diff --git a/hosts/kitty/boot/default.nix b/hosts/kitty/boot/default.nix index f6458c21..da72db02 100644 --- a/hosts/kitty/boot/default.nix +++ b/hosts/kitty/boot/default.nix @@ -1,8 +1,7 @@ { pkgs, ... }: { boot = { - kernelPackages = pkgs.linuxPackages_latest; - lanzaboote.enable = true; + kernelPackages = pkgs.linuxPackages_hardened; plymouth.enable = true; }; } diff --git a/hosts/kitty/default.nix b/hosts/kitty/default.nix index a74be608..e5dbdd88 100644 --- a/hosts/kitty/default.nix +++ b/hosts/kitty/default.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ modulesPath, ... }: { imports = [ ./boot @@ -7,12 +7,14 @@ ./hardware ./users ../../modules/system + (modulesPath + "/profiles/headless.nix") ]; networking = { hostName = "kitty"; + hostId = "8745e22e"; interfaces."eno1".ipv4.addresses = [{ - address = "10.2.0.101"; + address = "10.2.0.2"; prefixLength = 8; }]; defaultGateway = { @@ -22,7 +24,7 @@ }; system = { - desktop.enable = true; + server.enable = true; stateVersion = "24.11"; }; } diff --git a/hosts/kitty/users/corn/default.nix b/hosts/kitty/users/corn/default.nix index 446e0bde..ea829026 100644 --- a/hosts/kitty/users/corn/default.nix +++ b/hosts/kitty/users/corn/default.nix @@ -4,7 +4,7 @@ isNormalUser = true; createHome = true; openssh.authorizedKeys.keys = [ - "AAAAC3NzaC1lZDI1NTE5AAAAIKaZsnlyUJDNx2oK4iHsUDb+Ok4vg1jNYEAnoHsjjM2c Chinook" + "AAAAC3NzaC1lZDI1NTE5AAAAIBCADciME1/rtWOlR2BxaAkRSgIZt61SYOgjTi6hw+yS Chinook" "AAAAC3NzaC1lZDI1NTE5AAAAICtoHVAmq8Ps7EguBsV3VY4snagzkhH6aXqwbKzuGs2H Radiant" ]; uid = 1001; diff --git a/hosts/kitty/users/main/default.nix b/hosts/kitty/users/main/default.nix index b609338c..9366cadc 100644 --- a/hosts/kitty/users/main/default.nix +++ b/hosts/kitty/users/main/default.nix @@ -1,8 +1,6 @@ { config, lib, ... }: { home-manager.users."${config.sysusers.main}".home = { - desktop.enable = true; - production.enable = true; stateVersion = lib.mkForce config.system.stateVersion; }; } diff --git a/hosts/midas/default.nix b/hosts/midas/default.nix index bb3475e5..e4af2679 100644 --- a/hosts/midas/default.nix +++ b/hosts/midas/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ modulesPath, ... }: { imports = [ ./boot @@ -9,6 +9,7 @@ ./services ./users ../../modules/system + (modulesPath + "/profiles/headless.nix") ]; networking = { diff --git a/hosts/midas/firewall/default.nix b/hosts/midas/firewall/default.nix index 9fba7338..4d56670f 100644 --- a/hosts/midas/firewall/default.nix +++ b/hosts/midas/firewall/default.nix @@ -6,7 +6,7 @@ chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; tcp dport 2211 dnat ip to 10.2.0.100:22 comment "SSH to Tower" - tcp dport 2222 dnat ip to 10.2.0.101:22 comment "SSH to Kitty" + tcp dport 2222 dnat ip to 10.2.0.2:22 comment "SSH to Kitty" udp dport { 27005, 27015 } dnat ip to 10.2.0.100 comment "PC Hosted Games" diff --git a/hosts/midas/services/default.nix b/hosts/midas/services/default.nix index f74bd544..93f98b02 100644 --- a/hosts/midas/services/default.nix +++ b/hosts/midas/services/default.nix @@ -1,6 +1,7 @@ { ... }: { services = { + cloudflare-dyndns.enable = true; forgejo.enable = true; icecast.enable = true; jellyfin.enable = true; diff --git a/hosts/prophet/default.nix b/hosts/prophet/default.nix index 0efdb011..add1dd68 100644 --- a/hosts/prophet/default.nix +++ b/hosts/prophet/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ modulesPath, ... }: { imports = [ ./boot @@ -7,6 +7,7 @@ ./hardware ./users ../../modules/system + (modulesPath + "/profiles/headless.nix") ]; networking = { @@ -21,6 +22,7 @@ }; services = { + cloudflare-dyndns.enable = true; mailserver.enable = true; nginx.enable = true; wireguard.client.enable = true; diff --git a/modules/system/services/server/cfdyndns/default.nix b/modules/system/services/server/cfdyndns/default.nix index 42f6b576..16760fe1 100644 --- a/modules/system/services/server/cfdyndns/default.nix +++ b/modules/system/services/server/cfdyndns/default.nix @@ -1,7 +1,4 @@ { config, pkgs, ... }: { - services.cloudflare-dyndns = { - enable = config.system.server.enable; - apiTokenFile = "${pkgs.writeText "cloudflareapikey" config.secrets.flareApiKey}"; - }; + services.cloudflare-dyndns.apiTokenFile = "${pkgs.writeText "cloudflareapikey" config.secrets.flareApiKey}"; }