commit d8a58580be492e65d0fd74a1a01608cfb142bd19
parent 4d9f9e580eed171d32a94abb5a58a88fa4171884
Author: Katja (zaphyra) <git@ctu.cx>
Date: Thu, 22 May 2025 08:12:36 +0200
parent 4d9f9e580eed171d32a94abb5a58a88fa4171884
Author: Katja (zaphyra) <git@ctu.cx>
Date: Thu, 22 May 2025 08:12:36 +0200
katja wendet `nix fmt *` an
10 files changed, 388 insertions(+), 285 deletions(-)
M
|
121
+++++++++++++++++++++++++++++++++++++++++++++++--------------------------------
M
|
258
++++++++++++++++++++++++++++++++++++++++++++++---------------------------------
M
|
172
+++++++++++++++++++++++++++++++++++++++++++------------------------------------
diff --git a/config/home/katja/programs/helix.nix b/config/home/katja/programs/helix.nix @@ -4,7 +4,7 @@ home = { sessionVariables.EDITOR = lib.mkForce "hx"; -# shellAliases.nano = lib.mkForce "hx"; + # shellAliases.nano = lib.mkForce "hx"; }; programs.helix = {
diff --git a/config/nixos/dns.nix b/config/nixos/dns.nix @@ -22,25 +22,30 @@ in # contains dns entries defined on the local host zones = { - type = types.attrsOf dnsNix.types.subzone; - default = {}; + type = types.attrsOf dnsNix.types.subzone; + default = { }; }; # contains dns entries defined on the local host and on remote hosts, merged together allZones = { - type = types.attrsOf dnsNix.types.zone; - default = {}; + type = types.attrsOf dnsNix.types.zone; + default = { }; }; zoneFiles = { - type = types.attrsOf types.path; + type = types.attrsOf types.path; readOnly = true; default = ( cfg.allZones - |> lib.mapAttrs (name: zone: toString (pkgs.writeTextFile { - name = "${name}.zone"; - text = dnsNix.types.zoneToString name (dnsNix.evalZone name zone); - })) + |> lib.mapAttrs ( + name: zone: + toString ( + pkgs.writeTextFile { + name = "${name}.zone"; + text = dnsNix.types.zoneToString name (dnsNix.evalZone name zone); + } + ) + ) ); }; };
diff --git a/config/nixos/modules/presets/graphical/type.nix b/config/nixos/modules/presets/graphical/type.nix @@ -12,9 +12,11 @@ in { option = { - type = types.nullOr (types.enum [ - "gnomeMinimal" - ]); + type = types.nullOr ( + types.enum [ + "gnomeMinimal" + ] + ); default = null; };
diff --git a/config/nixos/modules/presets/katja/dnsServer.nix b/config/nixos/modules/presets/katja/dnsServer.nix @@ -26,62 +26,85 @@ in }; }; - config = lib.mkIf cfg.enable (let - allZones = with dnsNix.combinators; let - CAA = [ { issuerCritical = false; tag = "issue"; value = "letsencrypt.org"; } ]; - NS = [ "morio.infra.zaphyra.eu." "novus.infra.zaphyra.eu." ]; - SOA = { - nameServer = "morio.infra.zaphyra.eu."; - adminEmail = "dns@zaphyra.eu"; # Email address with a real `@`! - serial = 0; - }; + config = lib.mkIf cfg.enable ( + let + allZones = + with dnsNix.combinators; + let + CAA = [ + { + issuerCritical = false; + tag = "issue"; + value = "letsencrypt.org"; + } + ]; + NS = [ + "morio.infra.zaphyra.eu." + "novus.infra.zaphyra.eu." + ]; + SOA = { + nameServer = "morio.infra.zaphyra.eu."; + adminEmail = "dns@zaphyra.eu"; # Email address with a real `@`! + serial = 0; + }; - in { - "zaphyra.eu" = { - inherit SOA NS CAA; + in + { + "zaphyra.eu" = { + inherit SOA NS CAA; - subdomains = { - "acme.infra".NS = [ "morio.infra.zaphyra.eu." "novus.infra.zaphyra.eu." ]; + subdomains = { + "acme.infra".NS = [ + "morio.infra.zaphyra.eu." + "novus.infra.zaphyra.eu." + ]; + }; + }; }; - }; - }; - in { - sops.secrets.knotKeys = lib.mkIf cfg.isPrimary { - owner = "knot"; - group = "knot"; - }; - - dns = { - enable = true; - allZones = allZones; - }; + in + { + sops.secrets.knotKeys = lib.mkIf cfg.isPrimary { + owner = "knot"; + group = "knot"; + }; - modules.services = { - knot = { + dns = { enable = true; - primary = cfg.isPrimary; - keyFiles = lib.mkIf cfg.isPrimary [ - config.sops.secrets.knotKeys.path - ]; - zones = lib.mkIf cfg.isPrimary ( - config.dns.zoneFiles - |> lib.mapAttrs (name: value: { - file = value; - journal-content = "all"; - zonefile-sync = -1; - zonefile-load = "difference-no-serial"; - }) - ); + allZones = allZones; }; - knotACME = { - enable = cfg.isPrimary; - zone = "acme.infra.zaphyra.eu"; - zones = lib.attrNames allZones; - nameServers = [ "morio.infra.zaphyra.eu." "novus.infra.zaphyra.eu." ]; - keyFile = config.sops.secrets.knotKeys.path; + + modules.services = { + knot = { + enable = true; + primary = cfg.isPrimary; + keyFiles = lib.mkIf cfg.isPrimary [ + config.sops.secrets.knotKeys.path + ]; + zones = lib.mkIf cfg.isPrimary ( + config.dns.zoneFiles + |> lib.mapAttrs ( + name: value: { + file = value; + journal-content = "all"; + zonefile-sync = -1; + zonefile-load = "difference-no-serial"; + } + ) + ); + }; + knotACME = { + enable = cfg.isPrimary; + zone = "acme.infra.zaphyra.eu"; + zones = lib.attrNames allZones; + nameServers = [ + "morio.infra.zaphyra.eu." + "novus.infra.zaphyra.eu." + ]; + keyFile = config.sops.secrets.knotKeys.path; + }; }; - }; - }); + } + ); }
diff --git a/config/nixos/modules/presets/katja/enable.nix b/config/nixos/modules/presets/katja/enable.nix @@ -1,4 +1,3 @@ - { povSelf, pkgs, @@ -20,7 +19,7 @@ in }; config = lib.mkIf cfg { - sops.secrets.acmeTSIGKey = {}; + sops.secrets.acmeTSIGKey = { }; users.users.root = { extraGroups = [ "ssh" ]; @@ -29,15 +28,19 @@ in ]; }; - dns.zones."zaphyra.eu".subdomains."${config.networking.hostName}.infra" = lib.mkIf (hostConfig ? networking) (let - networkCfg = hostConfig.networking; - in { - AAAA = lib.mkIf ((networkCfg ? ip6Address) && !networkCfg.ip6IsPrivate) [ networkCfg.ip6Address ]; - A = lib.mkIf ((networkCfg ? ip4Address) && !networkCfg.ip4IsPrivate) [ networkCfg.ip4Address ]; - }); + dns.zones."zaphyra.eu".subdomains."${config.networking.hostName}.infra" = + lib.mkIf (hostConfig ? networking) + ( + let + networkCfg = hostConfig.networking; + in + { + AAAA = lib.mkIf ((networkCfg ? ip6Address) && !networkCfg.ip6IsPrivate) [ networkCfg.ip6Address ]; + A = lib.mkIf ((networkCfg ? ip4Address) && !networkCfg.ip4IsPrivate) [ networkCfg.ip4Address ]; + } + ); modules = { - presets.katja = { syncthing.enable = lib.mkDefault true; }; @@ -58,10 +61,10 @@ in security.acme = { acceptTerms = true; - defaults = { - email = "letsencrypt@zaphyra.eu"; - keyType = "ec384"; - dnsProvider = "rfc2136"; + defaults = { + email = "letsencrypt@zaphyra.eu"; + keyType = "ec384"; + dnsProvider = "rfc2136"; environmentFile = pkgs.writeText "acme-dns-env" '' RFC2136_NAMESERVER=morio.infra.zaphyra.eu RFC2136_TSIG_KEY=acme-nix-${config.networking.hostName} @@ -75,7 +78,12 @@ in group = lib.mkIf config.services.nginx.enable "nginx"; extraDomainNames = ( config.services.nginx.virtualHosts - |> lib.mapAttrsToList (key: config: [ (if config ? serverAliases then config.serverAliases else []) key ]) + |> lib.mapAttrsToList ( + key: config: [ + (if config ? serverAliases then config.serverAliases else [ ]) + key + ] + ) |> lib.flatten ); };
