Commit d556140d authored by fpletz's avatar fpletz 🚧
Browse files

update and use kresd

parent d5831ae8
......@@ -19,7 +19,7 @@ with lib;
networking.useDHCP = false;
networking.interfaces.eth0.ipv4.addresses = [ { address = "83.133.178.166"; prefixLength = 28; } ];
networking.defaultGateway = "83.133.178.161";
networking.nameservers = [ "::1" ];
networking.nameservers = [ "::1" "127.0.0.1" ];
networking.firewall.allowedTCPPorts = [ 80 443 25 ];
networking.firewall.logRefusedConnections = false;
......@@ -34,63 +34,15 @@ with lib;
services.openssh.enable = true;
users.extraUsers.root = {
initialHashedPassword = mkForce "$6$rounds=1000000$pAFNlOdBg.Ut$RJwIpzoSkdqUaxyLxtoFdgiR8UrtC/X1vd8W4dFGHDuZWW60J4qNAQ9DrozkmT6/AqBPQ8I2EWviDx.kloVkE.";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCs/VM56N9OsG/hK7LEwheHwptClBNPdBl/tIW8URWyQPsE0dN2FYAERsHom3I3IvAS3phfhYtLOwrQ+MqEt7u5f/E3CgdfvEFRER12arxlT/q3gSh5rUdq508fTjkUNmJr6Vul+BCZ7VeESa2yvvTesFqvdVP9NtpGbAusX/JCrXwQciygJ0hDuMdLFW8MmRzljDoBsyjz18MDaMzsGQddQuE+3uAzJ1NXZpNh+M+C6eLNe+QJQMb9VTPGB3Pc0cU0GWyXYpWTVkpJqJVe180ldMU9x2c2sBBcRM3N/UDn2MF3XQi3TdGO93AIcUHNCLmUvIdqz+DPdKzCt3c3HvHh fpletz@lolnovo"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK20Lv3TggAXcctelNGBxjcQeMB4AqGZ1tDCzY19xBUV fpletz@yolovo"
];
};
environment.systemPackages = with pkgs; [ vim htop tmux iftop mailutils ];
environment.systemPackages = with pkgs; [ mailutils ];
services.unbound = {
enable = true;
allowedAccess = [ "::1" "127.0.0.1" ];
settings = {
server = {
port = 53;
interface = [ "::1" "127.0.0.1" ];
#interface-automatic: yes
so-reuseport = true;
num-threads = 1;
outgoing-range = 8192;
num-queries-per-thread = 4096;
#prefer-ip6 = true;
msg-cache-slabs = 1;
rrset-cache-slabs = 1;
infra-cache-slabs = 1;
key-cache-slabs = 1;
# more cache memory, rrset=msg*2
rrset-cache-size = "16m";
msg-cache-size = "8m";
# Larger socket buffer
so-rcvbuf = "2m";
so-sndbuf = "2m";
cache-min-ttl = 600;
cache-max-ttl = 86400;
cache-max-negative-ttl = 1;
qname-minimisation = true;
rrset-roundrobin = true;
prefetch = true;
use-caps-for-id = true;
hide-version = true;
hide-identity = true;
statistics-interval = 0;
extended-statistics = true;
statistics-cumulative = false;
};
remote-control = {
control-enable = true;
control-use-cert = false;
};
};
};
services.kresd.enable = true;
services.redis.enable = true;
......
......@@ -2,11 +2,11 @@
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1639161226,
"narHash": "sha256-75Y08ynJDTq6HHGIF+8IADBJSVip0UyWQH7jqSFnRR8=",
"lastModified": 1641870998,
"narHash": "sha256-6HkxR2WZsm37VoQS7jgp6Omd71iw6t1kP8bDbaqCDuI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "573095944e7c1d58d30fc679c81af63668b54056",
"rev": "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb",
"type": "github"
},
"original": {
......
......@@ -19,16 +19,15 @@
colmena = {
meta.nixpkgs = import nixpkgs { };
defaults = { name, pkgs, ... }: {
defaults = { name, pkgs, lib, ... }: {
deployment.targetHost = "${name}.muc.ccc.de";
networking.hostName = name;
networking.hostName = lib.mkDefault name;
time.timeZone = "UTC";
environment.systemPackages = with pkgs; [
wget curl htop
wget curl htop iftop tmux
];
programs.bash.enableCompletion = true;
programs.vim.defaultEditor = true;
sound.enable = false;
services.openssh.enable = true;
nixpkgs.system = "x86_64-linux";
};
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment