
||||||
|
};
|
||||||
|
|
||||||
disko.url = "github:nix-community/disko/master";
|
disko.url = "github:nix-community/disko/master";
|
||||||
sops-nix.url = "github:Mic92/sops-nix";
|
sops-nix.url = "github:Mic92/sops-nix";
|
||||||
helix.url = "github:helix-editor/helix";
|
helix.url = "github:helix-editor/helix";
|
||||||
|
|
|
@ -1,11 +1,12 @@
|
||||||
{ config, lib, inputs, system, ... }:
|
{ config, lib, inputs, system, ... }:
|
||||||
let
|
let
|
||||||
overlay = final: prev: {
|
overlay = final: prev: {
|
||||||
helix = prev.helix // inputs.helix.packages.${system}.helix;
|
helix = prev.helix // inputs.helix.packages.${system}.helix;
|
||||||
rtx = prev.rtx // inputs.rtx.packages.${system}.rtx;
|
rtx = prev.rtx // inputs.rtx.packages.${system}.rtx;
|
||||||
};
|
};
|
||||||
pkgs = inputs.nixpkgs.legacyPackages.${system}.extend overlay;
|
pkgs = inputs.nixpkgs.legacyPackages.${system}.extend overlay;
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
services.journald.extraConfig = "SystemMaxUse=1G";
|
services.journald.extraConfig = "SystemMaxUse=1G";
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
|
@ -96,8 +97,8 @@ in {
|
||||||
PasswordAuthentication = false;
|
PasswordAuthentication = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
# tailscale handles this I think
|
# TODO: tailscale can handle this I think...?
|
||||||
openFirewall = lib.mkDefault false;
|
openFirewall = lib.mkDefault true;
|
||||||
|
|
||||||
# listenAddresses = [
|
# listenAddresses = [
|
||||||
# { addr = "0.0.0.0"; port = 22; }
|
# { addr = "0.0.0.0"; port = 22; }
|
||||||
|
|
|
@ -75,12 +75,14 @@ sudo nix-shell --packages git --run "nix run \
|
||||||
--arg disks '[ \"/dev/your_disk\" ]'"
|
--arg disks '[ \"/dev/your_disk\" ]'"
|
||||||
```
|
```
|
||||||
|
|
||||||
And finally install NixOS as specified by this flake:
|
And finally install NixOS (optionally using my cache) as specified by this flake:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
nix-shell --packages git \
|
nix-shell --packages git \
|
||||||
--run "sudo nixos-install \
|
--run "sudo nixos-install \
|
||||||
--flake 'git+https://git.lyte.dev/lytedev/nix#yourNixosConfig'"
|
--flake 'git+https://git.lyte.dev/lytedev/nix#yourNixosConfig' \
|
||||||
|
--option substituters 'https://nix.h.lyte.dev' \
|
||||||
|
--option trusted-public-keys 'h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0='"
|
||||||
```
|
```
|
||||||
|
|
||||||
**NOTE**: This takes a while, mostly due to building Helix myself on each box. I
|
**NOTE**: This takes a while, mostly due to building Helix myself on each box. I
|
||||||
|
|
Loading…
Reference in a new issue