diff --git a/config/nixos/modules/presets/netcup.nix b/config/nixos/modules/presets/netcup.nix @@ -21,18 +21,27 @@ in }; config = lib.mkIf cfg.enable { - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "sr_mod" + "virtio_blk" + ]; systemd.network.networks."5-ens3" = { - enable = true; - name = "ens3"; - dns = [ + enable = true; + name = "ens3"; + dns = [ "46.38.225.230" "46.38.252.230" "2a03:4000:0:1::e1e6" "2a03:4000:8000::fce6" ]; - gateway = [ hostConfig.networking.defaultGateway6 hostConfig.networking.defaultGateway4 ]; + gateway = [ + hostConfig.networking.defaultGateway6 + hostConfig.networking.defaultGateway4 + ]; address = [ "${hostConfig.networking.ip6Address}/${toString hostConfig.networking.ip6PrefixLength}" "${hostConfig.networking.ip4Address}/${toString hostConfig.networking.ip4PrefixLength}"
diff --git a/config/nixos/modules/services/knot.nix b/config/nixos/modules/services/knot.nix @@ -11,29 +11,47 @@ let inherit (lib) types; cfg = lib.getAttrFromPath povSelf config; - dnsServerAddresses = isPrimary: lib.flatten ( - inputs.self.nixosConfigurations - |> lib.filterAttrs (hostName: hostConfig: let - cfgModule = lib.getAttrFromPath povSelf hostConfig.config; - in (cfgModule.enable && cfgModule.primary == isPrimary)) - |> lib.mapAttrsToList ( - hostName: hostConfig: [ - (lib.mkIf (inputs.self.hosts."${hostName}".networking.ip6Address != "") inputs.self.hosts."${hostName}".networking.ip6Address) - (lib.mkIf (inputs.self.hosts."${hostName}".networking.ip4Address != "") inputs.self.hosts."${hostName}".networking.ip4Address) - ] - ) - ); + dnsServerAddresses = + isPrimary: + lib.flatten ( + inputs.self.nixosConfigurations + |> lib.filterAttrs ( + hostName: hostConfig: + let + cfgModule = lib.getAttrFromPath povSelf hostConfig.config; + in + (cfgModule.enable && cfgModule.primary == isPrimary) + ) + |> lib.mapAttrsToList ( + hostName: hostConfig: [ + (lib.mkIf (inputs.self.hosts."${hostName}".networking.ip6Address != "") + inputs.self.hosts."${hostName}".networking.ip6Address + ) + (lib.mkIf (inputs.self.hosts."${hostName}".networking.ip4Address != "") + inputs.self.hosts."${hostName}".networking.ip4Address + ) + ] + ) + ); dnsServerSecondaries = ( inputs.self.nixosConfigurations - |> lib.filterAttrs (hostName: hostConfig: let + |> lib.filterAttrs ( + hostName: hostConfig: + let cfgModule = lib.getAttrFromPath povSelf hostConfig.config; - in (cfgModule.enable && !cfgModule.primary)) - |> lib.mapAttrs( + in + (cfgModule.enable && !cfgModule.primary) + ) + |> lib.mapAttrs ( hostName: hostConfig: { address = [ - (lib.mkIf (inputs.self.hosts."${hostName}".networking.ip6Address != "") inputs.self.hosts."${hostName}".networking.ip6Address) - (lib.mkIf (inputs.self.hosts."${hostName}".networking.ip4Address != "") inputs.self.hosts."${hostName}".networking.ip4Address) + (lib.mkIf (inputs.self.hosts."${hostName}".networking.ip6Address != "") + inputs.self.hosts."${hostName}".networking.ip6Address + ) + (lib.mkIf (inputs.self.hosts."${hostName}".networking.ip4Address != "") + inputs.self.hosts."${hostName}".networking.ip4Address + ) ]; } ) @@ -49,28 +67,28 @@ in }; primary = { - type = types.bool; + type = types.bool; default = false; }; dataDir = { - type = types.str; + type = types.str; default = "/var/lib/knot"; }; keyFiles = { - type = types.listOf types.path; - default = []; + type = types.listOf types.path; + default = [ ]; }; zones = { - type = (pkgs.formats.yaml { }).type; - default = {}; + type = (pkgs.formats.yaml { }).type; + default = { }; }; extraACL = { - type = (pkgs.formats.yaml { }).type; - default = {}; + type = (pkgs.formats.yaml { }).type; + default = { }; }; }; @@ -81,94 +99,116 @@ in systemd.tmpfiles.settings = { knotDataDir."