From 22add0a1b5b42721072a6a45d2b62902227077a2 Mon Sep 17 00:00:00 2001 From: Danilo Reyes Date: Tue, 30 Jan 2024 21:02:31 -0600 Subject: [PATCH 1/3] structuring format --- workstation/configuration.org | 21 ++++++++++----------- workstation/fstab.nix | 4 ++-- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/workstation/configuration.org b/workstation/configuration.org index 5a78fbe..de3657d 100644 --- a/workstation/configuration.org +++ b/workstation/configuration.org @@ -37,11 +37,11 @@ configurations. { config, lib, pkgs, ... }: let version = "23.11"; + cpuArch = "x86_64-linux"; myEmail = "CaptainJawZ@outlook.com"; myName = "Danilo Reyes"; cpuArchitecture = "znver3"; home-manager = builtins.fetchTarball - # "https://github.com/nix-community/home-manager/archive/master.tar.gz"; "https://github.com/nix-community/home-manager/archive/release-${version}.tar.gz"; unstable = import (builtins.fetchTarball @@ -322,11 +322,10 @@ architecture and other build flags. #+begin_src nix nixpkgs = { - hostPlatform = lib.mkDefault "x86_64-linux"; + hostPlatform = lib.mkDefault cpuArch; config = { allowUnfree = true; - permittedInsecurePackages = [ - ]; + permittedInsecurePackages = [ ]; }; # localSystem = { # gcc.arch = cpuArchitecture; @@ -367,7 +366,7 @@ users = { openssh = { authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacero\cdreyes@100CDREYES" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIParbc033V2/yPsuhBQ8NPbnsEI/Ec0N4Lk6RJubTFfZ jawz@workstation" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIParbc033V2/yPsuhBQ8NPbnsEI/Ec0N4Lk6RJubTFfZ jawz@workstation" ]; }; #+end_src @@ -528,8 +527,8 @@ mousai # poor man shazam tagger # tag music files obs-studio # screen recorder & streamer # shortwave # listen to world radio -# nextcloud-client # self-hosted google-drive alternative -megasync # well, nextcloud is gone for now... +nextcloud-client # self-hosted google-drive alternative +fragments #+end_src *** WEB @@ -929,7 +928,7 @@ environment = { }; systemPackages = with pkgs; [ # virt-manager - podman-compose + docker-compose wget gwe ]; @@ -1174,11 +1173,11 @@ On this section, you can also add virtual machines settings. programs.dconf.enable = true; # virt-manager requires dconf to remember settings virtualisation = { libvirtd.enable = false; - podman = { + docker = { enable = true; enableNvidia = true; - dockerCompat = true; - defaultNetwork.settings.dns_enabled = true; + # dockerCompat = true; + # defaultNetwork.settings.dns_enabled = true; autoPrune = { enable = true; flags = [ "--all" ]; diff --git a/workstation/fstab.nix b/workstation/fstab.nix index 0c62ec6..905c1c4 100644 --- a/workstation/fstab.nix +++ b/workstation/fstab.nix @@ -51,8 +51,8 @@ options = [ "x-systemd.automount" "noauto" ]; }; in { - "/mnt/pool" = mount "pool" // { }; - "/mnt/jawz" = mount "jawz" // { }; + # "/mnt/pool" = mount "pool" // { }; + # "/mnt/jawz" = mount "jawz" // { }; "/" = { device = "/dev/mapper/nvme"; fsType = "btrfs"; From 6c7da7864a8f7c5031a70d6322b5f465d337b149 Mon Sep 17 00:00:00 2001 From: Danilo Reyes Date: Fri, 9 Feb 2024 23:39:24 -0600 Subject: [PATCH 2/3] enable fstab --- workstation/fstab.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/workstation/fstab.nix b/workstation/fstab.nix index 905c1c4..0c62ec6 100644 --- a/workstation/fstab.nix +++ b/workstation/fstab.nix @@ -51,8 +51,8 @@ options = [ "x-systemd.automount" "noauto" ]; }; in { - # "/mnt/pool" = mount "pool" // { }; - # "/mnt/jawz" = mount "jawz" // { }; + "/mnt/pool" = mount "pool" // { }; + "/mnt/jawz" = mount "jawz" // { }; "/" = { device = "/dev/mapper/nvme"; fsType = "btrfs"; From 1f54f3bbacd281c30654885677501090c20ad30f Mon Sep 17 00:00:00 2001 From: Danilo Reyes Date: Fri, 16 Feb 2024 23:34:09 -0600 Subject: [PATCH 3/3] ssh hardening --- workstation/configuration.org | 1 + 1 file changed, 1 insertion(+) diff --git a/workstation/configuration.org b/workstation/configuration.org index de3657d..fcc6629 100644 --- a/workstation/configuration.org +++ b/workstation/configuration.org @@ -1053,6 +1053,7 @@ services = { startWhenNeeded = true; settings = { PasswordAuthentication = false; + PermitRootLogin = "prohibit-password"; KbdInteractiveAuthentication = false; }; };