diff options
| -rw-r--r-- | hosts/aptos/networking.nix | 8 | ||||
| -rw-r--r-- | hosts/carmel/networking.nix | 1 | ||||
| -rw-r--r-- | hosts/tahoe/networking.nix | 8 | ||||
| -rw-r--r-- | modules/services/default.nix | 3 | ||||
| -rw-r--r-- | modules/services/fwupd/default.nix | 5 | ||||
| -rw-r--r-- | modules/services/ssh-server/default.nix | 17 | ||||
| -rw-r--r-- | modules/services/tailscale/default.nix | 15 | ||||
| -rw-r--r-- | profiles/default.nix | 2 | ||||
| -rw-r--r-- | profiles/nas.nix | 4 | ||||
| -rw-r--r-- | profiles/server.nix | 9 | ||||
| -rw-r--r-- | profiles/tailscale.nix | 6 | ||||
| -rw-r--r-- | profiles/workstation.nix | 5 |
12 files changed, 26 insertions, 57 deletions
diff --git a/hosts/aptos/networking.nix b/hosts/aptos/networking.nix index b157ec5..84c32e5 100644 --- a/hosts/aptos/networking.nix +++ b/hosts/aptos/networking.nix @@ -26,12 +26,4 @@ services.nscd.enable = false; system.nssModules = lib.mkForce [ ]; - - # Use systemd-resolved - services.resolved = { - enable = true; - dnssec = "false"; - }; - - my.services.tailscale.enable = true; } diff --git a/hosts/carmel/networking.nix b/hosts/carmel/networking.nix index b814a22..99c9796 100644 --- a/hosts/carmel/networking.nix +++ b/hosts/carmel/networking.nix @@ -111,5 +111,4 @@ in }; networking.private-wireguard.enable = true; - my.services.tailscale.enable = true; } diff --git a/hosts/tahoe/networking.nix b/hosts/tahoe/networking.nix index 22a7251..8ea6667 100644 --- a/hosts/tahoe/networking.nix +++ b/hosts/tahoe/networking.nix @@ -27,12 +27,4 @@ services.nscd.enable = false; system.nssModules = lib.mkForce [ ]; - - # Use systemd-resolved - services.resolved = { - enable = true; - dnssec = "false"; - }; - - my.services.tailscale.enable = true; } diff --git a/modules/services/default.nix b/modules/services/default.nix index 457d86a..b6b34d5 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -5,16 +5,13 @@ ./avahi ./backup ./cgit - ./fwupd ./gitolite ./monitoring ./navidrome ./nginx ./samba ./sendsms - ./ssh-server ./syncthing - ./tailscale ./transmission ./unifi ]; diff --git a/modules/services/fwupd/default.nix b/modules/services/fwupd/default.nix deleted file mode 100644 index 52dc13e..0000000 --- a/modules/services/fwupd/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - services.fwupd.enable = true; -} diff --git a/modules/services/ssh-server/default.nix b/modules/services/ssh-server/default.nix deleted file mode 100644 index ce5d4c8..0000000 --- a/modules/services/ssh-server/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: { - services.openssh = { - enable = true; - permitRootLogin = "yes"; - passwordAuthentication = false; - }; - - programs.mosh.enable = true; - - networking.firewall.allowedTCPPorts = [ 22 ]; - - # Relevant ports for mosh - networking.firewall.allowedUDPPortRanges = [{ - from = 6000; - to = 6100; - }]; -} diff --git a/modules/services/tailscale/default.nix b/modules/services/tailscale/default.nix deleted file mode 100644 index 14753f4..0000000 --- a/modules/services/tailscale/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, ... }: -let cfg = config.my.services.tailscale; -in -{ - - options.my.services.tailscale = with lib; { - enable = mkEnableOption "tailscale configuration"; - }; - - config = lib.mkIf cfg.enable { - services.tailscale.enable = true; - networking.firewall.trustedInterfaces = [ "tailscale0" ]; - networking.firewall.checkReversePath = "loose"; - }; -} diff --git a/profiles/default.nix b/profiles/default.nix index 4575b13..2353dde 100644 --- a/profiles/default.nix +++ b/profiles/default.nix @@ -26,6 +26,8 @@ services.fstrim.enable = true; + services.fwupd.enable = true; + programs.ssh = { # $ ssh-keyscan example.com knownHosts = { diff --git a/profiles/nas.nix b/profiles/nas.nix index 9c25c22..d1033af 100644 --- a/profiles/nas.nix +++ b/profiles/nas.nix @@ -11,4 +11,8 @@ group = "nas"; isSystemUser = true; }; + + # Use systemd-resolved + services.resolved.enable = true; + services.resolved.dnssec = "false"; } diff --git a/profiles/server.nix b/profiles/server.nix index 5a95dff..731ebe8 100644 --- a/profiles/server.nix +++ b/profiles/server.nix @@ -2,6 +2,7 @@ { imports = [ ./default.nix + ./tailscale.nix ]; powerManagement.cpuFreqGovernor = "schedutil"; @@ -12,4 +13,12 @@ packages = with pkgs; [ terminus_font ]; keyMap = "us"; }; + + services.openssh = { + enable = true; + permitRootLogin = "yes"; + passwordAuthentication = false; + }; + + networking.firewall.allowedTCPPorts = [ 22 ]; } diff --git a/profiles/tailscale.nix b/profiles/tailscale.nix new file mode 100644 index 0000000..61c1a38 --- /dev/null +++ b/profiles/tailscale.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + services.tailscale.enable = true; + networking.firewall.trustedInterfaces = [ "tailscale0" ]; + networking.firewall.checkReversePath = "loose"; +} diff --git a/profiles/workstation.nix b/profiles/workstation.nix index f136c33..3b422a6 100644 --- a/profiles/workstation.nix +++ b/profiles/workstation.nix @@ -4,6 +4,7 @@ ./default.nix ./documentation.nix ./btrfs.nix + ./tailscale.nix ]; virtualisation.docker.enable = false; @@ -82,4 +83,8 @@ pavucontrol easyeffects ]; + + # Use systemd-resolved + services.resolved.enable = true; + services.resolved.dnssec = "false"; } |