diff options
-rw-r--r-- | configurations/ilmare/default.nix | 9 | ||||
-rw-r--r-- | modules/common/networking.nix | 7 | ||||
-rw-r--r-- | modules/common/systemd.nix | 23 | ||||
-rw-r--r-- | modules/emacs/doom/init.el | 2 | ||||
-rw-r--r-- | modules/emacs/doom/packages.el | 6 | ||||
-rw-r--r-- | modules/syncthing.nix | 12 |
6 files changed, 46 insertions, 13 deletions
diff --git a/configurations/ilmare/default.nix b/configurations/ilmare/default.nix index 8daa584..1e9f5ff 100644 --- a/configurations/ilmare/default.nix +++ b/configurations/ilmare/default.nix @@ -28,13 +28,18 @@ _: { fans = [ { tpacpi = "/proc/acpi/ibm/fan"; } ]; levels = [ [ - "level auto" + 0 0 50 ] [ - "level disengaged" + "level auto" 50 + 75 + ] + [ + "level disengaged" + 75 32767 ] ]; diff --git a/modules/common/networking.nix b/modules/common/networking.nix index e891e58..2867825 100644 --- a/modules/common/networking.nix +++ b/modules/common/networking.nix @@ -28,11 +28,14 @@ in # Remove default hostname mappings. This is required at least by the # current implementation of the monitoring module. hosts = { - "127.0.0.1" = mkForce [ ]; + "127.0.0.2" = mkForce [ ]; "::1" = mkForce [ ]; }; - nameservers = mkDefault dns.const.quad9.default; + nameservers = with my.configurations.manwe.wireguard; [ + ipv4.address + ipv6.address + ]; useDHCP = false; diff --git a/modules/common/systemd.nix b/modules/common/systemd.nix index aac1647..81df05c 100644 --- a/modules/common/systemd.nix +++ b/modules/common/systemd.nix @@ -1,4 +1,10 @@ -{ config, pkgs, ... }: +{ + config, + pkgs, + lib, + ... +}: +with lib; { ark = { files = [ "/etc/machine-id" ]; @@ -16,9 +22,18 @@ }; }; - services.journald.extraConfig = '' - SystemMaxUse=5G - ''; + services = { + resolved = { + llmnr = "false"; + dnsovertls = "opportunistic"; + domains = mapAttrsToList (_: v: v) my.domain; + fallbackDns = map (v: "${v}#dns.quad9.net") dns.const.quad9.default; + }; + + journald.extraConfig = '' + SystemMaxUse=5G + ''; + }; systemd = let diff --git a/modules/emacs/doom/init.el b/modules/emacs/doom/init.el index ed0e048..ac4a687 100644 --- a/modules/emacs/doom/init.el +++ b/modules/emacs/doom/init.el @@ -45,7 +45,7 @@ grammar :tools - ;; ansible + ansible (debugger +lsp) direnv (docker +lsp) diff --git a/modules/emacs/doom/packages.el b/modules/emacs/doom/packages.el index 549a5e5..2edbf1a 100644 --- a/modules/emacs/doom/packages.el +++ b/modules/emacs/doom/packages.el @@ -12,3 +12,9 @@ :recipe (:type git :host github :repo "djgoku/sops")) + +(unpin! ansible) +(package! ansible + :recipe (:type git + :host gitlab + :repo "emacs-ansible/emacs-ansible")) diff --git a/modules/syncthing.nix b/modules/syncthing.nix index 74d4afe..e261a12 100644 --- a/modules/syncthing.nix +++ b/modules/syncthing.nix @@ -62,17 +62,18 @@ in settings = { options = { + announceLANAddresses = false; autoUpgradeIntervalH = 0; crashReportingEnabled = false; globalAnnounceEnabled = false; relaysEnabled = false; - setLowPriority = this.isHeadless; + setLowPriority = this.isHeadful; stunKeepaliveStartS = 0; urAccepted = -1; }; gui = { - insecureAdminAccess = true; + insecureAdminAccess = this.isHeadless; insecureSkipHostcheck = this.isHeadless; }; @@ -80,9 +81,12 @@ in name: attr: mkIf (attr.syncthing.id != null && hasAttr "wireguard" attr) { inherit (attr.syncthing) id; - compression = "metadata"; + compression = "always"; introducer = false; - address = "tcp://${name}.${config.networking.domain}:22000"; + addresses = [ + "quic://${name}.${config.networking.domain}:22000" + "tcp://${name}.${config.networking.domain}:22000" + ]; autoAcceptFolders = true; untrusted = false; } |