diff --git a/common/hardware/laptop.nix b/common/hardware/laptop.nix index 2927477..c457128 100644 --- a/common/hardware/laptop.nix +++ b/common/hardware/laptop.nix @@ -26,9 +26,7 @@ in wootility ]; - services.udev.packages = with pkgs; [ - yubikey-personalization - ]; + services.udev.packages = with pkgs; [ yubikey-personalization ]; hardware.i2c.enable = true; services.libinput.enable = true; diff --git a/common/network/default.nix b/common/network/default.nix index 2103a5d..417be6f 100644 --- a/common/network/default.nix +++ b/common/network/default.nix @@ -26,6 +26,11 @@ in enable = true; allowPing = true; }; + + networking.nameservers = [ + "1.1.1.1" + "9.9.9.9" + ]; }; imports = [ ./bluetooth.nix ]; diff --git a/common/tooling/default.nix b/common/tooling/default.nix index 2e4d1a9..b1b6d23 100644 --- a/common/tooling/default.nix +++ b/common/tooling/default.nix @@ -96,7 +96,7 @@ in services.dbus.implementation = "broker"; boot.tmp.cleanOnBoot = true; - zramSwap.enable = true; + zramSwap.enable = false; #programs.ssh = { # # startAgent = true; diff --git a/common/tooling/ranger.nix b/common/tooling/ranger.nix index 3ac6bf5..4eedc03 100644 --- a/common/tooling/ranger.nix +++ b/common/tooling/ranger.nix @@ -7,9 +7,14 @@ }: let inherit (config.grimmShared) enable tooling; - inherit (lib) mkIf mapAttrs' concatLines attrNames; + inherit (lib) + mkIf + mapAttrs' + concatLines + attrNames + ; plugins = { - ranger_udisk_menu = inputs.ranger_udisk_menu; + ranger_udisk_menu = inputs.ranger_udisk_menu; }; in { @@ -20,11 +25,13 @@ in }; environment.systemPackages = [ pkgs.ranger ]; - environment.etc = (mapAttrs' (n: v: { - name = "ranger/plugins/${n}"; - value.source = v; - }) plugins) // { - "ranger/commands.py".text = concatLines (map (n: "from plugins.${n} import *") (attrNames plugins)); - }; + environment.etc = + (mapAttrs' (n: v: { + name = "ranger/plugins/${n}"; + value.source = v; + }) plugins) + // { + "ranger/commands.py".text = concatLines (map (n: "from plugins.${n} import *") (attrNames plugins)); + }; }; } diff --git a/configuration.nix b/configuration.nix index 4d1a008..453b2ec 100644 --- a/configuration.nix +++ b/configuration.nix @@ -10,7 +10,7 @@ # Bootloader. boot = { loader.efi.canTouchEfiVariables = true; - kernelPackages = lib.mkDefault pkgs.linuxPackages_zen; + # kernelPackages = lib.mkDefault pkgs.linuxPackages_zen; }; services.logrotate.checkConfig = false; # fixme: actually needed? diff --git a/fake_flake.nix b/fake_flake.nix index e8b225c..ad7daf6 100644 --- a/fake_flake.nix +++ b/fake_flake.nix @@ -36,9 +36,9 @@ let #} ]; - # enable ccache for lix if ccache is enabled - # enable_lix_ccache = true; in +# enable ccache for lix if ccache is enabled +# enable_lix_ccache = true; { imports = [ "${nivSources.agenix}/modules/age.nix" @@ -51,7 +51,7 @@ in (builtins.getFlake (asGithubRef nivSources.chaotic)).nixosModules.default # (builtins.getFlake (asGithubRef nivSources.nixos-matrix-modules)).nixosModules.default # (builtins.getFlake "git+${nivSources.nixos-mailserver.repo}").nixosModules.default - ] ++ lib.optionals (builtins.hasAttr build_target host_modules) host_modules.${build_target}; + ] ++ host_modules.grimmauld-nixos-server; # ++ lib.optionals (builtins.hasAttr build_target host_modules) host_modules.