diff --git a/flake.nix b/flake.nix index 0fd5913..500ef39 100644 --- a/flake.nix +++ b/flake.nix @@ -29,7 +29,6 @@ inherit system; config = { allowUnfree = true; - nvidia.acceptLicense = true; }; overlays = [ nur.overlays.default diff --git a/src/system/machines/desktop/system.nix b/src/system/machines/desktop/system.nix index f0d0539..ba97169 100644 --- a/src/system/machines/desktop/system.nix +++ b/src/system/machines/desktop/system.nix @@ -94,24 +94,7 @@ in enable = true; allowedTCPPorts = [ 22 80 443 ]; }; - }; - - services.dnsmasq = { - enable = true; - settings = { - # Explicit subdomains -> local server - address = [ - "/git.ramos.codes/192.168.0.154" - "/ln.ramos.codes/192.168.0.154" - "/photos.ramos.codes/192.168.0.154" - "/test.ramos.codes/192.168.0.154" - "/electrum.ramos.codes/192.168.0.154" - "/immich.ramos.codes/192.168.0.154" - "/forgejo.ramos.codes/192.168.0.154" - "/frigate.ramos.codes/192.168.0.154" - ]; - server = [ "192.168.0.1" ]; - }; + nameservers = [ "192.168.0.154" ]; }; services = { diff --git a/src/system/machines/server/system.nix b/src/system/machines/server/system.nix index 5278443..20feaed 100644 --- a/src/system/machines/server/system.nix +++ b/src/system/machines/server/system.nix @@ -102,19 +102,12 @@ networking = { hostName = "server"; useDHCP = false; - interfaces.enp2s0f0 = { + interfaces.eno1 = { ipv4.addresses = [{ address = "192.168.0.154"; prefixLength = 24; }]; }; - # Camera network - isolated, no gateway - interfaces.enp2s0f1 = { - ipv4.addresses = [{ - address = "192.168.1.1"; - prefixLength = 24; - }]; - }; defaultGateway = "192.168.0.1"; nameservers = [ "1.1.1.1" "8.8.8.8" ]; firewall = { @@ -138,12 +131,6 @@ "8.8.8.8" ]; cache-size = 1000; - - # Camera network DHCP (isolated - no gateway = no internet) - interface = "enp2s0f1"; - bind-interfaces = true; - dhcp-range = "192.168.1.100,192.168.1.200,24h"; - # No gateway option = cameras can't route to internet }; }; diff --git a/src/system/machines/workstation/hardware.nix b/src/system/machines/workstation/hardware.nix index 1ee4de9..65039d1 100644 --- a/src/system/machines/workstation/hardware.nix +++ b/src/system/machines/workstation/hardware.nix @@ -80,19 +80,13 @@ enable = true; enable32Bit = true; }; - nvidia = { open = false; powerManagement.enable = false; powerManagement.finegrained = false; modesetting.enable = true; nvidiaSettings = true; - package = config.boot.kernelPackages.nvidiaPackages.mkDriver { - version = "550.120"; - sha256_64bit = "sha256-gBkoJ0dTzM52JwmOoHjMNwcN2uBN46oIRZHAX8cDVpc="; - settingsSha256 = "sha256-fPfIPwpIijoUpNlAUt9C8EeXR5In633qnlelL+btGbU="; - persistencedSha256 = lib.fakeSha256; - }; + package = config.boot.kernelPackages.nvidiaPackages.stable; }; }; diff --git a/src/system/modules/bitcoin/config/bitcoin.conf b/src/system/modules/bitcoin/config/bitcoin.conf index d3ed9eb..756bfc1 100644 --- a/src/system/modules/bitcoin/config/bitcoin.conf +++ b/src/system/modules/bitcoin/config/bitcoin.conf @@ -16,5 +16,3 @@ listenonion=1 torcontrol=127.0.0.1:9051 txindex=1 - -dbcache=1024 diff --git a/src/system/modules/forgejo/default.nix b/src/system/modules/forgejo/default.nix index a4dcc42..e68256c 100644 --- a/src/system/modules/forgejo/default.nix +++ b/src/system/modules/forgejo/default.nix @@ -52,7 +52,6 @@ in APP_SLOGAN = ""; }; - service.REQUIRE_SIGNIN_VIEW = false; server = { DOMAIN = "git.${domain}"; ROOT_URL = "https://git.${domain}/"; diff --git a/src/system/modules/nginx/default.nix b/src/system/modules/nginx/default.nix index 7f508f0..6db9d51 100644 --- a/src/system/modules/nginx/default.nix +++ b/src/system/modules/nginx/default.nix @@ -28,25 +28,12 @@ in }; }; - services.sslh = { - enable = true; - listenAddresses = [ "0.0.0.0" ]; - port = 443; - settings = { - protocols = [ - { name = "ssh"; host = "127.0.0.1"; port = "22"; } - { name = "tls"; host = "127.0.0.1"; port = "4443"; } - ]; - }; - }; - services.nginx = { enable = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; eventsConfig = "worker_connections 4096;"; - defaultSSLListenPort = 4443; # Catch-all default - friendly error for unknown subdomains virtualHosts."_" = {