byteio/nixos-config
1
0
Fork 0
mirror of https://github.com/librephoenix/nixos-config synced 2025-11-30 14:43:59 +05:30
Code Issues Projects Releases Packages Wiki Activity

Fixes for server kernel

Browse source
This commit is contained in:
Emmet 2025-11-08 13:57:29 -06:00
parent 74ade00081
commit 18c43a4259
2 changed files with 48 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

8
hosts/ori/configuration.nix
View file

@ -9,7 +9,7 @@
# hardware # hardware
cachy.enable = true; cachy.enable = true;
cachy.variant = "server"; cachy.variant = "lts";
virtualization = { virtualization = {
docker.enable = true; docker.enable = true;
@ -54,8 +54,8 @@
networking.firewall.extraCommands = networking.firewall.extraCommands =
# ip ban ai crawlers # ip ban ai crawlers
let createDropRulesForIpAddress = address: let
'' createDropRulesForIpAddress = address: ''
iptables -A INPUT -s ${address} -j DROP iptables -A INPUT -s ${address} -j DROP
iptables -A OUTPUT -s ${address} -j DROP iptables -A OUTPUT -s ${address} -j DROP
iptables -A FORWARD -s ${address} -j DROP iptables -A FORWARD -s ${address} -j DROP
@ -216,7 +216,7 @@
${createDropRulesForIpAddress "98.84.60.17"} ${createDropRulesForIpAddress "98.84.60.17"}
${createDropRulesForIpAddress "98.84.70.201"} ${createDropRulesForIpAddress "98.84.70.201"}
''; '';
virtualisation.docker.extraOptions="--iptables=true"; virtualisation.docker.extraOptions = "--iptables=true";
}; };
} }

35
hosts/ori/hardware-configuration.nix
View file

@ -1,27 +1,44 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }: {
config,
lib,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
services.fstrim.enable = true; services.fstrim.enable = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "ums_realtek" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"ums_realtek"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [
"kvm-intel"
"ip_tables"
"i6table_nat"
"wireguard"
];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/ea03d496-2769-485d-b5cb-de0b58cb698c"; device = "/dev/disk/by-uuid/ea03d496-2769-485d-b5cb-de0b58cb698c";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@" ]; options = [ "subvol=@" ];
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/4F5E-11FB"; device = "/dev/disk/by-uuid/4F5E-11FB";
fsType = "vfat"; fsType = "vfat";
}; };