diff --git a/flake.nix b/flake.nix index 3d7ca78..9012df2 100644 --- a/flake.nix +++ b/flake.nix @@ -201,13 +201,6 @@ }; }; nixosConfigurations = { - "matcha" = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - ./machines/matcha - commonConfig - ]; - }; "genmaicha" = nixpkgs.lib.nixosSystem { inherit system; modules = [ @@ -243,6 +236,12 @@ ]; services.tclip.package = inputs.tclip.packages.${pkgs.system}.tclipd; }; + gunpowder = { + imports = [ + inputs.tsnet-serve.nixosModules.default + ./machines/gunpowder + ]; + }; }; nixConfig = { extra-substitutors = [ "https://jolheiser.cachix.org" ]; diff --git a/machines/common/nogui/default.nix b/machines/common/nogui/default.nix index 8bc8c87..b16f021 100644 --- a/machines/common/nogui/default.nix +++ b/machines/common/nogui/default.nix @@ -71,12 +71,4 @@ }; services.tailscale.enable = true; - - environment = { - systemPackages = with pkgs; [ - podman - podman-compose - podman-tui - ]; - }; } diff --git a/machines/gunpowder/default.nix b/machines/gunpowder/default.nix new file mode 100644 index 0000000..bb08710 --- /dev/null +++ b/machines/gunpowder/default.nix @@ -0,0 +1,118 @@ +{ pkgs, ... }: +let + username = "jolheiser"; + key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJh5aUDN/KN28+4tbayXRQliLyKFZaCZtUMEBNaJfHYj"; +in +{ + imports = [ ./hardware.nix ]; + + boot = { + kernelPackages = pkgs.linuxPackages_latest; + kernelParams = [ + "quiet" + "splash" + ]; + loader.grub = { + enable = true; + device = "/dev/sda"; + useOSProber = true; + enableCryptodisk = true; + }; + }; + + boot.initrd.secrets = { + "/crypto_keyfile.bin" = null; + }; + + boot.initrd.luks.devices = { + "luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin"; + "luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = { + device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb"; + keyFile = "/crypto_keyfile.bin"; + }; + }; + + networking = { + hostName = "gunpowder"; + networkmanager.enable = true; + firewall.enable = true; + }; + + services = { + xserver = { + enable = true; + displayManager.lightdm.enable = true; + desktopManager.xfce.enable = true; + }; + openssh.enable = true; + tailscale.enable = true; + mullvad-vpn = { + enable = true; + package = pkgs.mullvad-vpn; + }; + resolved.enable = true; + + # media + jellyfin = { + enable = true; + openFirewall = true; + }; + sonarr.enable = true; + radarr.enable = true; + bazarr.enable = true; + prowlarr.enable = true; + tsnet-serve.instances = { + jellyfin = { + enable = true; + backend = "http://127.0.0.1:9086"; + authKey = "tskey-auth-k8LDnQ5Lba11CNTRL-5QbfHxZRs1UUPHm64ZEB2U4uzTjGR5t2"; # One-time key + }; + sonarr = { + enable = true; + backend = "http://127.0.0.1:8989"; + authKey = "tskey-auth-kb3G9Gp1s811CNTRL-uwN8PCBF9M9Q6jWDpQXSM98jj6o33tkAE"; # One-time key + }; + radarr = { + enable = true; + backend = "http://127.0.0.1:7878"; + authKey = "tskey-auth-kJY2J4DJke11CNTRL-m5TVetb5geTxiyrtyauyeTS9C4ZvfdvRL"; # One-time key + }; + bazarr = { + enable = true; + backend = "http://127.0.0.1:6767"; + authKey = "tskey-auth-kEh77KQqzx11CNTRL-zofQaxrHmcJFS5Y4p6Z4dJyxkbHB8DWQ"; # One-time key + }; + prowlarr = { + enable = true; + backend = "http://127.0.0.1:9696"; + authKey = "tskey-auth-kkFSG4vzTN11CNTRL-tt9A1vsHSoDfJQKkcCfjoDRxtTxa9ioDX"; # One-time key + }; + }; + }; + + users = { + users = { + "${username}" = { + extraGroups = [ + "wheel" + "docker" + "storage" + ]; + isNormalUser = true; + openssh.authorizedKeys.keys = [ key ]; + }; + "root".openssh.authorizedKeys.keys = [ key ]; + }; + groups.media.members = [ + "jolheiser" + "olheiser" + "jellyfin" + "radarr" + "sonarr" + ]; + }; + + environment.systemPackages = with pkgs; [ qbittorrent ]; + + system.stateVersion = "22.11"; +} diff --git a/machines/matcha/hardware.nix b/machines/gunpowder/hardware.nix similarity index 100% rename from machines/matcha/hardware.nix rename to machines/gunpowder/hardware.nix diff --git a/machines/matcha/default.nix b/machines/matcha/default.nix deleted file mode 100644 index 6a277fd..0000000 --- a/machines/matcha/default.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ pkgs, ... }: -let - username = "jolheiser"; -in -{ - imports = [ - ./hardware.nix - ../common/gui - ]; - - boot = { - kernelPackages = pkgs.linuxPackages_latest; - kernelParams = [ - "quiet" - "splash" - ]; - loader.grub = { - enable = true; - device = "/dev/sda"; - useOSProber = true; - enableCryptodisk = true; - }; - }; - - boot.initrd.secrets = { - "/crypto_keyfile.bin" = null; - }; - - boot.initrd.luks.devices = { - "luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin"; - "luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = { - device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb"; - keyFile = "/crypto_keyfile.bin"; - }; - }; - - hardware = { - bluetooth.enable = true; - }; - - networking = { - hostName = "matcha"; - networkmanager.enable = true; - firewall.enable = true; - }; - - services = { - blueman.enable = true; - openssh.enable = true; - pcscd.enable = true; - }; - - virtualisation.docker.enable = true; - - users.users."${username}" = { - extraGroups = [ - "wheel" - "docker" - "storage" - ]; - isNormalUser = true; - }; - - system.stateVersion = "22.11"; -} diff --git a/secrets/shared/ssh-config.age b/secrets/shared/ssh-config.age index 1f1e089..88ba6bf 100644 Binary files a/secrets/shared/ssh-config.age and b/secrets/shared/ssh-config.age differ