From 18c43a42598ccd653de51b9f08ba9f939a55a02b Mon Sep 17 00:00:00 2001 From: Emmet Date: Sat, 8 Nov 2025 13:57:29 -0600 Subject: [PATCH] Fixes for server kernel --- hosts/ori/configuration.nix | 32 +++++++++---------- hosts/ori/hardware-configuration.nix | 47 +++++++++++++++++++--------- 2 files changed, 48 insertions(+), 31 deletions(-) diff --git a/hosts/ori/configuration.nix b/hosts/ori/configuration.nix index 2c058ed..9d4f760 100644 --- a/hosts/ori/configuration.nix +++ b/hosts/ori/configuration.nix @@ -9,7 +9,7 @@ # hardware cachy.enable = true; - cachy.variant = "server"; + cachy.variant = "lts"; virtualization = { docker.enable = true; @@ -53,19 +53,19 @@ programs.fuse.userAllowOther = true; networking.firewall.extraCommands = - # ip ban ai crawlers - let createDropRulesForIpAddress = address: - '' - iptables -A INPUT -s ${address} -j DROP - iptables -A OUTPUT -s ${address} -j DROP - iptables -A FORWARD -s ${address} -j DROP - iptables -A DOCKER -s ${address} -j DROP - iptables -A DOCKER-BRIDGE -s ${address} -j DROP - iptables -A DOCKER-FORWARD -s ${address} -j DROP - iptables -A DOCKER-USER -s ${address} -j DROP - iptables -A DOCKER-ISOLATION-STAGE-1 -s ${address} -j DROP - iptables -A DOCKER-ISOLATION-STAGE-2 -s ${address} -j DROP - ''; + # ip ban ai crawlers + let + createDropRulesForIpAddress = address: '' + iptables -A INPUT -s ${address} -j DROP + iptables -A OUTPUT -s ${address} -j DROP + iptables -A FORWARD -s ${address} -j DROP + iptables -A DOCKER -s ${address} -j DROP + iptables -A DOCKER-BRIDGE -s ${address} -j DROP + iptables -A DOCKER-FORWARD -s ${address} -j DROP + iptables -A DOCKER-USER -s ${address} -j DROP + iptables -A DOCKER-ISOLATION-STAGE-1 -s ${address} -j DROP + iptables -A DOCKER-ISOLATION-STAGE-2 -s ${address} -j DROP + ''; in '' ${createDropRulesForIpAddress "216.73.216.143"} @@ -215,8 +215,8 @@ ${createDropRulesForIpAddress "98.84.200.43"} ${createDropRulesForIpAddress "98.84.60.17"} ${createDropRulesForIpAddress "98.84.70.201"} - ''; - virtualisation.docker.extraOptions="--iptables=true"; + ''; + virtualisation.docker.extraOptions = "--iptables=true"; }; } diff --git a/hosts/ori/hardware-configuration.nix b/hosts/ori/hardware-configuration.nix index cce9b41..dc1e414 100644 --- a/hosts/ori/hardware-configuration.nix +++ b/hosts/ori/hardware-configuration.nix @@ -1,29 +1,46 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, modulesPath, ... }: +{ + config, + lib, + modulesPath, + ... +}: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; services.fstrim.enable = true; - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "ums_realtek" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ehci_pci" + "ahci" + "ums_realtek" + "sd_mod" + "sr_mod" + ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.kernelModules = [ + "kvm-intel" + "ip_tables" + "i6table_nat" + "wireguard" + ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/ea03d496-2769-485d-b5cb-de0b58cb698c"; - fsType = "btrfs"; - options = [ "subvol=@" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/ea03d496-2769-485d-b5cb-de0b58cb698c"; + fsType = "btrfs"; + options = [ "subvol=@" ]; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/4F5E-11FB"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/4F5E-11FB"; + fsType = "vfat"; + }; swapDevices = [ ];