Skip to content

Commit e4e0f25

Browse files
mlyxshimlyxshi
committed
sjc
1 parent 7319221 commit e4e0f25

File tree

4 files changed

+54
-1
lines changed

4 files changed

+54
-1
lines changed

flake.nix

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,7 @@
5050
];
5151
};
5252
nrt = import ./host/dmit { inherit self nixpkgs secret; };
53+
sjc = import ./host/xtom { inherit self nixpkgs secret; };
5354
jp3 = import ./host/alice/mkHost.nix {
5455
inherit self nixpkgs secret;
5556
hostName = "jp3";

host/init/arm.nix

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,7 @@
102102
title NixOS Init
103103
linux /EFI/nixos/${config.system.boot.loader.kernelFile}
104104
initrd /EFI/nixos/${config.system.boot.loader.initrdFile}
105-
options init=${config.system.build.toplevel}/init ${builtins.toString config.boot.kernelParams}
105+
options init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}
106106
'';
107107

108108
"/EFI/netbootxyz.efi".source = "${pkgs.netbootxyz-efi}"; # emergency rescue on oracle arm

host/xtom/default.nix

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
{
2+
self,
3+
nixpkgs,
4+
secret,
5+
}:
6+
nixpkgs.lib.nixosSystem {
7+
modules = [
8+
secret.nixosModules.default
9+
self.nixosModules.nixos.server
10+
self.nixosModules.hardware.bios.limine
11+
self.nixosModules.network.cloud-init
12+
self.nixosModules.services.komari-agent
13+
self.nixosModules.services.cloudflare-warp
14+
self.nixosModules.services.snell
15+
./misc.nix
16+
{
17+
nixpkgs.hostPlatform = "x86_64-linux";
18+
networking.hostName = "nrt";
19+
}
20+
];
21+
specialArgs = { inherit self; };
22+
}

host/xtom/misc.nix

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
{
2+
config,
3+
pkgs,
4+
lib,
5+
modulesPath,
6+
self,
7+
...
8+
}:
9+
{
10+
11+
services.qemuGuest.enable = true;
12+
services.openssh.ports = [ 23333 ];
13+
14+
boot.blacklistedKernelModules = [ "virtio_balloon" ];
15+
16+
networking.nftables.enable = true;
17+
networking.nftables.ruleset = ''
18+
table inet FIREWALL {
19+
chain INPUT {
20+
type filter hook input priority 0; policy drop;
21+
iifname lo accept
22+
ip protocol icmp accept
23+
ip6 nexthdr icmpv6 accept
24+
ct state {established, related} accept
25+
tcp dport { 23333, 8888, 5201 } accept
26+
udp dport { 5201 } accept
27+
}
28+
}
29+
'';
30+
}

0 commit comments

Comments
 (0)