Menno van Leeuwen
76e9cb0371
Some checks failed
Nix Format Check / check-format (push) Failing after 38s
adds noatime to all devices root partition mount options adds cosmic desktop to workstations adds xanmod kernel to workstations adds xanmod with zfs to servers adds perplexityai extension to brave removes openra flatpak adds threads limit to upgrade command to prevent system freezes removes fcitx5 completely
47 lines
980 B
Nix
47 lines
980 B
Nix
{ config, pkgs, ... }:
|
|
{
|
|
# Install xanmod kernel
|
|
boot.kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_stable.zfs;
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
ports = [ 400 ];
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
AllowUsers = [ "menno" ];
|
|
X11Forwarding = false;
|
|
PermitRootLogin = "prohibit-password";
|
|
AllowTCPForwarding = true;
|
|
AllowAgentForwarding = true;
|
|
PermitEmptyPasswords = false;
|
|
PubkeyAuthentication = true;
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
firewall = {
|
|
enable = true;
|
|
|
|
# External ports
|
|
allowedTCPPorts = [
|
|
## Portforwarded
|
|
80 # HTTP
|
|
443 # HTTPS
|
|
22 # Git over SSH
|
|
25565 # Minecraft
|
|
24454 # Minecraft (Voice Chat)
|
|
32400 # Plex
|
|
51820 # WireGuard
|
|
|
|
## Internal services / TailScale
|
|
400 # SSH
|
|
];
|
|
|
|
allowedUDPPorts = [
|
|
51820 # WireGuard
|
|
25565 # Minecraft
|
|
];
|
|
};
|
|
};
|
|
}
|