Auto detect EFI

author: Rory& <root@rory.gay> 2025-02-22 16:54:54 +0100
committer: Rory& <root@rory.gay> 2025-02-22 16:54:54 +0100
commit: 50e63f01c55bdc9bf7e34e33dc84c2b7fd657dc2 (patch)
tree: 91b7791ae8d78451a7bdf3cbbcd49ffee23060b2
parent: Update service map for Rory-nginx (diff)
download: Rory-Open-Architecture-50e63f01c55bdc9bf7e34e33dc84c2b7fd657dc2.tar.xz
2 files changed, 5 insertions, 3 deletions
diff --git a/host/Rory-ovh/configuration.nix b/host/Rory-ovh/configuration.nix
index 158d970..a4e1c4f 100755
--- a/host/Rory-ovh/configuration.nix
+++ b/host/Rory-ovh/configuration.nix
@@ -49,6 +49,7 @@
     };
     enableIPv6 = lib.mkForce false;
     nameservers = lib.mkForce [ "1.1.1.1" ];
+    firewall.enable = lib.mkForce true;
   };
 
   monitoring = {
diff --git a/modules/base-server.nix b/modules/base-server.nix
index 7d92296..3545b31 100755
--- a/modules/base-server.nix
+++ b/modules/base-server.nix
@@ -39,10 +39,10 @@
     kernelPackages = pkgs.linuxPackages_latest;
     loader = {
       grub = {
-        devices = [ "/dev/vda" ]; # nodev for EFI only
+        devices = [ config.fileSystems."/".device ]; # nodev for EFI only
         # EFI
-        efiSupport = true;
-        efiInstallAsRemovable = true;
+        efiSupport = config.fileSystems ? "/boot" && config.fileSystems."/boot".fsType == "vfat";
+        efiInstallAsRemovable = config.fileSystems ? "/boot" && config.fileSystems."/boot".fsType == "vfat";
       };
       timeout = 1;
     };
@@ -58,6 +58,7 @@
       enable = false;
       # allowedTCPPorts = [ ... ];
       # allowedUDPPorts = [ ... ];
+      allowedTCPPorts = [ 22 ];
     };
 
     useDHCP = false;
author	Rory& <root@rory.gay>	2025-02-22 16:54:54 +0100
committer	Rory& <root@rory.gay>	2025-02-22 16:54:54 +0100
commit	50e63f01c55bdc9bf7e34e33dc84c2b7fd657dc2 (patch)
tree	91b7791ae8d78451a7bdf3cbbcd49ffee23060b2
parent	Update service map for Rory-nginx (diff)
download	Rory-Open-Architecture-50e63f01c55bdc9bf7e34e33dc84c2b7fd657dc2.tar.xz