update oracle-cloud config
This commit is contained in:
Dmitriy Kholkin
parent
3efd371fbb
commit
2134a2a161
@ -9,18 +9,18 @@
|
|||||||
arch = "aarch64";
|
arch = "aarch64";
|
||||||
vendor = "broadcom";
|
vendor = "broadcom";
|
||||||
clock = 2800;
|
clock = 2800;
|
||||||
cores = 2;
|
cores = 4;
|
||||||
};
|
};
|
||||||
drive = {
|
drive = {
|
||||||
type = "ssd";
|
type = "ssd";
|
||||||
speed = 1000;
|
speed = 1000;
|
||||||
size = 100;
|
size = 150;
|
||||||
};
|
};
|
||||||
gpu = {
|
gpu = {
|
||||||
vendor = "other";
|
vendor = "other";
|
||||||
};
|
};
|
||||||
bigScreen = false;
|
bigScreen = false;
|
||||||
ram = 12;
|
ram = 24;
|
||||||
};
|
};
|
||||||
deviceSpecific.isHost = false;
|
deviceSpecific.isHost = false;
|
||||||
deviceSpecific.isShared = false;
|
deviceSpecific.isShared = false;
|
||||||
|
|||||||
@ -6,11 +6,11 @@
|
|||||||
efiInstallAsRemovable = true;
|
efiInstallAsRemovable = true;
|
||||||
device = "nodev";
|
device = "nodev";
|
||||||
};
|
};
|
||||||
fileSystems."/boot" = { device = "/dev/disk/by-uuid/C8C5-C634"; fsType = "vfat"; };
|
fileSystems."/boot" = { device = "/dev/disk/by-uuid/A368-4D28"; fsType = "vfat"; };
|
||||||
boot.initrd.kernelModules = [ "nvme" ];
|
boot.initrd.kernelModules = [ "nvme" ];
|
||||||
fileSystems."/" = { device = "/dev/sda3"; fsType = "xfs"; };
|
fileSystems."/" = { device = "/dev/sda3"; fsType = "xfs"; };
|
||||||
swapDevices = [ {
|
swapDevices = [ {
|
||||||
device = "/dev/disk/by-partuuid/d4aa8434-9803-45ac-9983-07e10e1409b4";
|
device = "/dev/disk/by-partuuid/87bcc339-3295-4fc0-a219-1c31436b1c51";
|
||||||
randomEncryption.enable = true;
|
randomEncryption.enable = true;
|
||||||
} ];
|
} ];
|
||||||
}
|
}
|
||||||
@ -27,7 +27,7 @@ with config.deviceSpecific; {
|
|||||||
"vm.swappiness" = if config.deviceSpecific.isSSD then 1 else 10;
|
"vm.swappiness" = if config.deviceSpecific.isSSD then 1 else 10;
|
||||||
};
|
};
|
||||||
} else {
|
} else {
|
||||||
# kernelPackages = pkgs.linuxPackages_hardened;
|
kernelPackages = pkgs.linuxPackages_5_15_hardened;
|
||||||
kernelModules = [ "tcp_bbr" ];
|
kernelModules = [ "tcp_bbr" ];
|
||||||
kernel.sysctl = {
|
kernel.sysctl = {
|
||||||
"kernel.sysrq" = 0;
|
"kernel.sysrq" = 0;
|
||||||
|
|||||||
@ -16,34 +16,48 @@
|
|||||||
## DNS-over-TLS
|
## DNS-over-TLS
|
||||||
services.stubby = {
|
services.stubby = {
|
||||||
enable = true;
|
enable = true;
|
||||||
listenAddresses = [ "0::1" "127.0.0.1" ];
|
settings = pkgs.stubby.passthru.settingsExample // {
|
||||||
roundRobinUpstreams = false;
|
dnssec = "GETDNS_EXTENSION_TRUE";
|
||||||
upstreamServers = ''
|
listen_addresses = [ "0::1" "127.0.0.1" ];
|
||||||
## Quad9
|
resolution_type = "GETDNS_RESOLUTION_STUB";
|
||||||
- address_data: 2620:fe::fe
|
round_robin_upstreams = 1;
|
||||||
tls_auth_name: "dns.quad9.net"
|
tls_authentication = "GETDNS_AUTHENTICATION_REQUIRED";
|
||||||
- address_data: 2620:fe::9
|
tls_min_version = "GETDNS_TLS1_3";
|
||||||
tls_auth_name: "dns.quad9.net"
|
upstream_recursive_servers = [
|
||||||
- address_data: 9.9.9.9
|
{
|
||||||
tls_auth_name: "dns.quad9.net"
|
address_data = "2620:fe::fe";
|
||||||
- address_data: 149.112.112.112
|
tls_auth_name = "dns.quad9.net";
|
||||||
tls_auth_name: "dns.quad9.net"
|
}
|
||||||
## Cloudflare
|
{
|
||||||
- address_data: 2606:4700:4700::1112
|
address_data = "2620:fe::9";
|
||||||
tls_auth_name: "cloudflare-dns.com"
|
tls_auth_name = "dns.quad9.net";
|
||||||
- address_data: 2606:4700:4700::1002
|
}
|
||||||
tls_auth_name: "cloudflare-dns.com"
|
{
|
||||||
- address_data: 1.1.1.2
|
address_data = "9.9.9.9";
|
||||||
tls_auth_name: "cloudflare-dns.com"
|
tls_auth_name = "dns.quad9.net";
|
||||||
- address_data: 1.0.0.2
|
}
|
||||||
tls_auth_name: "cloudflare-dns.com"
|
{
|
||||||
'';
|
address_data = "149.112.112.112";
|
||||||
extraConfig = ''
|
tls_auth_name = "dns.quad9.net";
|
||||||
# Set TLS 1.3 as minimum acceptable version
|
}
|
||||||
tls_min_version: GETDNS_TLS1_3
|
{
|
||||||
# Require DNSSEC validation
|
address_data = "2606:4700:4700::1112";
|
||||||
dnssec: GETDNS_EXTENSION_TRUE
|
tls_auth_name = "cloudflare-dns.com";
|
||||||
'';
|
}
|
||||||
|
{
|
||||||
|
address_data = "2606:4700:4700::1002";
|
||||||
|
tls_auth_name = "cloudflare-dns.com";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
address_data = "1.1.1.2";
|
||||||
|
tls_auth_name = "cloudflare-dns.com";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
address_data = "1.0.0.2";
|
||||||
|
tls_auth_name = "cloudflare-dns.com";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.nameservers = [ "::1" "127.0.0.1" ];
|
networking.nameservers = [ "::1" "127.0.0.1" ];
|
||||||
|
|||||||
@ -21,6 +21,9 @@
|
|||||||
compression = false;
|
compression = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
Match host * exec "gpg-connect-agent UPDATESTARTUPTTY /bye"
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@ -9,10 +9,10 @@
|
|||||||
direnv
|
direnv
|
||||||
kitty
|
kitty
|
||||||
|
|
||||||
coturn
|
#coturn
|
||||||
gitea
|
#gitea
|
||||||
mailserver
|
#mailserver
|
||||||
matrix-synapse
|
#matrix-synapse
|
||||||
nginx
|
nginx
|
||||||
vscode-server
|
vscode-server
|
||||||
];
|
];
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user