diff options
Diffstat (limited to 'Omni/Os')
| -rw-r--r-- | Omni/Os/Base.nix | 18 | ||||
| -rw-r--r-- | Omni/Os/Boot.nix | 23 |
2 files changed, 20 insertions, 21 deletions
diff --git a/Omni/Os/Base.nix b/Omni/Os/Base.nix index 8e301e1..c18ca1d 100644 --- a/Omni/Os/Base.nix +++ b/Omni/Os/Base.nix @@ -1,19 +1,17 @@ -{ config, ... }: - +{config, ...}: # This module defines common default settings that all OS builds should include. - -let ports = import ../Cloud/Ports.nix; +let + ports = import ../Cloud/Ports.nix; in { boot.tmp.cleanOnBoot = true; networking.firewall.allowPing = true; - nix.settings.substituters = - [ "https://cache.nixos.org" ]; # "ssh://dev.simatime.com" ]; + nix.settings.substituters = ["https://cache.nixos.org"]; # "ssh://dev.simatime.com" ]; nix.gc.automatic = true; nix.gc.dates = "Sunday 02:15"; nix.optimise.automatic = true; - nix.optimise.dates = [ "Sunday 02:30" ]; - nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; - nix.settings.trusted-users = [ "ben" ]; + nix.optimise.dates = ["Sunday 02:30"]; + nix.settings.extra-sandbox-paths = [config.programs.ccache.cacheDir]; + nix.settings.trusted-users = ["ben"]; programs.ccache.enable = true; programs.mosh.enable = true; programs.mosh.withUtempter = true; @@ -23,7 +21,7 @@ in { services.clamav.daemon.enable = true; # security services.clamav.updater.enable = true; # security services.fail2ban.enable = true; # security - services.fail2ban.ignoreIP = [ ports.bensIp ]; # my home IP + services.fail2ban.ignoreIP = [ports.bensIp]; # my home IP services.fail2ban.maxretry = 10; services.openssh.enable = true; services.openssh.openFirewall = true; diff --git a/Omni/Os/Boot.nix b/Omni/Os/Boot.nix index c789d89..bfbae8c 100644 --- a/Omni/Os/Boot.nix +++ b/Omni/Os/Boot.nix @@ -1,14 +1,15 @@ -{ bild }: -/* This target creates a qcow2 image of a barebones NixOS VM which should be used - to bootstrap a deployment target. +{bild}: +/* +This target creates a qcow2 image of a barebones NixOS VM which should be used +to bootstrap a deployment target. - The workflow is like this: +The workflow is like this: - - bild this, you get a qcow2 image - - go to https://cloud.digitalocean.com/images/custom_images - - upload the image - - start a new droplet with this image - - once fully provisioned and accessible via ssh, the new droplet can be a deploy - target for any other namespace +- bild this, you get a qcow2 image +- go to https://cloud.digitalocean.com/images/custom_images +- upload the image +- start a new droplet with this image +- once fully provisioned and accessible via ssh, the new droplet can be a deploy + target for any other namespace */ -bild.droplet { imports = [ ./Base.nix ../Users.nix ]; } +bild.droplet {imports = [./Base.nix ../Users.nix];} |