diff --git a/system/devices/disks/impermanence/root/default.nix b/system/devices/disks/impermanence/root/default.nix index 51c2914..3747f88 100644 --- a/system/devices/disks/impermanence/root/default.nix +++ b/system/devices/disks/impermanence/root/default.nix @@ -4,7 +4,7 @@ hideMounts = true; directories = [ "/etc/nixos" - "/etc/secureboot" + "/etc/ssh/" "/var" ]; files = [ diff --git a/system/devices/networking/default.nix b/system/devices/networking/default.nix index 34dfe97..bec965b 100644 --- a/system/devices/networking/default.nix +++ b/system/devices/networking/default.nix @@ -23,8 +23,5 @@ dnsovertls = "true"; }; - environment = { - systemPackages = with pkgs; [ impala ]; - persistence."/persist".directories = [ "/var/lib/iwd/" ]; - }; + environment.systemPackages = with pkgs; [ impala ]; } diff --git a/system/services/general/libvirtd/default.nix b/system/services/general/libvirtd/default.nix index 9324286..765559b 100644 --- a/system/services/general/libvirtd/default.nix +++ b/system/services/general/libvirtd/default.nix @@ -17,23 +17,10 @@ }; }; - programs.virt-manager.enable = true; - - environment.persistence."/persist".directories = [ - "/var/lib/libvirt/dnsmasq" - "/var/lib/libvirt/nwfilter" - "/var/lib/libvirt/qemu" - "/var/lib/libvirt/secrets" - "/var/lib/libvirt/storage" - "/var/lib/libvirt/swtpm" - ]; - # Needed to make NAT work networking.firewall.trustedInterfaces = [ "virbr0" "virbr1" ]; - - systemd.tmpfiles.rules = [ "f /dev/shm/looking-glass 0660 - libvirtd -" ]; }; } diff --git a/system/services/general/ssh/default.nix b/system/services/general/ssh/default.nix index ec13d9c..879ec79 100644 --- a/system/services/general/ssh/default.nix +++ b/system/services/general/ssh/default.nix @@ -1,22 +1,20 @@ { lib, ... }: { - imports = [ ./fail2ban ]; - - services.openssh = { - enable = true; - settings = { - PermitRootLogin = lib.mkForce "no"; - PrintLastLog = "no"; - PasswordAuthentication = false; - UsePAM = false; - X11Forwarding = false; + services = { + openssh = { + enable = true; + settings = { + PermitRootLogin = lib.mkForce "no"; + PrintLastLog = "no"; + PasswordAuthentication = false; + UsePAM = false; + X11Forwarding = false; + }; + }; + fail2ban = { + enable = true; + maxretry = 5; + bantime = "10m"; }; }; - - environment.persistence."/persist".files = [ - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; } diff --git a/system/services/server/fileserver/jellyfin/default.nix b/system/services/server/fileserver/jellyfin/default.nix index 4047385..2ce2f22 100644 --- a/system/services/server/fileserver/jellyfin/default.nix +++ b/system/services/server/fileserver/jellyfin/default.nix @@ -1,11 +1,6 @@ -{ config, lib, ... }: +{ config, ... }: { - imports = [ - ./nginx - ]; + imports = [ ./nginx ]; - config = lib.mkIf config.system.fileserver.enable { - services.jellyfin.enable = true; - environment.persistence."/persist".directories = [ "/var/lib/jellyfin" ]; - }; + services.jellyfin.enable = config.system.server.enable; } diff --git a/system/services/server/webserver/acme/default.nix b/system/services/server/webserver/acme/default.nix index a88a2b7..7fd38c5 100644 --- a/system/services/server/webserver/acme/default.nix +++ b/system/services/server/webserver/acme/default.nix @@ -1,10 +1,7 @@ { config, lib, ... }: { - config = lib.mkIf config.services.nginx.enable { - security.acme = { - acceptTerms = true; - defaults.email = "contact@nixfox.ca"; - }; - environment.persistence."/persist".directories = [ "/var/lib/acme" ]; + security.acme = lib.mkIf config.services.nginx.enable { + acceptTerms = true; + defaults.email = "contact@example.com"; }; }