From 1cc062bba4be3d7b608ce9a4bf13b23f598db1fe Mon Sep 17 00:00:00 2001 From: baritone Date: Tue, 18 Mar 2025 10:36:12 +0100 Subject: [PATCH] thing --- configuration.nix | 2 +- services/auto-torrent.nix | 69 +++------------------------------------ services/forgejo.nix | 3 ++ 3 files changed, 9 insertions(+), 65 deletions(-) diff --git a/configuration.nix b/configuration.nix index 673fc3f..95fab13 100755 --- a/configuration.nix +++ b/configuration.nix @@ -36,6 +36,7 @@ efi.canTouchEfiVariables = true; timeout = 0; }; + boot.kernel.sysctl = {"vm.swappiness" = 85;}; # Enable microcode updates hardware.enableRedistributableFirmware = true; @@ -48,7 +49,6 @@ # }; # }; - environment.systemPackages = with pkgs; [ wget curl diff --git a/services/auto-torrent.nix b/services/auto-torrent.nix index fb1602e..247c9cc 100644 --- a/services/auto-torrent.nix +++ b/services/auto-torrent.nix @@ -92,26 +92,6 @@ in { "8.8.4.4" ]; - # systemd.services."wireguard-kill-switch" = { - # description = "Wireguard Kill Switch"; - # after = ["network-online.target"]; - # wants = ["network-online.target"]; - # wantedBy = ["multi-user.target"]; - - # serviceConfig = { - # type = "oneshot"; - # ExecStart = pkgs.writeShellScript "wgconf.sh" '' - # # Block any traffic not going throug the vpn that isnt to the local network - # ${pkgs.iptables}/bin/iptables -I OUTPUT ! -o wg0 -m mark ! --mark 42 -m addrtype ! --dst-type LOCAL ! -d 10.0.0.0/32 -j REJECT - - # # Route local traffic through wg0 except local traffic - # ${pkgs.iproute2}/bin/ip route add 0.0.0.0/1 dev wg0 - # ${pkgs.iproute2}/bin/ip route add 10.0.0.0/32 dev eth0 - # ''; - # RemainAfterExit = "yes"; - # }; - # }; - systemd.services."start-wireguard" = { description = "Start wireguard mullvad"; after = ["network-online.target"]; @@ -128,39 +108,6 @@ in { }; networking.wireguard.enable = true; - # systemd.network = { - # netdevs."10-wg0" = { - # netdevConfig = { - # Kind = "wireguard"; - # Name = "wg0"; - # MTUBytes = "1300"; - # }; - # wireguardConfig = { - # PrivateKeyFile = "${./wireguard-secret}"; - # FirewallMark = 42; - # ListenPort = 51820; - # }; - # wireguardPeers = [ - # { - # PublicKey = "0qSP0VxoIhEhRK+fAHVvmfRdjPs2DmmpOCNLFP/7cGw="; - # AllowedIPs = ["0.0.0.0/0"]; - # Endpoint = "193.32.248.66:51820"; - # PersistentKeepalive = 25; - # } - # ]; - # }; - # networks."wg0" = { - # matchConfig.Name = "wg0"; - # address = [ - # "10.65.241.123/32" - # ]; - # DHCP = "no"; - # dns = ["10.64.0.1"]; - # # gateway = [ - # # "10.0.0.0" - # # ]; - # }; - # }; # Sleep them for a while to make sure everything is set up systemd.services.sonarr.serviceConfig.ExecStartPre = pkgs.lib.mkIf enable-services "/run/current-system/sw/bin/sleep 1"; @@ -199,9 +146,11 @@ in { }; # debugging - # users.users.root = { - # password = "1"; - # }; + users.users.root = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC562Woe/yT/3dNVceN9rKPJQcvgTFzIhJVdVGv7sqn1 baritone@server" + ]; + }; environment.systemPackages = [pkgs.wireguard-tools pkgs.tcpdump]; @@ -217,14 +166,6 @@ in { }; }; - # networking.nat.forwardPorts = [ - # { - # proto = "tcp"; - # sourcePort = 8989; - # destination = "10.0.1.1:8989"; - # } - # ]; - # Sonarr services.nginx.virtualHosts."sonarr.spoodythe.one" = { addSSL = true; diff --git a/services/forgejo.nix b/services/forgejo.nix index 1d91904..4971845 100755 --- a/services/forgejo.nix +++ b/services/forgejo.nix @@ -33,6 +33,9 @@ in { enableACME = true; locations."/" = { proxyPass = "http://${host}:${toString port}"; + extraConfig = '' + client_max_body_size 100M; + ''; }; };