feat: gunpowder

Signed-off-by: jolheiser <git@jolheiser.com>
2024-08-25 20:54:55 -05:00 · 2024-08-25 20:54:55 -05:00 · a36e0363bf
parent ab2c06064e
commit a36e0363bf
6 changed files with 124 additions and 80 deletions
--- a/flake.nix
+++ b/flake.nix
@ -201,13 +201,6 @@
        };
      };
      nixosConfigurations = {
-        "matcha" = nixpkgs.lib.nixosSystem {
-          inherit system;
-          modules = [
-            ./machines/matcha
-            commonConfig
-          ];
-        };
        "genmaicha" = nixpkgs.lib.nixosSystem {
          inherit system;
          modules = [
@ -243,6 +236,12 @@
            ];
            services.tclip.package = inputs.tclip.packages.${pkgs.system}.tclipd;
          };
+        gunpowder = {
+          imports = [
+            inputs.tsnet-serve.nixosModules.default
+            ./machines/gunpowder
+          ];
+        };
      };
      nixConfig = {
        extra-substitutors = [ "https://jolheiser.cachix.org" ];
--- a/machines/common/nogui/default.nix
+++ b/machines/common/nogui/default.nix
@ -71,12 +71,4 @@
  };

  services.tailscale.enable = true;
-
-  environment = {
-    systemPackages = with pkgs; [
-      podman
-      podman-compose
-      podman-tui
-    ];
-  };
 }
--- a/machines/gunpowder/default.nix
+++ b/machines/gunpowder/default.nix
@ -0,0 +1,118 @@
+{ pkgs, ... }:
+let
+  username = "jolheiser";
+  key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJh5aUDN/KN28+4tbayXRQliLyKFZaCZtUMEBNaJfHYj";
+in
+{
+  imports = [ ./hardware.nix ];
+
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    kernelParams = [
+      "quiet"
+      "splash"
+    ];
+    loader.grub = {
+      enable = true;
+      device = "/dev/sda";
+      useOSProber = true;
+      enableCryptodisk = true;
+    };
+  };
+
+  boot.initrd.secrets = {
+    "/crypto_keyfile.bin" = null;
+  };
+
+  boot.initrd.luks.devices = {
+    "luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin";
+    "luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = {
+      device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb";
+      keyFile = "/crypto_keyfile.bin";
+    };
+  };
+
+  networking = {
+    hostName = "gunpowder";
+    networkmanager.enable = true;
+    firewall.enable = true;
+  };
+
+  services = {
+    xserver = {
+      enable = true;
+      displayManager.lightdm.enable = true;
+      desktopManager.xfce.enable = true;
+    };
+    openssh.enable = true;
+    tailscale.enable = true;
+    mullvad-vpn = {
+      enable = true;
+      package = pkgs.mullvad-vpn;
+    };
+    resolved.enable = true;
+
+    # media
+    jellyfin = {
+      enable = true;
+      openFirewall = true;
+    };
+    sonarr.enable = true;
+    radarr.enable = true;
+    bazarr.enable = true;
+    prowlarr.enable = true;
+    tsnet-serve.instances = {
+      jellyfin = {
+        enable = true;
+        backend = "http://127.0.0.1:9086";
+        authKey = "tskey-auth-k8LDnQ5Lba11CNTRL-5QbfHxZRs1UUPHm64ZEB2U4uzTjGR5t2"; # One-time key
+      };
+      sonarr = {
+        enable = true;
+        backend = "http://127.0.0.1:8989";
+        authKey = "tskey-auth-kb3G9Gp1s811CNTRL-uwN8PCBF9M9Q6jWDpQXSM98jj6o33tkAE"; # One-time key
+      };
+      radarr = {
+        enable = true;
+        backend = "http://127.0.0.1:7878";
+        authKey = "tskey-auth-kJY2J4DJke11CNTRL-m5TVetb5geTxiyrtyauyeTS9C4ZvfdvRL"; # One-time key
+      };
+      bazarr = {
+        enable = true;
+        backend = "http://127.0.0.1:6767";
+        authKey = "tskey-auth-kEh77KQqzx11CNTRL-zofQaxrHmcJFS5Y4p6Z4dJyxkbHB8DWQ"; # One-time key
+      };
+      prowlarr = {
+        enable = true;
+        backend = "http://127.0.0.1:9696";
+        authKey = "tskey-auth-kkFSG4vzTN11CNTRL-tt9A1vsHSoDfJQKkcCfjoDRxtTxa9ioDX"; # One-time key
+      };
+    };
+  };
+
+  users = {
+    users = {
+      "${username}" = {
+        extraGroups = [
+          "wheel"
+          "docker"
+          "storage"
+        ];
+        isNormalUser = true;
+        openssh.authorizedKeys.keys = [ key ];
+      };
+      "root".openssh.authorizedKeys.keys = [ key ];
+    };
+    groups.media.members = [
+      "jolheiser"
+      "olheiser"
+      "jellyfin"
+      "radarr"
+      "sonarr"
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [ qbittorrent ];
+
+  system.stateVersion = "22.11";
+}
--- a/machines/gunpowder/hardware.nix
+++ b/machines/gunpowder/hardware.nix
--- a/machines/matcha/default.nix
+++ b/machines/matcha/default.nix
@ -1,65 +0,0 @@
-{ pkgs, ... }:
-let
-  username = "jolheiser";
-in
-{
-  imports = [
-    ./hardware.nix
-    ../common/gui
-  ];
-
-  boot = {
-    kernelPackages = pkgs.linuxPackages_latest;
-    kernelParams = [
-      "quiet"
-      "splash"
-    ];
-    loader.grub = {
-      enable = true;
-      device = "/dev/sda";
-      useOSProber = true;
-      enableCryptodisk = true;
-    };
-  };
-
-  boot.initrd.secrets = {
-    "/crypto_keyfile.bin" = null;
-  };
-
-  boot.initrd.luks.devices = {
-    "luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin";
-    "luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = {
-      device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb";
-      keyFile = "/crypto_keyfile.bin";
-    };
-  };
-
-  hardware = {
-    bluetooth.enable = true;
-  };
-
-  networking = {
-    hostName = "matcha";
-    networkmanager.enable = true;
-    firewall.enable = true;
-  };
-
-  services = {
-    blueman.enable = true;
-    openssh.enable = true;
-    pcscd.enable = true;
-  };
-
-  virtualisation.docker.enable = true;
-
-  users.users."${username}" = {
-    extraGroups = [
-      "wheel"
-      "docker"
-      "storage"
-    ];
-    isNormalUser = true;
-  };
-
-  system.stateVersion = "22.11";
-}
--- a/secrets/shared/ssh-config.age
+++ b/secrets/shared/ssh-config.age