From bbf0696221a30197df3bfcd849b216005d433983 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Fri, 8 Nov 2024 16:57:56 -0500 Subject: [PATCH] Remove qtbittorrent because of an RCE bug, prepare more for enable by module for server --- flake.lock | 36 +++++++++---------- hosts/firefly/boot/default.nix | 4 +-- .../home/programs/misc/general/default.nix | 1 - modules/system/services/common/default.nix | 7 ---- modules/system/services/default.nix | 3 +- .../services/{pc => general}/default.nix | 2 ++ .../{pc => general}/gnome-keyring/default.nix | 0 .../services/{pc => general}/gvfs/default.nix | 0 .../{common => general}/keyd/default.nix | 0 .../{pc => general}/libvirtd/default.nix | 0 .../services/{pc => general}/mpd/default.nix | 0 .../{common => general}/ssh/default.nix | 0 .../ssh/fail2ban/default.nix | 0 .../{pc => general}/sunshine/default.nix | 0 modules/system/services/server/default.nix | 3 +- .../system/services/server/misc/default.nix | 7 ---- .../services/server/snowflake/default.nix | 4 +++ 17 files changed, 29 insertions(+), 38 deletions(-) delete mode 100644 modules/system/services/common/default.nix rename modules/system/services/{pc => general}/default.nix (83%) rename modules/system/services/{pc => general}/gnome-keyring/default.nix (100%) rename modules/system/services/{pc => general}/gvfs/default.nix (100%) rename modules/system/services/{common => general}/keyd/default.nix (100%) rename modules/system/services/{pc => general}/libvirtd/default.nix (100%) rename modules/system/services/{pc => general}/mpd/default.nix (100%) rename modules/system/services/{common => general}/ssh/default.nix (100%) rename modules/system/services/{common => general}/ssh/fail2ban/default.nix (100%) rename modules/system/services/{pc => general}/sunshine/default.nix (100%) delete mode 100644 modules/system/services/server/misc/default.nix create mode 100644 modules/system/services/server/snowflake/default.nix diff --git a/flake.lock b/flake.lock index d32620e..f14edd2 100644 --- a/flake.lock +++ b/flake.lock @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1730190761, - "narHash": "sha256-o5m5WzvY6cGIDupuOvjgNSS8AN6yP2iI9MtUC6q/uos=", + "lastModified": 1731060864, + "narHash": "sha256-aYE7oAYZ+gPU1mPNhM0JwLAQNgjf0/JK1BF1ln2KBgk=", "owner": "nix-community", "repo": "disko", - "rev": "3979285062d6781525cded0f6c4ff92e71376b55", + "rev": "5e40e02978e3bd63c2a6a9fa6fa8ba0e310e747f", "type": "github" }, "original": { @@ -203,11 +203,11 @@ }, "hardware": { "locked": { - "lastModified": 1730537918, - "narHash": "sha256-GJB1/aaTnAtt9sso/EQ77TAGJ/rt6uvlP0RqZFnWue8=", + "lastModified": 1730919458, + "narHash": "sha256-yMO0T0QJlmT/x4HEyvrCyigGrdYfIXX3e5gWqB64wLg=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "f6e0cd5c47d150c4718199084e5764f968f1b560", + "rev": "e1cc1f6483393634aee94514186d21a4871e78d7", "type": "github" }, "original": { @@ -310,11 +310,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1730598780, - "narHash": "sha256-QrmwhJQjRMWBVvASt5amKpm3ORgfetTkS+idL9rcsNc=", + "lastModified": 1731030299, + "narHash": "sha256-PwtzMWPJhz9Rn/0rzQfMb6icSA6DtJZKCuK88IwFSos=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "d72d83da504fca2f3d4666026d16b30a8a0fad5d", + "rev": "11ca743d2e4602d5b8bfc8d65303f969d58ec338", "type": "github" }, "original": { @@ -401,11 +401,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1730327045, - "narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=", + "lastModified": 1730883749, + "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "080166c15633801df010977d9d7474b4a6c549d7", + "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", "type": "github" }, "original": { @@ -416,11 +416,11 @@ }, "nur": { "locked": { - "lastModified": 1730612615, - "narHash": "sha256-l5mlB45tLEcMGGEucbGs06CvsrXrxGM4NKueWh7Pkuo=", + "lastModified": 1731065793, + "narHash": "sha256-BzqzhXtRif4sY3C88yTyuNxKA0UgR97iA7JVhWd+Sog=", "owner": "nix-community", "repo": "NUR", - "rev": "88b6dea6f574d59dd0f3bd48d1da32d37118de34", + "rev": "11b502b497b58f04eb7acd9463d72a6aab9bbc5a", "type": "github" }, "original": { @@ -543,11 +543,11 @@ }, "unstable": { "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "lastModified": 1730785428, + "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", "type": "github" }, "original": { diff --git a/hosts/firefly/boot/default.nix b/hosts/firefly/boot/default.nix index 00431e1..46fe5a9 100644 --- a/hosts/firefly/boot/default.nix +++ b/hosts/firefly/boot/default.nix @@ -19,8 +19,8 @@ let ]; in { boot = { - # Must be unstable for newest NVIDIA drivers - kernelPackages = pkgs.unstable.linuxPackages_latest; + # Must be unstable for newest NVIDIA drivers, must be Zen for IOMMU