Get a lot closer to the server working

2025-01-01 14:32:15 -05:00 · 2025-01-01 14:32:15 -05:00 · a7181f6a85
parent a48cb3515b
commit a7181f6a85
7 changed files with 10 additions and 7 deletions
--- a/hosts/kitty/boot/default.nix
+++ b/hosts/kitty/boot/default.nix
@ -2,6 +2,7 @@
 {
  boot = {
    kernelPackages = pkgs.linuxPackages_hardened;
+    initrd.systemd.services.root-reset.enable = lib.mkForce false;
    swraid = {
      enable = true;
      mdadmConf = "MAILADDR contact@${config.domains.p2}";
--- a/hosts/kitty/default.nix
+++ b/hosts/kitty/default.nix
@ -1,4 +1,4 @@
-{ ... }:
+{ lib, ... }:
 {
  imports = [
    ./boot
@ -13,6 +13,8 @@
    hostId = "38ba3f57";
  };

+  environment.persistence."/persist".enable = lib.mkForce false;
+
  system = {
    desktop.enable = false;
    server.enable = true;
--- a/hosts/kitty/firewall/default.nix
+++ b/hosts/kitty/firewall/default.nix
@ -31,12 +31,12 @@

        chain POSTROUTING {
          type nat hook postrouting priority 100; policy accept;
-          oifname "${config.ips.netInt}" masquerade
+          oifname "eno1" masquerade
        }
      '';
    };
  };

  # Enable IP forwarding for the server configuration
-  boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkIf config.system.firewall.server.enable 1;
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
 }
--- a/modules/home/settings/gtk/default.nix
+++ b/modules/home/settings/gtk/default.nix
@ -1,4 +1,4 @@
-{ pkgs, config, ... }:
+{ config, pkgs, ... }:
 {
  imports = [
    ./bookmarks
@ -6,7 +6,7 @@
  ];

  gtk = {
-    enable = true;
+    enable = config.home.desktop.enable;
    font = {
      name = "${config.look.fonts.main}";
      size = 11;
--- a/modules/system/devices/boot/services/root-reset/default.nix
+++ b/modules/system/devices/boot/services/root-reset/default.nix
@ -1,6 +1,7 @@
 { config, ... }:
 {
  boot.initrd.systemd.services.root-reset = {
+    enable = true;
    description = "Reset root and snapshot last boot";
    wantedBy = [ "initrd.target" ];
    before = [ "sysroot.mount" ];
--- a/modules/system/services/server/fileserver/nextcloud/nginx/default.nix
+++ b/modules/system/services/server/fileserver/nextcloud/nginx/default.nix
@ -3,7 +3,6 @@
  services.nginx.virtualHosts."cloud.${config.domains.p1}" = lib.mkIf config.services.nextcloud.enable {
    enableACME = true;
    addSSL = true;
-    onlySSL = true;
    locations."/" = {
      proxyWebsockets = true;
      extraConfig = ''