Kyle Isom
5fd00af73c
The module used explicit `config = { ... }` but also had duplicate
networking.nameservers and services.resolved.domains at the top level,
causing a NixOS module evaluation error. Merged the Tailscale nameserver
into the config block and removed the duplicates.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
32 lines
992 B
Nix
32 lines
992 B
Nix
{ inputs, pkgs, ... }:
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
# orion started as a desktop with an interactive installer;
|
|
# the disk is already provisioned.
|
|
# ./disk-config.nix
|
|
../../configs/mcpkg.nix
|
|
../../configs/mcp.nix
|
|
];
|
|
|
|
config = {
|
|
# FIDO2 LUKS unlock (matches vade setup)
|
|
boot.initrd.luks.devices."crypted".crypttabExtraOpts = [
|
|
"fido2-device=auto"
|
|
"token-timeout=10"
|
|
];
|
|
|
|
# Allow rootless containers (Podman) to bind port 53 for CoreDNS (MCNS precursor).
|
|
boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 53;
|
|
|
|
# Open ports: DNS (53), mc-proxy (443, 8443, 9443), exod (8080, 9090).
|
|
networking.firewall.allowedTCPPorts = [ 53 443 8443 9443 8080 9090 ];
|
|
networking.firewall.allowedUDPPorts = [ 53 ];
|
|
|
|
# Route internal Metacircular zones to rift's own CoreDNS.
|
|
networking.nameservers = [ "192.168.88.181" "100.95.252.120" ];
|
|
services.resolved.domains = [ "~mcp.metacircular.net" ];
|
|
};
|
|
|
|
}
|