isolation + kernelPackages = pkgs.unstable.linuxPackages_zen; kernel.sysctl."vm.max_map_count" = 2147483642; kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ]; blacklistedKernelModules = [ "pcspkr" ]; diff --git a/modules/home/programs/misc/general/default.nix b/modules/home/programs/misc/general/default.nix index f512473..d350a5c 100644 --- a/modules/home/programs/misc/general/default.nix +++ b/modules/home/programs/misc/general/default.nix @@ -2,7 +2,6 @@ { home.packages = with pkgs; [ imv - qbittorrent libreoffice-fresh ffmpegthumbnailer thunderbird diff --git a/modules/system/services/common/default.nix b/modules/system/services/common/default.nix deleted file mode 100644 index c58fe30..0000000 --- a/modules/system/services/common/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - imports = [ - ./keyd - ./ssh - ]; -} diff --git a/modules/system/services/default.nix b/modules/system/services/default.nix index 81fa48b..df0419a 100644 --- a/modules/system/services/default.nix +++ b/modules/system/services/default.nix @@ -1,8 +1,7 @@ { ... }: { imports = [ - ./common - ./pc + ./general #./server ]; } diff --git a/modules/system/services/pc/default.nix b/modules/system/services/general/default.nix similarity index 83% rename from modules/system/services/pc/default.nix rename to modules/system/services/general/default.nix index c0e2659..895f88e 100644 --- a/modules/system/services/pc/default.nix +++ b/modules/system/services/general/default.nix @@ -3,8 +3,10 @@ imports = [ ./gnome-keyring ./gvfs + ./keyd ./libvirtd ./mpd + ./ssh ./sunshine ]; } diff --git a/modules/system/services/pc/gnome-keyring/default.nix b/modules/system/services/general/gnome-keyring/default.nix similarity index 100% rename from modules/system/services/pc/gnome-keyring/default.nix rename to modules/system/services/general/gnome-keyring/default.nix diff --git a/modules/system/services/pc/gvfs/default.nix b/modules/system/services/general/gvfs/default.nix similarity index 100% rename from modules/system/services/pc/gvfs/default.nix rename to modules/system/services/general/gvfs/default.nix diff --git a/modules/system/services/common/keyd/default.nix b/modules/system/services/general/keyd/default.nix similarity index 100% rename from modules/system/services/common/keyd/default.nix rename to modules/system/services/general/keyd/default.nix diff --git a/modules/system/services/pc/libvirtd/default.nix b/modules/system/services/general/libvirtd/default.nix similarity index 100% rename from modules/system/services/pc/libvirtd/default.nix rename to modules/system/services/general/libvirtd/default.nix diff --git a/modules/system/services/pc/mpd/default.nix b/modules/system/services/general/mpd/default.nix similarity index 100% rename from modules/system/services/pc/mpd/default.nix rename to modules/system/services/general/mpd/default.nix diff --git a/modules/system/services/common/ssh/default.nix b/modules/system/services/general/ssh/default.nix similarity index 100% rename from modules/system/services/common/ssh/default.nix rename to modules/system/services/general/ssh/default.nix diff --git a/modules/system/services/common/ssh/fail2ban/default.nix b/modules/system/services/general/ssh/fail2ban/default.nix similarity index 100% rename from modules/system/services/common/ssh/fail2ban/default.nix rename to modules/system/services/general/ssh/fail2ban/default.nix diff --git a/modules/system/services/pc/sunshine/default.nix b/modules/system/services/general/sunshine/default.nix similarity index 100% rename from modules/system/services/pc/sunshine/default.nix rename to modules/system/services/general/sunshine/default.nix diff --git a/modules/system/services/server/default.nix b/modules/system/services/server/default.nix index 8c79ef2..49dfb1d 100644 --- a/modules/system/services/server/default.nix +++ b/modules/system/services/server/default.nix @@ -6,10 +6,11 @@ ./fileserver ./forgejo ./icecast + ./mailserver ./minecraft - ./misc ./mysql ./nginx + ./snowflake ./social ./transmission ./vaultwarden diff --git a/modules/system/services/server/misc/default.nix b/modules/system/services/server/misc/default.nix deleted file mode 100644 index e976caf..0000000 --- a/modules/system/services/server/misc/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - services = { - snowflake-proxy.enable = true; - logrotate.checkConfig = false; - }; -} diff --git a/modules/system/services/server/snowflake/default.nix b/modules/system/services/server/snowflake/default.nix new file mode 100644 index 0000000..6c9a989 --- /dev/null +++ b/modules/system/services/server/snowflake/default.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + services.snowflake-proxy.enable = true; +}