Get a lot closer to the server working

hosts/kitty/boot/default.nix

@@ -2,6 +2,7 @@
 {
   boot = {
     kernelPackages = pkgs.linuxPackages_hardened;
+    initrd.systemd.services.root-reset.enable = lib.mkForce false;
     swraid = {
       enable = true;
       mdadmConf = "MAILADDR contact@${config.domains.p2}";

hosts/kitty/default.nix

@@ -1,4 +1,4 @@
-{ ... }:
+{ lib, ... }:
 {
   imports = [
     ./boot
@@ -13,6 +13,8 @@
     hostId = "38ba3f57";
   };
 
+  environment.persistence."/persist".enable = lib.mkForce false;
+
   system = {
     desktop.enable = false;
     server.enable = true;

hosts/kitty/firewall/default.nix

@@ -31,12 +31,12 @@
 
         chain POSTROUTING {
           type nat hook postrouting priority 100; policy accept;
-          oifname "${config.ips.netInt}" masquerade
+          oifname "eno1" masquerade
         }
       '';
     };
   };
 
   # Enable IP forwarding for the server configuration
-  boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkIf config.system.firewall.server.enable 1;
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
 }

modules/home/settings/gtk/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, config, ... }:
+{ config, pkgs, ... }:
 {
   imports = [
     ./bookmarks
@@ -6,7 +6,7 @@
   ];
 
   gtk = {
-    enable = true;
+    enable = config.home.desktop.enable;
     font = {
       name = "${config.look.fonts.main}";
       size = 11;

modules/system/devices/boot/services/root-reset/default.nix

@@ -1,6 +1,7 @@
 { config, ... }:
 {
   boot.initrd.systemd.services.root-reset = {
+    enable = true;
     description = "Reset root and snapshot last boot";
     wantedBy = [ "initrd.target" ];
     before = [ "sysroot.mount" ];

modules/system/services/server/fileserver/nextcloud/nginx/default.nix

@@ -3,7 +3,6 @@
   services.nginx.virtualHosts."cloud.${config.domains.p1}" = lib.mkIf config.services.nextcloud.enable {
     enableACME = true;
     addSSL = true;
-    onlySSL = true;
     locations."/" = {
       proxyWebsockets = true;
       extraConfig = ''

modules/system/services/server/nginx/virtualhosts/p1/default.nix

@@ -1,6 +1,6 @@
 { config, lib, ... }:
 {
-  services.nginx.virtualHosts."${config.domains.p1}" = lib.mkIf config.system.server.enable{
+  services.nginx.virtualHosts."${config.domains.p1}" = lib.mkIf config.system.server.enable {
     enableACME = true;
     addSSL = true;
     root = "/var/www/landing-page";