${build_target}; system.nixos = { distroId = "lixos"; @@ -131,14 +131,16 @@ in inputs = nivSources; }; + nix.package = pkgs.lix; + nix.settings.extra-substituters = [ - "https://cache.lix.systems" + # "https://cache.lix.systems" "https://nyx.chaotic.cx/" "https://ezkea.cachix.org" ]; nix.settings.trusted-public-keys = [ - "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + # "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" "nyx.chaotic.cx-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" "ezkea.cachix.org-1:ioBmUbJTZIKsHmWWXPe1FSFbeVe+afhfgqgTSNd34eI=" diff --git a/modules/default.nix b/modules/default.nix index ff445b3..234f264 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -5,21 +5,22 @@ let in { imports = [ + ./wireguard.nix ./matrix.nix ./puffer.nix ./gitea.nix ./grafana.nix ./nextcloud.nix - # ./prometheus.nix + ./prometheus.nix # ./mjolnir.nix - ./fail2ban.nix +# ./fail2ban.nix ./email.nix - ./discord-matrix-bridge.nix + # ./discord-matrix-bridge.nix ./mastodon.nix ./nix_cache.nix - ./auth.nix + # ./auth.nix ./hedgedoc.nix - ./factorio.nix + # ./factorio.nix ]; options.serverConfig = @@ -169,8 +170,9 @@ in accessType = "proxy"; }; matrix_host = { - accessType = "redirect"; + # accessType = "redirect"; host = "matrix.${domain}"; + # port = 8008; }; prometheus_host = { host = "prometheus.${domain}"; diff --git a/modules/discord-matrix-bridge.nix b/modules/discord-matrix-bridge.nix index 19a2eb4..5a5cff3 100644 --- a/modules/discord-matrix-bridge.nix +++ b/modules/discord-matrix-bridge.nix @@ -17,8 +17,8 @@ in }; bridge = { enableSelfServiceBridging = true; - domain = config.services.matrix-synapse-next.settings.server_name; - homeserverUrl = config.services.matrix-synapse-next.settings.public_baseurl; + domain = config.services.matrix-synapse.settings.server_name; + homeserverUrl = config.services.matrix-synapse.settings.public_baseurl; disablePresence = true; disableTypingNotifications = true; }; diff --git a/modules/factorio.nix b/modules/factorio.nix index 0ca69c8..6a0abb8 100644 --- a/modules/factorio.nix +++ b/modules/factorio.nix @@ -1,13 +1,27 @@ -{ pkgs, config, lib, ...}: { - +{ + pkgs, + config, + lib, + ... +}: +{ + networking.firewall.allowedTCPPorts = [ 34197 + 34198 ]; networking.firewall.allowedUDPPorts = [ + 34198 34197 ]; + services.prometheus.scrapeConfigs = [ + { + job_name = "clusterio-trangar"; + static_configs = [ { targets = [ "trang.ar:8080" ]; } ]; + } + ]; systemd.services.clusterio-trangar = { description = "clusterio pulling its config from trang.ar"; @@ -19,9 +33,11 @@ #serviceConfig.Group = "users"; serviceConfig.WorkingDirectory = "/home/grimmauld/clusterio"; script = '' - ${lib.getExe' config.nix.package "nix-shell"} -I nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos /home/grimmauld/clusterio/shell.nix + export NIXPKGS_ALLOW_UNFREE=1 + ${lib.getExe' config.nix.package "nix-shell"} -I nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos /home/grimmauld/clusterio-nonfhs/shell.nix --run "cd /home/grimmauld/clusterio-nonfhs/install && nice -19 bash run-host.sh" + # /home/grimmauld/clusterio/shell.nix ''; - wantedBy = ["multi-user.target"]; # starts after login + wantedBy = [ "multi-user.target" ]; # starts after login enable = true; }; } diff --git a/modules/hedgedoc.nix b/modules/hedgedoc.nix index cd1423c..40a71df 100644 --- a/modules/hedgedoc.nix +++ b/modules/hedgedoc.nix @@ -1,8 +1,9 @@ { config, ... }: let inherit (config.serverConfig) vhosts; -in { - services.hedgedoc = { +in +{ + services.hedgedoc = { enable = true; settings = { domain = vhosts.hedgedoc_host.host; diff --git a/modules/matrix_legacy.nix