From 386ecf3d14ea486aba523b14200fcd2e7e04b9d6 Mon Sep 17 00:00:00 2001 From: Seth Flynn Date: Thu, 13 Feb 2025 16:54:19 -0500 Subject: nixos: make more "traits" mixins --- modules/nixos/mixins/default.nix | 3 +++ modules/nixos/mixins/nvidia.nix | 6 ++++-- modules/nixos/mixins/resolved.nix | 23 +++++++++++++++++++++++ modules/nixos/mixins/tailscale.nix | 34 ++++++++++++++++++++++++++++++++++ modules/nixos/mixins/zram.nix | 15 +++++++++++++++ 5 files changed, 79 insertions(+), 2 deletions(-) create mode 100644 modules/nixos/mixins/resolved.nix create mode 100644 modules/nixos/mixins/tailscale.nix create mode 100644 modules/nixos/mixins/zram.nix (limited to 'modules/nixos/mixins') diff --git a/modules/nixos/mixins/default.nix b/modules/nixos/mixins/default.nix index 2ec36d7..701c4db 100644 --- a/modules/nixos/mixins/default.nix +++ b/modules/nixos/mixins/default.nix @@ -9,5 +9,8 @@ ./nginx.nix ./nvidia.nix ./promtail.nix + ./resolved.nix + ./tailscale.nix + ./zram.nix ]; } diff --git a/modules/nixos/mixins/nvidia.nix b/modules/nixos/mixins/nvidia.nix index ff81385..e62bc90 100644 --- a/modules/nixos/mixins/nvidia.nix +++ b/modules/nixos/mixins/nvidia.nix @@ -54,8 +54,10 @@ in }; }) - (lib.mkIf config.traits.containers.enable { - hardware.nvidia-container-toolkit.enable = true; + (lib.mkIf config.virtualisation.podman.enable { + hardware = { + nvidia-container-toolkit.enable = true; + }; }) ]; } diff --git a/modules/nixos/mixins/resolved.nix b/modules/nixos/mixins/resolved.nix new file mode 100644 index 0000000..3c3f9e9 --- /dev/null +++ b/modules/nixos/mixins/resolved.nix @@ -0,0 +1,23 @@ +{ config, lib, ... }: + +{ + config = lib.mkMerge [ + { + services.resolved = { + enable = lib.mkDefault true; + dnsovertls = "true"; + }; + } + + (lib.mkIf config.services.resolved.enable { + networking = { + nameservers = [ + "1.1.1.1#one.one.one.one" + "1.0.0.1#one.one.one.one" + ]; + + networkmanager.dns = "systemd-resolved"; + }; + }) + ]; +} diff --git a/modules/nixos/mixins/tailscale.nix b/modules/nixos/mixins/tailscale.nix new file mode 100644 index 0000000..177aa90 --- /dev/null +++ b/modules/nixos/mixins/tailscale.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + ... +}: + +let + cfg = config.services.tailscale; + + usingTailscaleSSH = lib.elem "--ssh" config.services.tailscale.extraUpFlags; +in + +{ + config = lib.mkMerge [ + { + services.tailscale = { + openFirewall = true; + }; + } + + (lib.mkIf cfg.enable { + networking.firewall = { + # Trust all connections over Tailscale + trustedInterfaces = [ config.services.tailscale.interfaceName ]; + }; + }) + + (lib.mkIf (cfg.enable && usingTailscaleSSH) { + networking.firewall = { + allowedTCPPorts = [ 22 ]; + }; + }) + ]; +} diff --git a/modules/nixos/mixins/zram.nix b/modules/nixos/mixins/zram.nix new file mode 100644 index 0000000..8d21dde --- /dev/null +++ b/modules/nixos/mixins/zram.nix @@ -0,0 +1,15 @@ +{ config, lib, ... }: + +{ + config = lib.mkIf config.zramSwap.enable { + # Optimize system for zram + # https://github.com/pop-os/default-settings/pull/163 + # https://wiki.archlinux.org/title/Zram#Multiple_zram_devices + boot.kernel.sysctl = { + "vm.swappiness" = 180; + "vm.watermark_boost_factor" = 0; + "vm.watermark_scale_factor" = 125; + "vm.page-cluster" = 0; + }; + }; +} -- cgit v1.2.3