pub-solar/os
5
0
Fork 2
Code Issues 4 Pull requests Packages Projects 1 Releases Wiki Activity

hosts/norman: SQ, update to nixos 23.05, add discard for luks device, set wireguard mtu to 1400

Browse source
This commit is contained in:
Hendrik Sokolowski 2023-10-06 00:23:48 +02:00
parent 2fe9f3d502
commit 8653f517d4
3 changed files with 4 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
hosts/norman/configuration.nix
View file

@ -26,13 +26,6 @@
]; # Clients and peers can use the same port, see listenport ]; # Clients and peers can use the same port, see listenport
}; };
hardware.nitrokey.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
services.tlp = { services.tlp = {
enable = true; enable = true;
settings = { settings = {

6
hosts/norman/hardware-configuration.nix
View file

@ -16,19 +16,17 @@
boot.extraModulePackages = []; boot.extraModulePackages = [];
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;
boot.loader.grub.trustedBoot = {
enable = true;
systemHasTPM = "YES_TPM_is_activated";
};
boot.initrd.luks.devices."cryptroot" = { boot.initrd.luks.devices."cryptroot" = {
device = "/dev/disk/by-uuid/cdc29f0f-5b18-4ee7-8d38-1f4bac80b1e6"; device = "/dev/disk/by-uuid/cdc29f0f-5b18-4ee7-8d38-1f4bac80b1e6";
allowDiscards = true;
bypassWorkqueues = true; bypassWorkqueues = true;
}; };
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/5b441f8f-d7eb-44f8-8df2-7354b3314a61"; device = "/dev/disk/by-uuid/5b441f8f-d7eb-44f8-8df2-7354b3314a61";
fsType = "ext4"; fsType = "ext4";
options = [ "discard" ];
}; };
fileSystems."/boot" = { fileSystems."/boot" = {

2
hosts/norman/wireguard.nix
View file

@ -17,6 +17,7 @@
"10.0.0.13/32" "10.0.0.13/32"
"fc00:200::13/128" "fc00:200::13/128"
]; ];
mtu = 1400;
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers) listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
# Path to the private key file. # Path to the private key file.
@ -61,6 +62,7 @@
ips = [ ips = [
"10.0.1.121" "10.0.1.121"
]; ];
mtu = 1400;
listenPort = 51821; # to match firewall allowedUDPPorts (without this wg uses random port numbers) listenPort = 51821; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
# Path to the private key file. # Path to the private key file.