b/modules/matrix_legacy.nix new file mode 100644 index 0000000..974fecd --- /dev/null +++ b/modules/matrix_legacy.nix @@ -0,0 +1,240 @@ +{ + lib, + config, + pkgs, + ... +}: +let + inherit (config.networking) domain; + inherit (config.serverConfig) vhosts; + + fqdn = vhosts.matrix_host.host; + base_url = "https://${fqdn}"; + + clientConfig."m.homeserver" = {inherit base_url; }; # = "https://${vhosts.matrix_host.host}"; + serverConfig."m.server" = "${vhosts.matrix_host.host}:443"; + mkWellKnown = data: '' + default_type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON data}'; + ''; + synapse_backend = "http://[::1]:8008"; +in +{ + services.postgresql = { + enable = true; + ensureDatabases = [ "synapse" ]; + ensureUsers = [ + { + name = "synapse"; + passFile = config.age.secrets.synapse_db_pass.path; + ensureDBOwnership = true; + } + ]; + }; + + + services.matrix-synapse = { + enable = true; + settings.server_name = domain; + # The public base URL value must match the `base_url` value set in `clientConfig` above. + # The default value here is based on `server_name`, so if your `server_name` is different + # from the value of `fqdn` above, you will likely run into some mismatched domain names + # in client applications. + settings.public_baseurl = base_url; + settings.listeners = [ + { port = 8008; + bind_addresses = [ "::1" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ { + names = [ "client" "federation" ]; + compress = true; + } ]; + } + ]; + + settings.database = { + name = "psycopg2"; + args = { user="synapse"; database= "synapse"; }; + }; + settings.log_config = ./matrix_synapse_log_config.yaml; + settings.enable_registration = false; + configureRedisLocally = true; + settings.redis.enabled = true; + + settings.app_service_config_files = [ + # The registration file is automatically generated after starting the + # appservice for the first time. + # cp /var/lib/mautrix-telegram/telegram-registration.yaml \ + # /var/lib/matrix-synapse/ + # chown matrix-synapse:matrix-synapse \ + # /var/lib/matrix-synapse/telegram-registration.yaml + # "/var/lib/matrix-synapse/discord-registration.yaml" + ]; + }; + +# services.matrix-synapse-next = { +# enable = true; +# +# workers.federationSenders = 1; +# workers.federationReceivers = 1; +# workers.initialSyncers = 1; +# workers.normalSyncers = 1; +# workers.eventPersisters = 2; +# workers.useUserDirectoryWorker = true; +# mainLogConfig = ./matrix_synapse_log_config.yaml; +# +# enableNginx = true; +# enableSlidingSync = false; +# +# settings = { +# suppress_key_server_warning = true; +# server_name = domain; +# public_baseurl = "https://${domain}"; +# enable_registration = true; +# registration_requires_token = true; +# registration_shared_secret_path = config.age.secrets.synapse_registration_shared_secret.path; +# # enable_registration_without_verification = true; +# # mainLogConfig = ./matrix_synapse_log_config.yaml; +# +# # registrations_require_3pid = [ "email" ]; +# +# database = { +# name = "psycopg2"; +# args = { +# host = "localhost"; +# port = config.services.postgresql.settings.port; +# dbname = "synapse"; +# user = "synapse"; +# cp_min = 5; +# cp_max = 10; +# client_encoding = "auto"; +# passfile = config.age.secrets.synapse_db_pass_prepared.path; +# }; +# }; +# }; +# }; + services.redis.servers."".enable = true; + + age.secrets.synapse_db_pass = { + file = ../secrets/synapse_db_pass.age; + owner = "postgres"; + group = "postgres"; + }; + age.secrets.synapse_db_pass_prepared = { + file = ../secrets/synapse_db_pass_prepared.age; + owner = "matrix-synapse"; + group = "matrix-synapse"; + mode = "0600"; + }; + age.secrets.synapse_registration_shared_secret = { + file = ../secrets/synapse_registration_shared_secret.age; + owner = "matrix-synapse"; + group = "matrix-synapse"; + mode = "0600"; + }; + + environment.systemPackages = with pkgs; [ + matrix-synapse-tools.synadm + matrix-synapse + ]; + + + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + + virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + # This section is not needed if the server_name of matrix-synapse is equal to + # the domain (i.e. example.org from @foo:example.org) and the federation port + # is 8448. + # Further reference can be found in the docs about delegation under + # https://element-hq.github.io/synapse/latest/delegate.html + locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + # This is usually needed for homeserver discovery (from e.g. other Matrix clients). + # Further reference can be found in the upstream docs at + # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient + locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; + }; + + virtualHosts."${fqdn}" = { + enableACME = true; + forceSSL = true; + + locations."/_matrix" = { + proxyPass = synapse_backend; + #extraConfig = '' + # add_header X-debug-backend ${synapse_backend}; + # add_header X-debug-group $synapse_uri_group; + # client_max_body_size ${config.services.matrix-synapse-next.settings.max_upload_size}; + # proxy_read_timeout 10m; + #''; + }; + locations."/_synapse/client".proxyPass = synapse_backend; + }; + }; + +# services.nginx = { +# enable = true; +# virtualHosts."${domain}" = { +# forceSSL = true; +# enableACME = lib.mkForce false; # use the cert above, not some weird one that matrix-synapse module supplies +# useACMEHost = domain; +# locations."/.well-known/matrix/server" = { +# return = "200 '{\"m.server\":\"${vhosts.matrix_host.host}:443\"}'"; +# extraConfig = '' +# default_type application/json; +# add_header Access-Control-Allow-Origin *; +# add_header Accept-Ranges bytes;''; +# }; +# locations."/.well-known/matrix/client" = { +# return = "200 '{\"m.homeserver\": {\"base_url\": \"https://${vhosts.matrix_host.host}\"}}'"; +# extraConfig = '' +# add_header Access-Control-Allow-Origin *; +# default_type application/json; +# ''; +# }; +# locations."/_matrix" = { +# proxyPass = "http://$synapse_backend"; +# extraConfig = '' +# add_header X-debug-backend $synapse_backend; +# add_header X-debug-group $synapse_uri_group; +# client_max_body_size ${config.services.matrix-synapse-next.settings.max_upload_size}; +# proxy_read_timeout 10m; +# ''; +# }; +# locations."/_synapse/client" = { +# proxyPass = "http://$synapse_backend"; +# }; +# locations."~ ^/_matrix/client/(r0|v3)/sync$" = { +# proxyPass = "http://$synapse_backend"; +# extraConfig = '' +# proxy_read_timeout 1h; +# ''; +# }; +# locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = { +# proxyPass = "http://synapse_worker_initial_sync"; +# extraConfig = '' +# proxy_read_timeout 1h; +# ''; +# }; +# locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = { +# proxyPass = "http://synapse_worker_initial_sync"; +# extraConfig = '' +# proxy_read_timeout 1h; +# ''; +# }; +# # locations."