From 8a464250e76bb90eb46e258b6994bef6079b28f1 Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Thu, 1 Jul 2021 12:26:21 +0200 Subject: [PATCH] moved common packages to common; nftables on giupi --- common.nix | 18 ++++++++++++++++++ hosts/giupi/default.nix | 12 +++--------- hosts/giupi/firewall.nix | 16 ++++++++++++++++ 3 files changed, 37 insertions(+), 9 deletions(-) create mode 100644 hosts/giupi/firewall.nix diff --git a/common.nix b/common.nix index e9b4369..719bd99 100644 --- a/common.nix +++ b/common.nix @@ -12,11 +12,13 @@ nix = { autoOptimiseStore = true; + nixPath = [ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" "nixos-config=/etc/nixos/hosts/${variables.hostname}/default.nix" "/nix/var/nix/profiles/per-user/root/channels" ]; + gc = { automatic = true; dates = "weekly"; @@ -29,4 +31,20 @@ allowUnfree = true; }; }; + + environment.systemPackages = with pkgs; [ + file + pciutils + bind + wget + git + curl + htop + glances + tcpdump + restic + binutils + neovim + home-manager + ]; } diff --git a/hosts/giupi/default.nix b/hosts/giupi/default.nix index 36d54aa..18f3afa 100644 --- a/hosts/giupi/default.nix +++ b/hosts/giupi/default.nix @@ -15,6 +15,7 @@ in { ../../variables.nix ../../common.nix ../../users.nix + ./firewall.nix ]; variables.hostname = hostname; @@ -31,8 +32,8 @@ in { enable = true; ssh = { enable = true; - port = 2222; - hostKeys = [/boot/host_ecdsa_key]; + port = 22; + hostKeys = [/boot/ssh_host_rsa_key]; authorizedKeys = pubkeys; }; @@ -119,16 +120,9 @@ in { environment.systemPackages = with pkgs; [ - neovim docker - htop - glances - git - home-manager openiscsi wireguard - dnscrypt-proxy2 - restic ]; hardware = { diff --git a/hosts/giupi/firewall.nix b/hosts/giupi/firewall.nix new file mode 100644 index 0000000..ae52829 --- /dev/null +++ b/hosts/giupi/firewall.nix @@ -0,0 +1,16 @@ +{config, ...} : + +{ + networking = { + # needed to use nftables + firewall.enable = false; + nat.enable = false; + + nftables = { + enable = true; + ruleset = '' + + ''; + }; + }; +}