Fixes for server kernel

2025-11-30 14:43:59 +05:30 · 2025-11-08 13:57:29 -06:00 · 2025-11-08 13:57:29 -06:00 · 18c43a4259
commit 18c43a4259
parent 74ade00081
2 changed files with 48 additions and 31 deletions
--- a/hosts/ori/configuration.nix
+++ b/hosts/ori/configuration.nix
@ -9,7 +9,7 @@

      # hardware
      cachy.enable = true;
-      cachy.variant = "server";
+      cachy.variant = "lts";

      virtualization = {
        docker.enable = true;
@ -53,19 +53,19 @@
    programs.fuse.userAllowOther = true;

    networking.firewall.extraCommands =
-    # ip ban ai crawlers
-    let createDropRulesForIpAddress = address:
-      ''
-      iptables -A INPUT -s ${address} -j DROP
-      iptables -A OUTPUT -s ${address} -j DROP
-      iptables -A FORWARD -s ${address} -j DROP
-      iptables -A DOCKER -s ${address} -j DROP
-      iptables -A DOCKER-BRIDGE -s ${address} -j DROP
-      iptables -A DOCKER-FORWARD -s ${address} -j DROP
-      iptables -A DOCKER-USER -s ${address} -j DROP
-      iptables -A DOCKER-ISOLATION-STAGE-1 -s ${address} -j DROP
-      iptables -A DOCKER-ISOLATION-STAGE-2 -s ${address} -j DROP
-      '';
+      # ip ban ai crawlers
+      let
+        createDropRulesForIpAddress = address: ''
+          iptables -A INPUT -s ${address} -j DROP
+          iptables -A OUTPUT -s ${address} -j DROP
+          iptables -A FORWARD -s ${address} -j DROP
+          iptables -A DOCKER -s ${address} -j DROP
+          iptables -A DOCKER-BRIDGE -s ${address} -j DROP
+          iptables -A DOCKER-FORWARD -s ${address} -j DROP
+          iptables -A DOCKER-USER -s ${address} -j DROP
+          iptables -A DOCKER-ISOLATION-STAGE-1 -s ${address} -j DROP
+          iptables -A DOCKER-ISOLATION-STAGE-2 -s ${address} -j DROP
+        '';
      in
      ''
        ${createDropRulesForIpAddress "216.73.216.143"}
@ -215,8 +215,8 @@
        ${createDropRulesForIpAddress "98.84.200.43"}
        ${createDropRulesForIpAddress "98.84.60.17"}
        ${createDropRulesForIpAddress "98.84.70.201"}
-    '';
-    virtualisation.docker.extraOptions="--iptables=true";
+      '';
+    virtualisation.docker.extraOptions = "--iptables=true";
  };

 }
--- a/hosts/ori/hardware-configuration.nix
+++ b/hosts/ori/hardware-configuration.nix
@ -1,29 +1,46 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, modulesPath, ... }:
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:

 {
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];

  services.fstrim.enable = true;
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "ums_realtek" "sd_mod" "sr_mod" ];
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ehci_pci"
+    "ahci"
+    "ums_realtek"
+    "sd_mod"
+    "sr_mod"
+  ];
  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
+  boot.kernelModules = [
+    "kvm-intel"
+    "ip_tables"
+    "i6table_nat"
+    "wireguard"
+  ];
  boot.extraModulePackages = [ ];

-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/ea03d496-2769-485d-b5cb-de0b58cb698c";
-      fsType = "btrfs";
-      options = [ "subvol=@" ];
-    };
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/ea03d496-2769-485d-b5cb-de0b58cb698c";
+    fsType = "btrfs";
+    options = [ "subvol=@" ];
+  };

-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/4F5E-11FB";
-      fsType = "vfat";
-    };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/4F5E-11FB";
+    fsType = "vfat";
+  };

  swapDevices = [ ];