/.well-known/matrix" = { +# proxyPass = "http://$synapse_backend"; +# }; +# }; +# }; + # networking.firewall.allowedTCPPorts = [ 8448 8008 ]; +} diff --git a/modules/prometheus.nix b/modules/prometheus.nix index 7778988..5a980c7 100644 --- a/modules/prometheus.nix +++ b/modules/prometheus.nix @@ -14,17 +14,24 @@ in { targets = let - inherit (lib) filter isAttrs attrValues; + inherit (lib) + filter + isAttrs + attrValues + filterAttrs + ; in map (v: "127.0.0.1:${builtins.toString v.port}") ( - filter (v: (isAttrs v) && v.enable) (attrValues config.services.prometheus.exporters) + filter (v: (isAttrs v) && v.enable) ( + attrValues (filterAttrs (n: v: n != "minio") config.services.prometheus.exporters) + ) ); } ]; } ]; exporters = { - nginx.enable = true; + # nginx.enable = true; redis.enable = true; domain.enable = true; postgres.enable = true; diff --git a/modules/wireguard.nix b/modules/wireguard.nix new file mode 100644 index 0000000..96f617d --- /dev/null +++ b/modules/wireguard.nix @@ -0,0 +1,36 @@ + {pkgs, ...}: { + # enable NAT + networking.nat.enable = true; networking.nat.externalInterface = "eth0"; + networking.nat.internalInterfaces = [ "wg0" ]; networking.firewall = { + allowedUDPPorts = [ 51820 ]; + }; + + networking.wireguard.interfaces = { + # "wg0" is the network interface name. You can name the interface + # arbitrarily.} + wg0 = { + privateKeyFile = "/home/grimmauld/wireguard.priv"; + # Determines the IP address and subnet of the server's end of the tunnel + # interface. + ips = [ "10.100.0.1/24" ]; + # The port that WireGuard listens to. Must be accessible by the client. + listenPort = 51820; + # This allows the wireguard server to route your traffic to the internet and + # hence be like a VPN For this to work you have to set the dnsserver IP of + # your router (or dnsserver of choice) in your clients + postSetup = '' ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens18 -j MASQUERADE + ''; + # This undoes the above command + postShutdown = '' ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens18 -j MASQUERADE + ''; + + generatePrivateKeyFile = true; + peers = [ + { +publicKey="2aANdnPYtf78iXfwNVAtYjIlE5k/yDWvbdXZ2jw0hXk="; + allowedIPs = [ "10.100.0.2/32" ]; + } ]; + }; + }; + environment.systemPackages = with pkgs; [ wireguard-tools ]; +} diff --git a/modules/wireguard.nix.save b/modules/wireguard.nix.save new file mode 100644 index 0000000..683f70f --- /dev/null +++ b/modules/wireguard.nix.save @@ -0,0 +1,2 @@ +{ + diff --git a/nix/sources.json b/nix/sources.json index 70750bd..63f8f62 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -5,10 +5,10 @@ "homepage": null, "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "f27ebcdcaf296f24b7a662facefec6b4d492b5c5", - "sha256": "15mshy4nc956nlzfq1rcaaglwsi500p3rk0nbghqbwipg0cij9f7", + "rev": "5a1bc8dcc6a73e1d64b9291c9c466a637746e6cf", + "sha256": "1h96br2xrxrzf46n6qa7c393qxh335dp6x0qfdzcyb8va7dj42c9", "type": "tarball", - "url": "https://github.com/ezKEa/aagl-gtk-on-nix/archive/f27ebcdcaf296f24b7a662facefec6b4d492b5c5.tar.gz", + "url": "https://github.com/ezKEa/aagl-gtk-on-nix/archive/5a1bc8dcc6a73e1d64b9291c9c466a637746e6cf.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "agenix": { @@ -29,10 +29,10 @@ "homepage": "", "owner": "nix-community", "repo": "authentik-nix", - "rev": "0fd076529b40e7fc7304a398618cab76ff7e96c3", - "sha256": "1ax3rvw66s246dyrcgpshr7bj78qv73db8s6sd3hzvbmn56kwixr", + "rev": "1138b948d3e1d5bc453e096bac1a510487871415", + "sha256": "0wbzbya8qkh9gys7am2m4waq8l5b41m7kvyxnxlvgk42xnrxdqxj", "type": "tarball", - "url": "https://github.com/nix-community/authentik-nix/archive/0fd076529b40e7fc7304a398618cab76ff7e96c3.tar.gz", + "url": "https://github.com/nix-community/authentik-nix/archive/1138b948d3e1d5bc453e096bac1a510487871415.