This commit is contained in:
2025-08-19 11:59:56 +02:00
parent d99f184f31
commit a556bc0e8a
10 changed files with 92 additions and 105 deletions
@@ -157,9 +157,13 @@
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "no";
services.openssh.settings.PasswordAuthentication = false;
services.openssh.openFirewall = true;
programs.ssh.startAgent = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 27015 25565 24454 8123 24800 ];
networking.firewall.allowedTCPPorts = [ 22 27015 25565 25570 8123 8100 24800 ];
networking.firewall.allowedTCPPortRanges = [{ from = 16262; to = 16272; }];
networking.firewall.allowedUDPPorts = [ 22 16261 16262 8766 8767 25565 24454 8123 24800 ];
# Or disable the firewall altogether.
@@ -26,6 +26,12 @@
fsType = "btrfs";
options = [ "subvol=@nix" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
};
fileSystems."/data" =
{
device = "/dev/disk/by-label/HDD_DATA";
fsType = "btrfs";
options = [ "noatime" "compress=zstd" "nossd" "autodefrag" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-label/NixOS_Root_Laptop";
@@ -48,10 +54,15 @@
};
swapDevices = [{
device = "/var/.swapfile";
device = "/data/.swapfile";
size = 32 * 1024;
}];
zramSwap = {
enable = true;
memoryPercent = 50;
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@@ -2,6 +2,10 @@
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
xdg.dataFile."java-runtimes/graalvm-oracle-17".source = pkgs.graalvmPackages.graalvm-oracle_17;
xdg.dataFile."java-runtimes/graalvm-oracle-latest".source = pkgs.graalvmPackages.graalvm-oracle;
xdg.dataFile."java-runtimes/openjdk21".source = pkgs.jdk21;
materus.profile = {
fonts.enable = lib.mkDefault true;