jlkasdjklasdjlk

hosts/nixos/nord/configuration.nix

@@ -28,6 +28,7 @@
     ../../../hardware/gpu/rocm.nix
     ../../../profiles/hidpi.nix
 
+    ../../../profiles/nix-ld.nix
     ../../../profiles/sshd
     #../../../profiles/oci/podman.nix
     #../../../profiles/oci/docker.nix

profiles/base/default.nix

@@ -78,12 +78,16 @@
   boot.loader.systemd-boot.configurationLimit = lib.mkDefault 5;
   boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 5;
 
-  networking.firewall.enable = true; # default
+  networking.firewall.enable = lib.mkDefault true; # default is true
   #networking.nftables.enable = true; # wirewall backend, instead of iptables, breaks docker which uses iptables
   #networking.firewall.allowPing = false;
   #networking.networkmanager.wifi.backend = "iwd"; # default is wpa_supplicant, iwd doesn't support eduroam
   networking.firewall.logRefusedConnections = false; # too spammy, rotates dmesg too quickly
 
+  specialisation.no-firewall.configuration = {
+    networking.firewall.enable = false;
+  };
+
   security.sudo.execWheelOnly = true;
 
   services.thermald.enable = lib.all (x: x) [

profiles/shell.nix

@@ -29,7 +29,7 @@
     killall
     pciutils # lspci
     htop
-    # btop
+    btop
     procps # free, kill, sysctl, watch
     util-linux
     sysstat # iostat, pidstat, ...

todos.md

@@ -1,5 +1,5 @@
 # projects
-* [ ] on eple: https://discourse.nixos.org/t/how-to-run-x-sunshine-steam-on-headless-server/35134/6
+* [ ] on garp: https://discourse.nixos.org/t/how-to-run-x-sunshine-steam-on-headless-server/35134/6
 * [ ] https://github.com/NixOS/nixos-hardware/tree/master/pine64/pinebook-pro
 * [ ] riscv
 * [ ] nixos mobile
@@ -15,7 +15,8 @@
 * [ ] toggle-markdown-checkbox plugin for micro
 * [ ] toggle-markdown-checkbox plugin for zed
 # nice to have
-* [ ] move mkNixos mkHome mkSystem mkBsd etc out of flake.nix
+* [x] move mkNixos mkSystem mkBsd etc out of flake.nix
+* [ ] move mkHome out of flake.nix
 * [ ] make `just build` detect which of nixos-rebuild/home-manage/system-manager to use
 * [ ] windows binfmtemu with wineWowPackages.wayland
 * [ ] nixos-generate-config instructions for new hosts
@@ -28,20 +29,22 @@
 * [ ] working `jump` completions
 # machine park
 * [ ] uptime kuma
-* [ ] remote-builders over wg
+* [x] remote-builders over wg
 * [ ] autogenerate ssh keys for new hosts - steal sops vars?
-* [ ] http health monitoring `services.netdata.httpcheck.checks.<foobar>`
-* [ ] switch to systemd networkd
+* [ ] http health monitoring
+  * `services.netdata.httpcheck.checks.<foobar>`?
+  * uptime kuma?
+* [ ] switch to systemd networkd for headless machines
 * [x] Setup some remote-development and deploy flow
 * [ ] zfs, declarative pools?
 * [x] zfs, fix export
+* [ ] nfs over wg
 * [ ] figure out how to reuse system flake lock while deploying, leave the night job to upgrade (--override input maybe?)
-* [ ] some tunneling for NFS hosts
 * [x] https://nix-community.org/community-builder/
 # ricing
 * [ ] [doas](https://github.com/jakehamilton/config/blob/579827c699d9c78bd42e73f543eafb05a0d6c374/modules/security/doas/default.nix)
 * [ ] https://github.com/NixOS/nixpkgs/pull/266094 (see https://wiki.nixos.org/wiki/Cursor_Themes)
-* [ ] https://github.com/oberblastmeister/trashy and a bash alis->function that shadows rm and understands and checks for -f -v and -r. Also print the current trash to the motd?
+* [ ] https://github.com/oberblastmeister/trashy and a bash alias->function that shadows rm and understands and checks for -f -v and -r. Also print the current trash to the motd?
 # selfhosting
 * [ ] install extra ssd in nox, make it zfs and mount to /var/lib ?
 * [ ] backup of nox:/var/lib