${cfg.dataDir}".d = { group = "knot"; - user = "knot"; - mode = "770"; - age = "-"; + user = "knot"; + mode = "770"; + age = "-"; }; }; - services.knot = let - primaryAddresses = dnsServerAddresses true; - secondaryAddresses = dnsServerAddresses false; - secondaries = dnsServerSecondaries; - - in { - enable = true; - keyFiles = lib.mkIf (cfg.keyFiles != []) cfg.keyFiles; - settings = { - log.syslog.any = "info"; - - server.listen = [ - (lib.mkIf (hostConfig.networking.ip6Address != "") "${hostConfig.networking.ip6Address}@53") - (lib.mkIf (hostConfig.networking.ip4Address != "") "${hostConfig.networking.ip4Address}@53") - "::1@53" - ]; - - mod-rrl.default.rate-limit = 200; - mod-rrl.default.slip = 2; - - remote = { primary.address = primaryAddresses; } // secondaries; - - acl = { - allowTransfer = lib.mkIf (secondaryAddresses != []) { - address = secondaryAddresses; - action = "transfer"; - }; - - allowNotify.address = primaryAddresses; - allowNotify.action = "notify"; - } // cfg.extraACL; - - template = let - notify = { - acl = lib.mkIf (config.services.knot.settings.acl ? allowTransfer) "allowTransfer"; - notify = lib.mkIf (config.services.knot.settings.acl ? allowTransfer) (builtins.attrNames secondaries); - }; - - catalog = { - catalog-role = "member"; - catalog-zone = "catalog."; - }; - - in { - - default = { - semantic-checks = true; - global-module = "mod-rrl/default"; - }; - - notifyZone = notify; - nixZone = notify // catalog; - - secondaryZone = { - master = "primary"; - acl = "allowNotify"; - - journal-content = "all"; - - zonefile-sync = -1; - zonefile-load = "none"; - }; + services.knot = + let + primaryAddresses = dnsServerAddresses true; + secondaryAddresses = dnsServerAddresses false; + secondaries = dnsServerSecondaries; + + in + { + enable = true; + keyFiles = lib.mkIf (cfg.keyFiles != [ ]) cfg.keyFiles; + settings = { + log.syslog.any = "info"; + + server.listen = [ + (lib.mkIf (hostConfig.networking.ip6Address != "") "${hostConfig.networking.ip6Address}@53") + (lib.mkIf (hostConfig.networking.ip4Address != "") "${hostConfig.networking.ip4Address}@53") + "::1@53" + ]; + + mod-rrl.default.rate-limit = 200; + mod-rrl.default.slip = 2; + + remote = { + primary.address = primaryAddresses; + } // secondaries; + + acl = { + allowTransfer = lib.mkIf (secondaryAddresses != [ ]) { + address = secondaryAddresses; + action = "transfer"; + }; + + allowNotify.address = primaryAddresses; + allowNotify.action = "notify"; + } // cfg.extraACL; + + template = + let + notify = { + acl = lib.mkIf (config.services.knot.settings.acl ? allowTransfer) "allowTransfer"; + notify = lib.mkIf (config.services.knot.settings.acl ? allowTransfer) ( + builtins.attrNames secondaries + ); + }; + + catalog = { + catalog-role = "member"; + catalog-zone = "catalog."; + }; + + in + { + + default = { + semantic-checks = true; + global-module = "mod-rrl/default"; + }; + + notifyZone = notify; + nixZone = notify // catalog; + + secondaryZone = { + master = "primary"; + acl = "allowNotify"; + + journal-content = "all"; + + zonefile-sync = -1; + zonefile-load = "none"; + }; + }; + + zone = + ( + if !cfg.primary then + { + "catalog.".catalog-role = "interpret"; + "catalog.".catalog-template = "secondaryZone"; + "catalog.".template = "secondaryZone"; + } + else + { + "catalog.".catalog-role = "generate"; + "catalog.".template = "notifyZone"; + } + ) + // (lib.mapAttrs ( + name: zone: + zone + // { + template = "nixZone"; + acl = lib.mkIf (zone ? acl) ( + if (config.services.knot.settings.acl ? allowTransfer) then + lib.flatten [ + [ "allowTransfer" ] + zone.acl + ] + else + zone.acl + ); + } + ) cfg.zones); }; - - zone = (if !cfg.primary then { - "catalog.".catalog-role = "interpret"; - "catalog.".catalog-template = "secondaryZone"; - "catalog.".template = "secondaryZone"; - } else { - "catalog.".catalog-role = "generate"; - "catalog.".template = "notifyZone"; - }) // (lib.mapAttrs (name: zone: zone // { - template = "nixZone"; - acl = lib.mkIf (zone ? acl) ( - if (config.services.knot.settings.acl ? allowTransfer) then - lib.flatten [ [ "allowTransfer" ] zone.acl ] - else - zone.acl - ); - }) cfg.zones); - }; - }; + }; }; }
diff --git a/config/nixos/modules/services/knotACME.nix b/config/nixos/modules/services/knotACME.nix @@ -33,94 +33,108 @@ in }; }; - config = lib.mkIf cfg.enable (let - generateACMERecord = recordName: ( - (builtins.hashString "sha1" recordName) + ".${cfg.zone}." - ); + config = lib.mkIf cfg.enable ( + let + generateACMERecord = recordName: ((builtins.hashString "sha1" recordName) + ".${cfg.zone}."); - nodesWithACMERecords = ( - inputs.self.nixosConfigurations - |> lib.filterAttrs (hostName: nodeCfg: nodeCfg.config.security.acme.certs != {}) - ); + nodesWithACMERecords = ( + inputs.self.nixosConfigurations + |> lib.filterAttrs (hostName: nodeCfg: nodeCfg.config.security.acme.certs != { }) + ); - getAllDomainsPerNode = hostName: ( - inputs.self.nixosConfigurations.${hostName}.config.security.acme.certs - |> lib.mapAttrsToList (domain: cfg: [ domain ] ++ cfg.extraDomainNames) - |> lib.flatten - ); + getAllDomainsPerNode = + hostName: + ( + inputs.self.nixosConfigurations.${hostName}.config.security.acme.certs + |> lib.mapAttrsToList (domain: cfg: [ domain ] ++ cfg.extraDomainNames) + |> lib.flatten + ); - getACMERecordsPerNode = hostName: ( - hostName - |> getAllDomainsPerNode - |> builtins.map (recordName: (generateACMERecord recordName)) - ); + getACMERecordsPerNode = + hostName: + (hostName |> getAllDomainsPerNode |> builtins.map (recordName: (generateACMERecord recordName))); - generateACMERecordsPerZone = zoneName: ( - nodesWithACMERecords - |> lib.mapAttrsToList (hostName: _: (getAllDomainsPerNode hostName)) - |> lib.flatten - |> builtins.filter (lib.hasSuffix zoneName) - |> builtins.map (recordName: { - name = "_acme-challenge${if zoneName != recordName then "." else ""}${lib.removeSuffix "${if zoneName != recordName then "." else ""}${zoneName}" recordName}"; - value = { - CNAME = [ (generateACMERecord recordName) ]; - }; - }) - |> builtins.listToAttrs - ); + generateACMERecordsPerZone = + zoneName: + ( + nodesWithACMERecords + |> lib.mapAttrsToList (hostName: _: (getAllDomainsPerNode hostName)) + |> lib.flatten + |> builtins.filter (lib.hasSuffix zoneName) + |> builtins.map (recordName: { + name = "_acme-challenge${ + if zoneName != recordName then "." else "" + }${lib.removeSuffix "${if zoneName != recordName then "." else ""}${zoneName}" recordName}"; + value = { + CNAME = [ (generateACMERecord recordName) ]; + }; + }) + |> builtins.listToAttrs + ); - in { - dns.allZones = ( - cfg.zones - |> lib.map (element: - lib.nameValuePair element { - subdomains = generateACMERecordsPerZone element; - } - ) - |> lib.listToAttrs - ); - - modules.services.knot = { - keyFiles = [ cfg.keyFile ]; - zones = { - "${cfg.zone}" = { - file = toString (pkgs.writeTextFile { - name = "${cfg.zone}.zone"; - text = dnsNix.types.zoneToString cfg.zone (dnsNix.evalZone cfg.zone (with dnsNix.combinators; { - NS = cfg.nameServers; - SOA = { - nameServer = lib.elemAt cfg.nameServers 0; - adminEmail = "dns@${cfg.zone}"; # Email address with a real `@`! - serial = 0; - }; - })); - }); + in + { + dns.allZones = ( + cfg.zones + |> lib.map ( + element: + lib.nameValuePair element { + subdomains = generateACMERecordsPerZone element; + } + ) + |> lib.listToAttrs + ); + + modules.services.knot = { + keyFiles = [ cfg.keyFile ]; + zones = { + "${cfg.zone}" = { + file = toString ( + pkgs.writeTextFile { + name = "${cfg.zone}.zone"; + text = dnsNix.types.zoneToString cfg.zone ( + dnsNix.evalZone cfg.zone ( + with dnsNix.combinators; + { + NS = cfg.nameServers; + SOA = { + nameServer = lib.elemAt cfg.nameServers 0; + adminEmail = "dns@${cfg.zone}"; # Email address with a real `@`! + serial = 0; + }; + } + ) + ); + } + ); - zonefile-sync = -1; - zonefile-load = "difference"; + zonefile-sync = -1; + zonefile-load = "difference"; - journal-content = "changes"; + journal-content = "changes"; - acl = lib.mkIf ((lib.attrNames nodesWithACMERecords) != []) ( - nodesWithACMERecords - |> lib.mapAttrsToList (hostName: _: "acme-nix-${hostName}") - ); + acl = lib.mkIf ((lib.attrNames nodesWithACMERecords) != [ ]) ( + nodesWithACMERecords |> lib.mapAttrsToList (hostName: _: "acme-nix-${hostName}") + ); + }; }; + extraACL = ( + nodesWithACMERecords + |> lib.mapAttrs' ( + hostName: _: { + name = "acme-nix-${hostName}"; + value = { + key = [ "acme-nix-${hostName}" ]; + action = "update"; + update-owner = "name"; + update-owner-match = "equal"; + update-owner-name = getACMERecordsPerNode hostName; + }; + } + ) + ); }; - extraACL = ( - nodesWithACMERecords - |> lib.mapAttrs' (hostName: _: { - name = "acme-nix-${hostName}"; - value = { - key = [ "acme-nix-${hostName}" ]; - action = "update"; - update-owner = "name"; - update-owner-match = "equal"; - update-owner-name = getACMERecordsPerNode hostName; - }; - }) - ); - }; - }); + } + ); }
diff --git a/config/nixos/modules/services/openssh.nix b/config/nixos/modules/services/openssh.nix @@ -65,7 +65,6 @@ in X11Forwarding = false; - # Only allow users of the ssh and sftp groups to connect AllowGroups = [ "sftp" @@ -89,13 +88,16 @@ in "ssh-ed25519,sk-ssh-ed25519@openssh.com" ]; - PubKeyAcceptedAlgorithms = lib.concatStringsSep "," ([ - "ssh-ed25519-cert-v01@openssh.com" - "sk-ssh-ed25519-cert-v01@openssh.com" - "ssh-ed25519,sk-ssh-ed25519@openssh.com" - ] ++ (lib.optionals cfg.enableRSASupport [ - "rsa-sha2-512" - ])); + PubKeyAcceptedAlgorithms = lib.concatStringsSep "," ( + [ + "ssh-ed25519-cert-v01@openssh.com" + "sk-ssh-ed25519-cert-v01@openssh.com" + "ssh-ed25519,sk-ssh-ed25519@openssh.com" + ] + ++ (lib.optionals cfg.enableRSASupport [ + "rsa-sha2-512" + ]) + ); # Specifies the available KEX (Key Exchange) algorithms KexAlgorithms = [
diff --git a/hosts/morio/default.nix b/hosts/morio/default.nix @@ -13,13 +13,13 @@ }; networking = { - ip4IsPrivate = false; - ip4Address = "152.89.106.158"; + ip4IsPrivate = false; + ip4Address = "152.89.106.158"; ip4PrefixLength = 22; defaultGateway4 = "152.89.104.1"; - ip6IsPrivate = false; - ip6Address = "2a03:4000:39:e9a::1"; + ip6IsPrivate = false; + ip6Address = "2a03:4000:39:e9a::1"; ip6PrefixLength = 64; defaultGateway6 = "fe80::1"; }; @@ -28,11 +28,11 @@ { config, pkgs, ... }: { - boot.initrd.systemd.emergencyAccess = true; - boot.kernelPackages = pkgs.linuxPackages_latest; + boot.initrd.systemd.emergencyAccess = true; + boot.kernelPackages = pkgs.linuxPackages_latest; - modules = { - filesystem.rootDisk = { + modules = { + filesystem.rootDisk = { enable = true; encrypt = true; type = "ext4";