Kyle Isom
6fd8ab61ed
The LUKS device is named "luks-5c5e94fc-..." in hardware-configuration.nix which already has the FIDO2 options. The "crypted" reference caused a build error. Also fix duplicate attribute definitions and unnecessary config wrapper. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
25 lines
849 B
Nix
25 lines
849 B
Nix
{ inputs, pkgs, ... }:
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
# orion started as a desktop with an interactive installer;
|
|
# the disk is already provisioned.
|
|
# ./disk-config.nix
|
|
../../configs/mcpkg.nix
|
|
../../configs/mcp.nix
|
|
];
|
|
|
|
config = {
|
|
# Allow rootless containers (Podman) to bind port 53 for CoreDNS (MCNS precursor).
|
|
boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 53;
|
|
|
|
# Open ports: DNS (53), mc-proxy (443, 8443, 9443), exod (8080, 9090).
|
|
networking.firewall.allowedTCPPorts = [ 53 443 8443 9443 8080 9090 ];
|
|
networking.firewall.allowedUDPPorts = [ 53 ];
|
|
|
|
# DNS: MCNS for internal zones, public resolvers as fallback.
|
|
networking.nameservers = [ "192.168.88.181" "100.95.252.120" "1.1.1.1" "8.8.8.8" ];
|
|
services.resolved.domains = [ "~mcp.metacircular.net" ];
|
|
};
|
|
}
|