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "chaotic": { @@ -41,10 +41,10 @@ "homepage": "https://nyx.chaotic.cx", "owner": "chaotic-cx", "repo": "nyx", - "rev": "a803a24630c8d6108d88f2e35cf6c6d801c187b6", - "sha256": "11wkfs8diw9syg9fcdgxr271rd7dn1zlxlnv9280zlbgxmnhzi3f", + "rev": "7ed94bbcc6b28d546169b66b5e881c33ab5e62f4", + "sha256": "14x6p0g2wbs9fc3bbds3yv4j5jgdc37vx282ggqmyx729ifv70m7", "type": "tarball", - "url": "https://github.com/chaotic-cx/nyx/archive/a803a24630c8d6108d88f2e35cf6c6d801c187b6.tar.gz", + "url": "https://github.com/chaotic-cx/nyx/archive/7ed94bbcc6b28d546169b66b5e881c33ab5e62f4.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "glibc-eac": { @@ -68,7 +68,7 @@ "lix-pkg": { "branch": "main", "repo": "https://git.lix.systems/lix-project/lix.git", - "rev": "5f298f74c92402a8390b01c736463b17b36277e3", + "rev": "3f7519526f7e2cd3ede01c3910fbfe2ddf0f051f", "type": "git" }, "nixos-mailserver": { @@ -83,10 +83,10 @@ "homepage": null, "owner": "dali99", "repo": "nixos-matrix-modules", - "rev": "f4e20d03605c21aebb325c936f3283c322d7e975", - "sha256": "1jj0rxahi3f9ypb3csz3q7jcr556iqbqifb4h9p632hl5prac9rl", + "rev": "ff787d410cba17882cd7b6e2e22cc88d4064193c", + "sha256": "150nvzdrmvyy47pyv44rpmv96mwvgcsq4n22b6g5inzqyz334sxm", "type": "tarball", - "url": "https://github.com/dali99/nixos-matrix-modules/archive/f4e20d03605c21aebb325c936f3283c322d7e975.tar.gz", + "url": "https://github.com/dali99/nixos-matrix-modules/archive/ff787d410cba17882cd7b6e2e22cc88d4064193c.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "nixpkgs": { @@ -95,10 +95,10 @@ "homepage": null, "owner": "NixOS", "repo": "nixpkgs", - "rev": "9357f4f23713673f310988025d9dc261c20e70c6", - "sha256": "0mr3vfnl8h0214ml7l5hsaq2g9174r3ra0hzcvlqk9kg024siwbf", + "rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784", + "sha256": "04kf05809w6bvr4vmbjjc3p8w8ycapx9395v5x3ylmw3lhadxqr7", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/9357f4f23713673f310988025d9dc261c20e70c6.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/1925c603f17fc89f4c8f6bf6f631a802ad85d784.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "ranger_udisk_menu": { diff --git a/specific/grimmauld-nixos-server/configuration.nix b/specific/grimmauld-nixos-server/configuration.nix index 0e877b5..41e77f5 100644 --- a/specific/grimmauld-nixos-server/configuration.nix +++ b/specific/grimmauld-nixos-server/configuration.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; @@ -11,6 +11,7 @@ services.openssh.enable = true; system.stateVersion = "23.11"; networking.networkmanager.enable = lib.mkForce false; + boot.kernelPackages = pkgs.linuxPackages_latest; # users.users.root.openssh.authorizedKeys.keys = (import ./authorizedKeys.nix); } diff --git a/specific/grimmauld-nixos-server/hardware-configuration.nix b/specific/grimmauld-nixos-server/hardware-configuration.nix index 6cf9123..938ddac 100644 --- a/specific/grimmauld-nixos-server/hardware-configuration.nix +++ b/specific/grimmauld-nixos-server/hardware-configuration.nix @@ -14,6 +14,11 @@ fsType = "ext4"; }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/d6bf7aad-cd46-458c-98e8-a321eb77858a"; + fsType = "ext4"; + }; + environment.sessionVariables = { OMP_NUM_THREADS = "8"; };