Get a lot closer to the server working
This commit is contained in:
parent
a48cb3515b
commit
a7181f6a85
|
|
@ -2,6 +2,7 @@
|
||||||
{
|
{
|
||||||
boot = {
|
boot = {
|
||||||
kernelPackages = pkgs.linuxPackages_hardened;
|
kernelPackages = pkgs.linuxPackages_hardened;
|
||||||
|
initrd.systemd.services.root-reset.enable = lib.mkForce false;
|
||||||
swraid = {
|
swraid = {
|
||||||
enable = true;
|
enable = true;
|
||||||
mdadmConf = "MAILADDR contact@${config.domains.p2}";
|
mdadmConf = "MAILADDR contact@${config.domains.p2}";
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
{ ... }:
|
{ lib, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./boot
|
./boot
|
||||||
|
|
@ -13,6 +13,8 @@
|
||||||
hostId = "38ba3f57";
|
hostId = "38ba3f57";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
environment.persistence."/persist".enable = lib.mkForce false;
|
||||||
|
|
||||||
system = {
|
system = {
|
||||||
desktop.enable = false;
|
desktop.enable = false;
|
||||||
server.enable = true;
|
server.enable = true;
|
||||||
|
|
|
||||||
|
|
@ -31,12 +31,12 @@
|
||||||
|
|
||||||
chain POSTROUTING {
|
chain POSTROUTING {
|
||||||
type nat hook postrouting priority 100; policy accept;
|
type nat hook postrouting priority 100; policy accept;
|
||||||
oifname "${config.ips.netInt}" masquerade
|
oifname "eno1" masquerade
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable IP forwarding for the server configuration
|
# Enable IP forwarding for the server configuration
|
||||||
boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkIf config.system.firewall.server.enable 1;
|
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, config, ... }:
|
{ config, pkgs, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./bookmarks
|
./bookmarks
|
||||||
|
|
@ -6,7 +6,7 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
gtk = {
|
gtk = {
|
||||||
enable = true;
|
enable = config.home.desktop.enable;
|
||||||
font = {
|
font = {
|
||||||
name = "${config.look.fonts.main}";
|
name = "${config.look.fonts.main}";
|
||||||
size = 11;
|
size = 11;
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
{ config, ... }:
|
{ config, ... }:
|
||||||
{
|
{
|
||||||
boot.initrd.systemd.services.root-reset = {
|
boot.initrd.systemd.services.root-reset = {
|
||||||
|
enable = true;
|
||||||
description = "Reset root and snapshot last boot";
|
description = "Reset root and snapshot last boot";
|
||||||
wantedBy = [ "initrd.target" ];
|
wantedBy = [ "initrd.target" ];
|
||||||
before = [ "sysroot.mount" ];
|
before = [ "sysroot.mount" ];
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,6 @@
|
||||||
services.nginx.virtualHosts."cloud.${config.domains.p1}" = lib.mkIf config.services.nextcloud.enable {
|
services.nginx.virtualHosts."cloud.${config.domains.p1}" = lib.mkIf config.services.nextcloud.enable {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
addSSL = true;
|
addSSL = true;
|
||||||
onlySSL = true;
|
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, ... }:
|
||||||
{
|
{
|
||||||
services.nginx.virtualHosts."${config.domains.p1}" = lib.mkIf config.system.server.enable{
|
services.nginx.virtualHosts."${config.domains.p1}" = lib.mkIf config.system.server.enable {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
addSSL = true;
|
addSSL = true;
|
||||||
root = "/var/www/landing-page";
|
root = "/var/www/landing-page";
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue