diff options
| author | Kenny Ballou <kballou@devnulllabs.io> | 2020-12-16 00:42:22 -0700 |
|---|---|---|
| committer | Kenny Ballou <kballou@devnulllabs.io> | 2020-12-16 00:43:43 -0700 |
| commit | 34f6b85113141f4e6a0ceaf1c6d22a40d746ce2f (patch) | |
| tree | e205adf9a33adc04ec744020136824eee7918759 | |
| parent | a7477e7819f658bf58b11491c84bc16234663234 (diff) | |
| download | cfg.nix-34f6b85113141f4e6a0ceaf1c6d22a40d746ce2f.tar.gz cfg.nix-34f6b85113141f4e6a0ceaf1c6d22a40d746ce2f.tar.xz | |
daeva: complete configuration
Installation complete, luks container and boot loader configured.
Signed-off-by: Kenny Ballou <kballou@devnulllabs.io>
| -rw-r--r-- | daeva/configuration.nix | 37 | ||||
| -rw-r--r-- | daeva/nftables-rules.nft | 31 |
2 files changed, 31 insertions, 37 deletions
diff --git a/daeva/configuration.nix b/daeva/configuration.nix index a2ae9fa..5f18466 100644 --- a/daeva/configuration.nix +++ b/daeva/configuration.nix @@ -12,7 +12,6 @@ ../unfree.nix ../services/clamav.nix ../services/firewall.nix - ../services/docker.nix ../services/dnsmasq.nix ../services/sound.nix ../services/x11.nix @@ -40,16 +39,39 @@ ]; # Use the GRUB 2 boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot = { + enable = true; + editor = false; + }; + boot.loader.efi = { + canTouchEfiVariables = false; + }; + boot.loader.grub = { + enable = true; + copyKernels = true; + efiInstallAsRemovable = true; + efiSupport = true; + fsIdentifier = "uuid"; + splashMode = "stretch"; + version = 2; + device = "nodev"; + extraEntries = '' + menuentry "Reboot" { + reboot + } + menuentry "Poweroff" { + halt + } + ''; + }; boot.kernelPackages = pkgs.linuxPackages_latest; boot.initrd.luks = { gpgSupport = true; - device = { - luks- = { - device = "/dev/disk/by-uuid/"; + devices = { + luks-9e4050f4-5dce-4a64-88e8-61b82dd1d98b = { + device = "/dev/disk/by-uuid/9e4050f4-5dce-4a64-88e8-61b82dd1d98b"; gpgCard = { publicKey = ./public.asc; encryptedPass = ./luks-passphrase.asc; @@ -63,6 +85,9 @@ networking.hostName = "daeva"; + services.xserver.displayManager.gdm.wayland = true; + + nix.maxJobs = 4; # Only keep a week instead of 2 nix.gc.options = "--delete-older-than 7d"; diff --git a/daeva/nftables-rules.nft b/daeva/nftables-rules.nft index 22ed7f9..8d78807 100644 --- a/daeva/nftables-rules.nft +++ b/daeva/nftables-rules.nft @@ -18,11 +18,6 @@ table inet filter { chain forward { type filter hook forward priority 0; policy drop; ct state established,related counter accept - ip saddr 172.16.0.0/12 ip daddr 0.0.0.0/8 counter accept - ip saddr 172.16.0.0/12 ip daddr 172.16.0.0/12 counter accept - iifname "docker0" oifname "enp0s25" counter accept - iifname "docker0" oifname "wlp2s0" counter accept - iifname "docker0" oifname != "docker0" counter accept counter } @@ -61,29 +56,3 @@ table inet filter { counter } } - -table ip nat { - chain prerouting { - type nat hook prerouting priority 0; - counter - } - chain postrouting { - type nat hook postrouting priority 100; - ip saddr 172.16.0.0/12 oifname enp0s25 counter masquerade - ip saddr 172.16.0.0/12 oifname wlp2s0 counter masquerade - counter - } -} - -table ip6 nat { - chain prerouting { - type nat hook prerouting priority 0; - counter - } - chain postrouting { - type nat hook postrouting priority 100; - ip6 saddr fcdd::/48 oifname enp0s25 counter masquerade - ip6 saddr fcdd::/48 oifname wlp2s0 counter masquerade - counter - } -} |