- firewall.nix: allow DNS (UDP/TCP 53) from all podman bridge networks (10.89.0.0/16); NixOS only auto-adds a rule for podman0 but docker-compose arion stacks land on podman1/2/3 where container DNS was silently blocked - vnc-desktop/start.sh: rm stale /tmp/.X1-lock on container start so container restarts don't leave Xvnc unable to bind display :1 - linux.nix: TasksMax=infinity on arion-vnc-desktop so the systemd cgroup doesn't cap KDE Plasma's thread count below the container pids limit - arion-riverside/arion-compose.nix: add ADMIN_PASS env var required by the riverside entrypoint Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| .github/workflows | ||
| arion | ||
| arion-riverside | ||
| arion-vnc | ||
| cloned_repos | ||
| invoke-ddns | ||
| keys | ||
| pdxdestiny | ||
| pullomatic | ||
| secrets | ||
| system | ||
| vnc-desktop | ||
| .gitignore | ||
| apply.sh | ||
| CLAUDE.md | ||
| clean.sh | ||
| disk-config.nix | ||
| firewall.nix | ||
| flake.lock | ||
| flake.nix | ||
| format.sh | ||
| globals.json | ||
| hetzner.nix | ||
| linux.nix | ||
| nfsn_ddns-0.2.0-py3-none-any.whl | ||
| nginx.nix | ||
| podman.nix | ||
| README.md | ||
| README_VNC.md | ||
| refresh.sh | ||
How to install:
nix --extra-experimental-features flakes --extra-experimental-features nix-command run --debug github:numtide/nixos-anywhere --verbose -- --flake .#nixos root@yourhost.com
You will need to maually make these:
/root/.ssh/id_rsa
/root/.ssh/id_rsa.pub
/root/.ssh/id_rsa.pem