many changes, too lazy to explain

2026-02-20 02:18:03 +10:00 · 2026-02-20 02:18:03 +10:00 · 5122fa1811
commit 5122fa1811
parent dbefc3ec9e
24 changed files with 207 additions and 103 deletions
--- a/groups/all/default.nix
+++ b/groups/all/default.nix
@ -9,13 +9,16 @@

  # NOTE: mkDefault is 1000 and mkForce is 50
  # NOTE: so this is like a second mkDefault
-  security.sudo.wheelNeedsPassword = lib.mkDefault true;
+  security.sudo.wheelNeedsPassword = true;

  networking = {
    networkmanager.enable = true;

    nftables.enable = true;
-    firewall.enable = lib.mkDefault true;
+    firewall = {
+      enable = lib.mkDefault true;
+      allowPing = lib.mkDefault true;
+    };

    # Use CloudFlare's WARP+ 1.1.1.1 DNS service
    nameservers = [
@ -28,6 +31,7 @@
    enable = true;
    clean.enable = true;
    clean.extraArgs = "--keep-since 7d --keep 3";
+    # TODO: move nh config to be home-manager
    flake = "/home/me/flake"; # sets NH_OS_FLAKE variable for you
  };

--- a/groups/cryde/default.nix
+++ b/groups/cryde/default.nix
@ -1,16 +1,20 @@
 {
+  inputs,
  pkgs,
  upkgs,
  config,
  ...
 }: {
-  imports = [
+  imports = with inputs; [
    ./programs.nix

    ../../hosts/modules/bashistrans.nix
    ../../hosts/modules/wm/hyprland.nix
    ../../hosts/modules/steam.nix
    ../../hosts/modules/obsidian.nix
+
+    grub2-themes.nixosModules.default
+    nix-flatpak.nixosModules.nix-flatpak
  ];

  boot.loader.grub2-theme = {
--- a/groups/cryos/programs.nix
+++ b/groups/cryos/programs.nix
@ -111,13 +111,12 @@
    libargon2
  ];

-  services.pcscd.enable = true;
-
-  programs = {
-    gnupg.agent = {
-      enable = true;
-      pinentryPackage = pkgs.pinentry-curses;
-      enableSSHSupport = true;
-    };
-  };
+  # services.pcscd.enable = true;
+  # programs = {
+  # gnupg.agent = {
+  #   enable = true;
+  #   pinentryPackage = pkgs.pinentry-curses;
+  #   enableSSHSupport = true;
+  # };
+  # };
 }
--- a/groups/server/default.nix
+++ b/groups/server/default.nix
@ -49,6 +49,7 @@
  services.fail2ban = {
    enable = true;

+    ignoreIP = ["192.168.0.0/16"];
    maxretry = 5;
    bantime = "10m"; # 10 minute ban
    bantime-increment = {
@ -69,6 +70,7 @@
        extraGroups = ["wheel"];
        openssh.authorizedKeys.keys = lib.mkDefault [
          (throw ''
+            You goofy goober :3
            Hosts in the `server` group must set `users.users.cry.openssh.authorizedKeys.keys = [ ... ]`.
          '')
        ];