beatzaplenty/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix pure eval and harden nix script bootstrap

Browse Source
This commit is contained in:
beatz174-bit
2026-05-12 11:09:23 +10:00
parent d52e892559
commit 8b919d2d5a
14 changed files with 185 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
hosts/docker/configuration.nix
+2
View File
@@ -15,6 +15,8 @@ in
imports =
[ # Include the results of the hardware scan.
../../common/configuration.nix
../../modules/nix/cache-client.nix
../../modules/nix/remote-builder-client.nix
];
networking.hostName = "docker"; # Define your hostname.
hosts/kuma/configuration.nix
+2
View File
@@ -15,6 +15,8 @@ in
imports =
[ # Include the results of the hardware scan.
../../common/configuration.nix
../../modules/nix/cache-client.nix
../../modules/nix/remote-builder-client.nix
];
networking.hostName = "kuma"; # Define your hostname.
hosts/nix-cache/configuration.nix
+1 -11
View File
@@ -8,26 +8,16 @@
imports =
[ # Include the results of the hardware scan.
../../common/configuration.nix
../../modules/nix/cache-server.nix
];
networking.hostName = "nix-cache"; # Define your hostname.
services.nix-serve.enable = true;
services.nix-serve.secretKeyFile = "/etc/nix/cache-priv.pem";
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."cache.local" = {
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
services.prometheus.exporters.node = {
enable = true;
openFirewall = true;
};
networking.firewall.allowedTCPPorts = [ config.services.nginx.defaultHTTPListenPort ];
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ 80 8080 443 ];
# networking.firewall.allowedUDPPorts = [ ... ];
hosts/nix-minimal/configuration.nix
+2
View File
@@ -8,6 +8,8 @@
imports =
[ # Include the results of the hardware scan.
../../common/configuration.nix
../../modules/nix/cache-client.nix
../../modules/nix/remote-builder-client.nix
];
networking.hostName = "nix-minimal"; # Define your hostname.
hosts/nixos/configuration.nix
+2 -2
View File
@@ -28,6 +28,8 @@ in {
imports =
[ # Include the results of the hardware scan.
../../common/configuration.nix
../../modules/nix/cache-client.nix
../../modules/nix/remote-builder-client.nix
];
# Bootloader.
@@ -94,8 +96,6 @@ in {
system.stateVersion = "25.05"; # Did you read the comment?
nix.settings.experimental-features = "nix-command flakes";
services.xrdp.enable = true;
services.xrdp.defaultWindowManager = "cinnamon-session";
services.xrdp.openFirewall = true;
hosts/server/configuration.nix
+2
View File
@@ -8,6 +8,8 @@
imports =
[ # Include the results of the hardware scan.
../../common/configuration.nix
../../modules/nix/cache-client.nix
../../modules/nix/remote-builder-client.nix
];
networking.hostName = "server"; # Define your hostname.