Harald Hoyer
2710b5eae6
This commit adds a new email alias to the mailserver configuration. This new addition will allow emails sent to this address to be properly routed and received.
62 lines
1.6 KiB
Nix
62 lines
1.6 KiB
Nix
{ pkgs, lib, config, ... }:
|
|
with lib;
|
|
with lib.metacfg;
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
./atticd.nix
|
|
];
|
|
|
|
boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1;
|
|
boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
|
|
|
|
networking.firewall.extraCommands = ''
|
|
iptables -t nat -A OUTPUT -o lo -p tcp --dport 8081 -j DNAT --to-destination 192.168.122.1:8081
|
|
iptables -t nat -A POSTROUTING -j MASQUERADE
|
|
'';
|
|
|
|
metacfg = {
|
|
base.enable = true;
|
|
nix-ld.enable = true;
|
|
nix.enable = true;
|
|
aesmd_dcap.enable = true;
|
|
podman.enable = true;
|
|
user.extraGroups = [ "docker" "sgx" ];
|
|
};
|
|
|
|
environment.etc."sgx_default_qcnl.conf".text = ''
|
|
{
|
|
"pccs_url": "https://192.168.122.1:8081/sgx/certification/v4/",
|
|
"use_secure_cert": false,
|
|
"collateral_service": "https://api.trustedservices.intel.com/sgx/certification/v4/",
|
|
"retry_times": 6,
|
|
"retry_delay": 10,
|
|
"pck_cache_expire_hours": 168,
|
|
"verify_collateral_cache_expire_hours": 168,
|
|
"local_cache_only": false
|
|
}
|
|
'';
|
|
|
|
virtualisation = {
|
|
docker.enable = true;
|
|
podman.dockerCompat = false;
|
|
};
|
|
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
operation = "switch";
|
|
allowReboot = true;
|
|
};
|
|
|
|
security.tpm2.enable = false;
|
|
security.tpm2.abrmd.enable = false;
|
|
|
|
networking.wireless.enable = false; # Enables wireless support via wpa_supplicant.
|
|
networking.firewall.allowedTCPPorts = [ 8080 ];
|
|
networking.firewall.allowPing = true;
|
|
|
|
powerManagement.cpuFreqGovernor = "ondemand";
|
|
|
|
system.stateVersion = "23.11";
|
|
}
|