This commit is contained in:
Ingolf Wagner 2024-08-08 17:30:08 +02:00
parent e471c24d93
commit cc5d655ef7
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
2 changed files with 7 additions and 9 deletions

View file

@ -1,6 +1,8 @@
{ lib, config, pkgs, ... }: { { lib, config, pkgs, modulesPath, ... }: {
imports = [ imports = [
(modulesPath + "/profiles/hardened.nix")
./hardware-configuration ./hardware-configuration
../../system/all/defaults.nix ../../system/all/defaults.nix
@ -33,6 +35,7 @@
./social-matrix-terranix.nix ./social-matrix-terranix.nix
]; ];
services.logrotate.checkConfig = false; # because uid 3000 does not exist in here services.logrotate.checkConfig = false; # because uid 3000 does not exist in here
networking.hostName = "orbi"; networking.hostName = "orbi";
@ -48,13 +51,12 @@
components.network.sshd.sshguard.enable = false; components.network.sshd.sshguard.enable = false;
features.boot.ssh.enable = true; features.boot.ssh.enable = true;
features.boot.tor.enable = true;
components.monitor.enable = true; components.monitor.enable = true;
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 4317 ];
networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ];
components.monitor.opentelemetry.receiver.endpoint = "0.0.0.0:4317"; components.monitor.opentelemetry.receiver.endpoint = "0.0.0.0:4317";
components.monitor.opentelemetry.exporter.endpoint = "10.100.0.2:4317"; # chnungus components.monitor.opentelemetry.exporter.endpoint = "10.100.0.2:4317"; # chnungus
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 4317 ];
networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ];
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
security.acme.defaults.email = "contact@ingolf-wagner.de"; security.acme.defaults.email = "contact@ingolf-wagner.de";

View file

@ -4,11 +4,7 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
imports = imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
[
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/hardened.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];