Skyworks/skyworks-Nix-infra

Fork: 0

Skyworks / skyworks-Nix-infra

History for skyworks-Nix-infra / modules / common.nix

2026-03-24	257a2b8 Browse files » harden and fix: nftables input chain, sudo, agenix, ZFS, NAT priority ... - Add inet input_filter table to xlab-gateway (policy drop on WAN) - Restrict NOPASSWD sudo to ldx only; ylw uses password sudo via wheel - Restructure secrets.nix with admins list, prepare for ylw ed25519 key - Add ye-lw21 to trusted-users in common.nix - Remove contradictory relatime=on when atime=off on rpool - Fix NAT postrouting priority: filter → srcnat - Remove duplicate nixpkgs.hostPlatform from xlab-gateway hardware-configuration Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> Dixiao-L committed on 24 Mar
2026-03-14	8cdf72d Browse files » common: disable global flake registry fetch ... channels.nixos.org is unreachable from CN, causing 25s of retries on every nix-shell/nix run invocation. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 14 Mar
2026-03-14	7a00ab6 Browse files » common: add TUNA mirror as primary Nix substituter, add btop ... cache.nixos.org has ~1.1s latency from CN. TUNA mirror responds in ~29ms (38x faster). Set connect-timeout=5 and stalled-download-timeout=15 to fail fast on unreachable mirrors. Also add btop to skydick monitoring packages. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 14 Mar
2026-03-11	c94592e Browse files » nix: add ldx as trusted-user for deploy-rs unsigned store paths ... Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 11 Mar
2026-03-07	1f0408a Browse files » Initial skyworks infrastructure flake ... Unified NixOS configuration for skydick (storage server) and xlab-gateway (lab router). Flat module structure with shared common/users/ssh modules, agenix secrets, disko, and deploy-rs. Co-Authored-By: Claude Opus 4.6 <[email protected]> Dixiao-L committed on 7 Mar