From ceb0ad4b87104108fd186ff76bb2c717c3694d95 Mon Sep 17 00:00:00 2001 From: s0me1newithhand7s Date: Wed, 25 Mar 2026 18:49:51 +0300 Subject: [PATCH] wanda: upstream Signed-off-by: s0me1newithhand7s --- wanda/environment/variables.nix | 1 - wanda/home-manager/users.nix | 3 --- wanda/networking/firewall.nix | 22 ++++++++++++++++++++++ wanda/networking/hostname.nix | 2 +- wanda/networking/hosts.nix | 7 ------- wanda/security/pam/yubico.nix | 2 +- wanda/services/openssh.nix | 2 +- wanda/services/zerotier.nix | 10 ---------- wanda/time/timeZone.nix | 1 - wanda/users/users/hand7s.nix | 10 +++++++++- wanda/users/users/root.nix | 4 ++-- 11 files changed, 36 insertions(+), 28 deletions(-) delete mode 100644 wanda/networking/hosts.nix delete mode 100644 wanda/services/zerotier.nix diff --git a/wanda/environment/variables.nix b/wanda/environment/variables.nix index 9c47685..9fd91b8 100644 --- a/wanda/environment/variables.nix +++ b/wanda/environment/variables.nix @@ -1,7 +1,6 @@ {config, ...}: { environment = { variables = { - AMD_VULKAN_ICD = "AMDVLK"; HOSTNAME = config.networking.hostName; QT_QPA_PLATFORM = "wayland"; SDL_VIDEODRIVER = "wayland"; diff --git a/wanda/home-manager/users.nix b/wanda/home-manager/users.nix index ac58a26..0a5f3e3 100644 --- a/wanda/home-manager/users.nix +++ b/wanda/home-manager/users.nix @@ -4,13 +4,10 @@ "hand7s" = { imports = [ "${self}/hand7s/" - self.inputs.agenix.homeManagerModules.default - self.inputs.agenix.homeManagerModules.default self.inputs.spicetify-nix.homeManagerModules.default self.inputs.hyprland.homeManagerModules.default self.inputs.chaotic.homeManagerModules.default self.inputs.sops-nix.homeManagerModules.sops - self.inputs.nix-index-database.homeModules.nix-index self.inputs.noctalia.homeModules.default ]; diff --git a/wanda/networking/firewall.nix b/wanda/networking/firewall.nix index 1287f81..6659b35 100644 --- a/wanda/networking/firewall.nix +++ b/wanda/networking/firewall.nix @@ -3,6 +3,28 @@ _: { firewall = { allowPing = true; enable = true; + checkReversePath = false; + + interfaces = { + eno1 = rec { + allowedTCPPortRanges = [ + { + from = 1714; + to = 1764; + } + ]; + + allowedUDPPortRanges = allowedTCPPortRanges; + }; + + salt-hand7s-pc = rec { + allowedTCPPorts = [ + 6567 + ]; + + allowedUDPPorts = allowedTCPPorts; + }; + }; }; }; } diff --git a/wanda/networking/hostname.nix b/wanda/networking/hostname.nix index c91aef8..6fa24b6 100644 --- a/wanda/networking/hostname.nix +++ b/wanda/networking/hostname.nix @@ -1,5 +1,5 @@ _: { networking = { - hostName = "wanda"; + hostName = "wand"; }; } diff --git a/wanda/networking/hosts.nix b/wanda/networking/hosts.nix deleted file mode 100644 index 2ebdee6..0000000 --- a/wanda/networking/hosts.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: { - networking = { - hosts = { - # nope. - }; - }; -} diff --git a/wanda/security/pam/yubico.nix b/wanda/security/pam/yubico.nix index cd8a4a1..c172958 100644 --- a/wanda/security/pam/yubico.nix +++ b/wanda/security/pam/yubico.nix @@ -7,7 +7,7 @@ _: { mode = "challenge-response"; control = "sufficient"; id = [ - "1873055870" + "funnyID" ]; }; }; diff --git a/wanda/services/openssh.nix b/wanda/services/openssh.nix index 989beca..e136f96 100644 --- a/wanda/services/openssh.nix +++ b/wanda/services/openssh.nix @@ -5,7 +5,7 @@ allowSFTP = true; openFirewall = true; ports = [ - 48630 + 6969 ]; settings = { diff --git a/wanda/services/zerotier.nix b/wanda/services/zerotier.nix deleted file mode 100644 index 42e91a8..0000000 --- a/wanda/services/zerotier.nix +++ /dev/null @@ -1,10 +0,0 @@ -_: { - services = { - zerotierone = { - enable = true; - joinNetworks = [ - # - ]; - }; - }; -} diff --git a/wanda/time/timeZone.nix b/wanda/time/timeZone.nix index cef1656..0bd1f2a 100644 --- a/wanda/time/timeZone.nix +++ b/wanda/time/timeZone.nix @@ -1,6 +1,5 @@ _: { time = { timeZone = "Europe/Moscow"; - hardwareClockInLocalTime = true; }; } diff --git a/wanda/users/users/hand7s.nix b/wanda/users/users/hand7s.nix index 39aed35..866be86 100644 --- a/wanda/users/users/hand7s.nix +++ b/wanda/users/users/hand7s.nix @@ -5,10 +5,18 @@ _: { description = "me"; isSystemUser = false; isNormalUser = true; - initialHashedPassword = "$6$ckgRhNWmJgSwOUpJ$kfeAdokd5fa76HWbTmWN2YXx4M/PQVOTJku1ODbqbBhEkUFiLftdaJFRnNXfIM3Jtz0ShoRMSVCB7mDkxDrdi/"; + initialHashedPassword = lib.hashString "sha512" "hand7s"; extraGroups = [ "wheel" ]; + + openssh = { + authorizedKeys = { + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDp2IIdR5jV1HyG4aiRX7SfTNrXDhCx5rTiFU40qkOKq litvinovb0@gmail.com" + ]; + }; + }; }; }; }; diff --git a/wanda/users/users/root.nix b/wanda/users/users/root.nix index faa89b7..2039a85 100644 --- a/wanda/users/users/root.nix +++ b/wanda/users/users/root.nix @@ -1,8 +1,8 @@ -_: { +{lib, ...}: { users = { users = { "root" = { - initialHashedPassword = "$6$n4OLMvYHHStHvtmr$6OL0NV1dEM2b6oJRewkhuoFxM80lI67tfbJ6QkCg8WAA1gbeKrcwDAuJjm8zvpY4zcDR3Z5Zbo8uebfOi6XXF0"; + initialHashedPassword = lib.hashString "sha512" "root"; }; }; };