Minimize pkgs use, add stable channel for unstable systems, more separation and such

2025-03-27 08:53:35 -04:00 · 2025-03-27 08:53:35 -04:00 · 9190e09c93
commit 9190e09c93
parent e2c86171a5
23 changed files with 112 additions and 93 deletions
--- a/hosts/intuos/default.nix
+++ b/hosts/intuos/default.nix
@ -11,7 +11,6 @@

  networking = {
    hostName = "intuos";
-    useDHCP = false;
    wireless.enable = true;
    interfaces."wlp1s0".ipv4.addresses = [{
      address = "10.2.0.102";
--- a/hosts/intuos/hardware/default.nix
+++ b/hosts/intuos/hardware/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, modulesPath, ... }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

--- a/hosts/kitty/hardware/default.nix
+++ b/hosts/kitty/hardware/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, modulesPath, ... }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

--- a/hosts/midas/firewall/default.nix
+++ b/hosts/midas/firewall/default.nix
@ -3,7 +3,7 @@
  networking.nftables.tables.forwarding = {
    family = "inet";
    content = ''
-      chain PREROUTING {
+      chain incoming {
        type nat hook prerouting priority dstnat; policy accept;
        tcp dport 2211 dnat ip to 10.2.0.100:22 comment "SSH to Tower"
        tcp dport 2222 dnat ip to 10.2.0.2:22 comment "SSH to Kitty"
@ -17,7 +17,7 @@
        udp dport { 37998, 37999, 38000 } dnat ip to 10.3.0.1 comment "VM Sunshine UDP"
      }

-      chain POSTROUTING {
+      chain forward {
        type nat hook postrouting priority 100; policy accept;
        oifname "enp0s31f6" masquerade
      }
--- a/hosts/pear/hardware/default.nix
+++ b/hosts/pear/hardware/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, modulesPath, ... }:
 {
  imports = [
    (modulesPath + "/hardware/network/broadcom-43xx.nix")
--- a/hosts/tower/boot/default.nix
+++ b/hosts/tower/boot/default.nix
@ -6,9 +6,6 @@ let
    "iommu=pt"
    "nested=1"

-    # Virtualization nonsense
-    "transparent_hugepage=never"
-
    # Isolate devices into IOMMU groups
    "pcie_acs_override=downstream,multifunction"
    "pci=routeirq"
@ -19,13 +16,14 @@ in {
    kernelPackages = pkgsUnstable.linuxPackages_xanmod_stable;
    kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ];

-    # Load into GPU before NVIDIA driver
+    # Load into GPU before video driver
    initrd.kernelModules = [
      "vfio"
      "vfio_pci"
      "vfio_iommu_type1"
    ];

+    # Secure boot
    lanzaboote.enable = true;
  };