ndsakjdsalkj

base.nix

@@ -26,6 +26,9 @@
     smartmontools
     testdisk
     usbutils
+  ] ++ lib.optionals (builtins.elem config.nixpkgs.system [ "x86_64-linux" "aarch64_linux"]) [
+    cage
+    weston
   ];
 
   # TODO: selectively whitelist?
@@ -33,7 +36,6 @@
   nixpkgs.config.allowUnfreePredicate = (pkg: true);
   nixpkgs.config.nonfreeLicensing = true; # used by ffmpeg
 
-  # TODO: per host?
   hardware.enableRedistributableFirmware = true;
 
   nix.settings.experimental-features = [
@@ -49,10 +51,8 @@
   nix.gc.automatic = true;
   nix.gc.dates     = "weekly";
   nix.gc.options   = "--delete-older-than 30d";
-  nix.extraOptions = ''
+  nix.settings.min-free = 1 * 1024 * 1024 * 1024;
-    min-free = ${toString (1 * 1024 * 1024 * 1024)}
+  nix.settings.max-free = 5 * 1024 * 1024 * 1024;
-    max-free = ${toString (5 * 1024 * 1024 * 1024)}
-  '';
 
   services.thermald.enable = lib.mkIf (config.nixpkgs.system == "x86_64-linux") true;
 
@@ -67,7 +67,5 @@
     noto-fonts-extra
   ];
 
-  # firewall
-  services.fail2ban.enable = config.services.openssh.enable;
   networking.firewall.enable = true; # default
 }

cheatsheet.md

@@ -1,48 +1,8 @@
-# How to deploy
-
 * https://nixos.wiki/wiki/Nixos-rebuild
 * https://www.haskellforall.com/2023/01/announcing-nixos-rebuild-new-deployment.html
 
-Build locally, deploy on local, with `nom`:
-
-  sudo true && sudo nixos-rebuild test --flake . --recreate-lock-file --no-write-lock-file |& nom
-
-Via git, build on remote:
-
-  ssh -t HOST sudo nixos-rebuild test --flake git+ssh://gitea@gitea.noximilien.pbsds.net/pbsds/nix-config.git --recreate-lock-file --no-write-lock-file
-  # or
-  ssh -t HOST sudo nixos-rebuild test --flake git+ssh://git@github.com/pbsds/nix-dotfiles.git --recreate-lock-file --no-write-lock-file
-
-Via `remote-exec`, build on remote:
-
-  nix develop .#remote
-  remote-set FOOBAR
-  remote sudo nixos-rebuild test --flake . --recreate-lock-file --no-write-lock-file
-
-From local checkout to remote where you're not a trusted user, via `tar` build on remote:
-
-  tar cf - --directory="$(nix eval --raw .#inputs.self.outPath)" . | ssh -tt HOST -- bash -c '"set -x; cd $(mktemp -d); tar xf - && nixos-rebuild test --flake . \"\$@\""' -- --print-build-logs --recreate-lock-file --no-write-lock-file
-
-> TODO: ^ doesn't work, as tar consumes the stdin leaving sudo without one...
-
-.. wait doesn't that litter `/tmp` or `/run/user/.../tmp`?
-
-  ¯\_(ツ)_/¯
-
-From local checkout to remote if local nix daemon has ssh keys, then build on remote:
-
-  nix copy --from "$(nix eval  .#inputs.self.outPath)" --to TODO
-
-Build locally, copy to remote
-
-  TODO
-
 # How to evaluate the nixos flake/configuration.nix, checking if the drv hash is equal
 
 Flakes:
 
   nix eval .#nixosConfigurations.HOSTNAME.config.system.build.toplevel.outPath
-
-Non-flake:
-
-  nix-instantiate '<nixpkgs/nixos>' -A system -I nixos-config=./configuration.nix

hosts/bolle/default.nix

@@ -29,30 +29,6 @@
   # Networking
   networking.networkmanager.enable = true;
 
-  /** /
-  #networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-  #networking.iwd.enable = true
-  networking.interfaces.eno1.ipv4.addresses = [
-    { address = "129.241.105.252"; prefixLength = 23; }
-  ];
-  networking.defaultGateway.address = "192.241.104.1";
-  networking.defaultGateway.interface = "eno1";
-  networking.nameservers = [
-    "129.241.0.200"
-    "129.241.0.201"
-    #"2001:700:300::200"
-    #"2001:700:300::201"
-    "8.8.8.8"
-    "1.1.1.1"
-  ];
-  /**/
-
-  # Installed system packages
-  environment.systemPackages = with pkgs; [
-    cage
-    weston
-  ];
-
   # TODO: remove? Move?
   programs.dconf.enable = true;
 }

hosts/eple/default.nix

@@ -42,12 +42,6 @@
 
   networking.networkmanager.insertNameservers = config.networking.nameservers; # wtf
 
-  # Installed system packages
-  environment.systemPackages = with pkgs; [
-    cage
-    weston
-  ];
-
   # TODO: remove? Move?
   programs.dconf.enable = true;
 }

hosts/garp/default.nix

@@ -51,12 +51,6 @@
   # Networking
   networking.networkmanager.enable = true;
 
-  # Installed system packages
-  environment.systemPackages = with pkgs; [
-    cage
-    weston
-  ];
-
   # TODO: remove? Move?
   programs.dconf.enable = true;
 

hosts/nord/default.nix

@@ -62,12 +62,6 @@
   #networking.useDHCP = true;
   #TODO: avahi? resolved? https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/base.nix#L15-L18
 
-  # Installed system packages
-  environment.systemPackages = with pkgs; [
-    cage
-    weston
-  ];
-
   # TODO: remove? Move?
   programs.dconf.enable = true;
 

hosts/noximilien/default.nix

@@ -127,12 +127,6 @@
   #networking.useDHCP = true;
   #TODO: avahi? resolved? https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/base.nix#L15-L18
 
-  # Installed system packages
-  environment.systemPackages = with pkgs; [
-    cage
-    weston
-  ];
-
   # TODO: remove? Move?
   programs.dconf.enable = true;
 }

hosts/sopp/default.nix

@@ -94,12 +94,6 @@
   /**/
   #TODO: avahi? resolved? https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/base.nix#L15-L18
 
-  # Installed system packages
-  environment.systemPackages = with pkgs; [
-    cage
-    weston
-  ];
-
   # TODO: remove? Move?
   programs.dconf.enable = true;
 

profiles/shell/nix-utils.nix

@@ -7,7 +7,7 @@
     nix-top
     #nix-index
     nix-tree
-    #nix-search # TODO: exists?
+    nix-search-cli # nix-search
     nix-diff
     #comma
     nixfmt

profiles/sshd.nix

@@ -1,4 +1,5 @@
 {
   services.openssh.enable = true;
   services.openssh.settings.X11Forwarding = true;
+  services.fail2ban.enable = true;
 }