Clean up generic configuration
This commit is contained in:
Benson Chu
parent
2ff61ee6e0
commit
2470e654c4
2 changed files with 7 additions and 22 deletions
|
|
@ -9,7 +9,6 @@
|
|||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
# networking.hostName = "NixFrame"; # Define your hostname.
|
||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
|
||||
# Configure network proxy if necessary
|
||||
|
|
@ -49,17 +48,13 @@
|
|||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
# If you want to use JACK applications, uncomment this
|
||||
#jack.enable = true;
|
||||
jack.enable = true;
|
||||
|
||||
# use the example session manager (no others are packaged yet so this is enabled by default,
|
||||
# no need to redefine it in your config for now)
|
||||
#media-session.enable = true;
|
||||
# media-session.enable = true;
|
||||
};
|
||||
|
||||
# Enable touchpad support (enabled default in most desktopManager).
|
||||
# services.xserver.libinput.enable = true;
|
||||
|
||||
fonts = {
|
||||
packages = with pkgs; [
|
||||
roboto-mono
|
||||
|
|
@ -71,13 +66,6 @@
|
|||
# Allow unfree packages
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
# List packages installed in system profile. To search, run:
|
||||
# $ nix search wget
|
||||
# environment.systemPackages = with pkgs; [
|
||||
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
|
||||
# wget
|
||||
# ];
|
||||
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
# started in user sessions.
|
||||
# programs.mtr.enable = true;
|
||||
|
|
@ -88,9 +76,6 @@
|
|||
|
||||
# List services that you want to enable:
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
# services.openssh.enable = true;
|
||||
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
|
|
|
|||
|
|
@ -43,16 +43,16 @@
|
|||
# Firewall commands allowing traffic to go in and out of the bridge interface
|
||||
# (and to the guest LXD instance). Also sets up the actual NAT masquerade rule.
|
||||
networking.firewall.extraCommands = ''
|
||||
iptables -A INPUT -i lxdbr0 -m comment --comment "my rule for LXD network lxdbr0" -j ACCEPT
|
||||
iptables -A INPUT -i lxdbr0 -m comment --comment "LXD network lxdbr0" -j ACCEPT
|
||||
|
||||
# These three technically aren't needed, since by default the FORWARD and
|
||||
# OUTPUT firewalls accept everything everything, but lets keep them in just
|
||||
# in case.
|
||||
iptables -A FORWARD -o lxdbr0 -m comment --comment "my rule for LXD network lxdbr0" -j ACCEPT
|
||||
iptables -A FORWARD -i lxdbr0 -m comment --comment "my rule for LXD network lxdbr0" -j ACCEPT
|
||||
iptables -A OUTPUT -o lxdbr0 -m comment --comment "my rule for LXD network lxdbr0" -j ACCEPT
|
||||
iptables -A FORWARD -o lxdbr0 -m comment --comment "LXD network lxdbr0" -j ACCEPT
|
||||
iptables -A FORWARD -i lxdbr0 -m comment --comment "LXD network lxdbr0" -j ACCEPT
|
||||
iptables -A OUTPUT -o lxdbr0 -m comment --comment "LXD network lxdbr0" -j ACCEPT
|
||||
|
||||
iptables -t nat -A POSTROUTING -s 10.130.43.1/24 ! -d 10.130.43.1/24 -m comment --comment "my rule for LXD network lxdbr0" -j MASQUERADE
|
||||
iptables -t nat -A POSTROUTING -s 10.130.43.1/24 ! -d 10.130.43.1/24 -m comment --comment "LXD network lxdbr0" -j MASQUERADE
|
||||
'';
|
||||
|
||||
# ip forwarding is needed for NAT'ing to work.
|
||||
|
|
|
|||
Loading…
Reference in a new issue