diff --git a/flake.nix b/flake.nix index 500ef39..0fd5913 100644 --- a/flake.nix +++ b/flake.nix @@ -29,6 +29,7 @@ inherit system; config = { allowUnfree = true; + nvidia.acceptLicense = true; }; overlays = [ nur.overlays.default diff --git a/src/system/machines/workstation/hardware.nix b/src/system/machines/workstation/hardware.nix index 65039d1..1ee4de9 100644 --- a/src/system/machines/workstation/hardware.nix +++ b/src/system/machines/workstation/hardware.nix @@ -80,13 +80,19 @@ enable = true; enable32Bit = true; }; + nvidia = { open = false; powerManagement.enable = false; powerManagement.finegrained = false; modesetting.enable = true; nvidiaSettings = true; - package = config.boot.kernelPackages.nvidiaPackages.stable; + package = config.boot.kernelPackages.nvidiaPackages.mkDriver { + version = "550.120"; + sha256_64bit = "sha256-gBkoJ0dTzM52JwmOoHjMNwcN2uBN46oIRZHAX8cDVpc="; + settingsSha256 = "sha256-fPfIPwpIijoUpNlAUt9C8EeXR5In633qnlelL+btGbU="; + persistencedSha256 = lib.fakeSha256; + }; }; }; diff --git a/src/system/modules/forgejo/default.nix b/src/system/modules/forgejo/default.nix index e68256c..a4dcc42 100644 --- a/src/system/modules/forgejo/default.nix +++ b/src/system/modules/forgejo/default.nix @@ -52,6 +52,7 @@ in APP_SLOGAN = ""; }; + service.REQUIRE_SIGNIN_VIEW = false; server = { DOMAIN = "git.${domain}"; ROOT_URL = "https://git.${domain}/"; diff --git a/src/system/modules/nginx/default.nix b/src/system/modules/nginx/default.nix index 6db9d51..fad324a 100644 --- a/src/system/modules/nginx/default.nix +++ b/src/system/modules/nginx/default.nix @@ -28,6 +28,17 @@ in }; }; + services.sslh = { + enable = true; + settings = { + listen = [{ host = "0.0.0.0"; port = 443; }]; + protocols = [ + { name = "ssh"; host = "127.0.0.1"; port = 22; probe = "builtin"; } + { name = "tls"; host = "127.0.0.1"; port = 4443; probe = "builtin"; } + ]; + }; + }; + services.nginx = { enable = true; recommendedTlsSettings = true;