diff --git a/flake.lock b/flake.lock index 991f21e..84ae1c0 100644 --- a/flake.lock +++ b/flake.lock @@ -287,6 +287,27 @@ "type": "github" } }, + "home-manager-stable": { + "inputs": { + "nixpkgs": [ + "nixpkgs-stable" + ] + }, + "locked": { + "lastModified": 1706981411, + "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "652fda4ca6dafeb090943422c34ae9145787af37", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-23.11", + "repo": "home-manager", + "type": "github" + } + }, "home-manager_2": { "inputs": { "nixpkgs": [ @@ -507,6 +528,22 @@ "type": "github" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1710283656, + "narHash": "sha256-nI+AOy4uK6jLGBi9nsbHjL1EdSIzoo8oa+9oeVhbyFc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "51063ed4f2343a59fdeebb279bb81d87d453942b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1705133751, @@ -579,6 +616,7 @@ "fast-syntax-highlighting": "fast-syntax-highlighting", "home-manager": "home-manager_2", "home-manager-raccoon": "home-manager-raccoon", + "home-manager-stable": "home-manager-stable", "hosts-blocklists": "hosts-blocklists", "linux-tkg": "linux-tkg", "neovim-nightly": "neovim-nightly", @@ -587,6 +625,7 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", "nixpkgs-raccoon": "nixpkgs-raccoon", + "nixpkgs-stable": "nixpkgs-stable", "nvim-treesitter": "nvim-treesitter", "packwiz": "packwiz", "pure": "pure", diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index c3fd0a1..735cd03 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -14,6 +14,8 @@ security #wireguard + modules.services.postgres + ./filesystem.nix ./kernel.nix ./networking.nix diff --git a/hosts/dandelion/filesystem.nix b/hosts/dandelion/filesystem.nix index 55c9c2a..d37cb1f 100644 --- a/hosts/dandelion/filesystem.nix +++ b/hosts/dandelion/filesystem.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, lib, ... }: let bind = src: { depends = [ "/nix" ]; diff --git a/modules/services/postgres.nix b/modules/services/postgres.nix index 8be69ea..bffdcee 100644 --- a/modules/services/postgres.nix +++ b/modules/services/postgres.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let dir = "/persist/postgresql/${config.services.postgresql.package.psqlSchema}"; uid = toString config.ids.uids.postgres; @@ -8,6 +8,7 @@ in { services.postgresql = { enable = true; dataDir = dir; + package = pkgs.postgresql_13; authentication = lib.mkOverride 10 '' #type database DBuser origin-address auth-method local all all trust diff --git a/modules/system/security.nix b/modules/system/security.nix index 6e44eae..602f108 100644 --- a/modules/system/security.nix +++ b/modules/system/security.nix @@ -11,6 +11,7 @@ allowedUDPPortRanges = [ { from = 20000; to = 20100; } ]; allowedTCPPortRanges = [ { from = 20000; to = 20100; } ]; trustedInterfaces = [ "wg0" ]; + logRefusedConnections = false; extraCommands = genCmds "I"; extraStopCommands = genCmds "D"; diff --git a/users/hana/default.nix b/users/hana/default.nix index 0e9276f..482323f 100644 --- a/users/hana/default.nix +++ b/users/hana/default.nix @@ -1,10 +1,11 @@ { config, lib, modules, pkgs, ... }: { + programs.zsh.enable = true; users.users.hana = { isNormalUser = true; extraGroups = [ "wheel" ]; shell = pkgs.zsh; uid = 1002; - hashedPassword = "$y$j9T$BxnsFaGwBfSKe4jAJaaxI.$cpFtu8fzFhKalIV3WGuA2jz4//KJBwhiybpnlmoZPy."; + hashedPassword = "$y$j9T$3xCNDudmfrIu5VfQQoDkj/$ugzJWq0gORN9jnhDsREu31CkL3zwniQu6KoLbmg6Wr/"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15 rin@blossom" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ5l9t8dc6mPsKKYqZlPKvhOdyqz+DS5UOcvHuh3uVGt @strawberry"