From a36e0363bfe3f8687824e9c6e95f367ad603c679 Mon Sep 17 00:00:00 2001
From: jolheiser <git@jolheiser.com>
Date: Sun, 25 Aug 2024 20:54:55 -0500
Subject: [PATCH] feat: gunpowder

Signed-off-by: jolheiser <git@jolheiser.com>
---
 flake.nix                                   |  13 +--
 machines/common/nogui/default.nix           |   8 --
 machines/gunpowder/default.nix              | 118 ++++++++++++++++++++
 machines/{matcha => gunpowder}/hardware.nix |   0
 machines/matcha/default.nix                 |  65 -----------
 secrets/shared/ssh-config.age               | Bin 2052 -> 2162 bytes
 6 files changed, 124 insertions(+), 80 deletions(-)
 create mode 100644 machines/gunpowder/default.nix
 rename machines/{matcha => gunpowder}/hardware.nix (100%)
 delete mode 100644 machines/matcha/default.nix

diff --git a/flake.nix b/flake.nix
index 3d7ca78..9012df2 100644
--- a/flake.nix
+++ b/flake.nix
@@ -201,13 +201,6 @@
         };
       };
       nixosConfigurations = {
-        "matcha" = nixpkgs.lib.nixosSystem {
-          inherit system;
-          modules = [
-            ./machines/matcha
-            commonConfig
-          ];
-        };
         "genmaicha" = nixpkgs.lib.nixosSystem {
           inherit system;
           modules = [
@@ -243,6 +236,12 @@
             ];
             services.tclip.package = inputs.tclip.packages.${pkgs.system}.tclipd;
           };
+        gunpowder = {
+          imports = [
+            inputs.tsnet-serve.nixosModules.default
+            ./machines/gunpowder
+          ];
+        };
       };
       nixConfig = {
         extra-substitutors = [ "https://jolheiser.cachix.org" ];
diff --git a/machines/common/nogui/default.nix b/machines/common/nogui/default.nix
index 8bc8c87..b16f021 100644
--- a/machines/common/nogui/default.nix
+++ b/machines/common/nogui/default.nix
@@ -71,12 +71,4 @@
   };
 
   services.tailscale.enable = true;
-
-  environment = {
-    systemPackages = with pkgs; [
-      podman
-      podman-compose
-      podman-tui
-    ];
-  };
 }
diff --git a/machines/gunpowder/default.nix b/machines/gunpowder/default.nix
new file mode 100644
index 0000000..bb08710
--- /dev/null
+++ b/machines/gunpowder/default.nix
@@ -0,0 +1,118 @@
+{ pkgs, ... }:
+let
+  username = "jolheiser";
+  key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJh5aUDN/KN28+4tbayXRQliLyKFZaCZtUMEBNaJfHYj";
+in
+{
+  imports = [ ./hardware.nix ];
+
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    kernelParams = [
+      "quiet"
+      "splash"
+    ];
+    loader.grub = {
+      enable = true;
+      device = "/dev/sda";
+      useOSProber = true;
+      enableCryptodisk = true;
+    };
+  };
+
+  boot.initrd.secrets = {
+    "/crypto_keyfile.bin" = null;
+  };
+
+  boot.initrd.luks.devices = {
+    "luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin";
+    "luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = {
+      device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb";
+      keyFile = "/crypto_keyfile.bin";
+    };
+  };
+
+  networking = {
+    hostName = "gunpowder";
+    networkmanager.enable = true;
+    firewall.enable = true;
+  };
+
+  services = {
+    xserver = {
+      enable = true;
+      displayManager.lightdm.enable = true;
+      desktopManager.xfce.enable = true;
+    };
+    openssh.enable = true;
+    tailscale.enable = true;
+    mullvad-vpn = {
+      enable = true;
+      package = pkgs.mullvad-vpn;
+    };
+    resolved.enable = true;
+
+    # media
+    jellyfin = {
+      enable = true;
+      openFirewall = true;
+    };
+    sonarr.enable = true;
+    radarr.enable = true;
+    bazarr.enable = true;
+    prowlarr.enable = true;
+    tsnet-serve.instances = {
+      jellyfin = {
+        enable = true;
+        backend = "http://127.0.0.1:9086";
+        authKey = "tskey-auth-k8LDnQ5Lba11CNTRL-5QbfHxZRs1UUPHm64ZEB2U4uzTjGR5t2"; # One-time key
+      };
+      sonarr = {
+        enable = true;
+        backend = "http://127.0.0.1:8989";
+        authKey = "tskey-auth-kb3G9Gp1s811CNTRL-uwN8PCBF9M9Q6jWDpQXSM98jj6o33tkAE"; # One-time key
+      };
+      radarr = {
+        enable = true;
+        backend = "http://127.0.0.1:7878";
+        authKey = "tskey-auth-kJY2J4DJke11CNTRL-m5TVetb5geTxiyrtyauyeTS9C4ZvfdvRL"; # One-time key
+      };
+      bazarr = {
+        enable = true;
+        backend = "http://127.0.0.1:6767";
+        authKey = "tskey-auth-kEh77KQqzx11CNTRL-zofQaxrHmcJFS5Y4p6Z4dJyxkbHB8DWQ"; # One-time key
+      };
+      prowlarr = {
+        enable = true;
+        backend = "http://127.0.0.1:9696";
+        authKey = "tskey-auth-kkFSG4vzTN11CNTRL-tt9A1vsHSoDfJQKkcCfjoDRxtTxa9ioDX"; # One-time key
+      };
+    };
+  };
+
+  users = {
+    users = {
+      "${username}" = {
+        extraGroups = [
+          "wheel"
+          "docker"
+          "storage"
+        ];
+        isNormalUser = true;
+        openssh.authorizedKeys.keys = [ key ];
+      };
+      "root".openssh.authorizedKeys.keys = [ key ];
+    };
+    groups.media.members = [
+      "jolheiser"
+      "olheiser"
+      "jellyfin"
+      "radarr"
+      "sonarr"
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [ qbittorrent ];
+
+  system.stateVersion = "22.11";
+}
diff --git a/machines/matcha/hardware.nix b/machines/gunpowder/hardware.nix
similarity index 100%
rename from machines/matcha/hardware.nix
rename to machines/gunpowder/hardware.nix
diff --git a/machines/matcha/default.nix b/machines/matcha/default.nix
deleted file mode 100644
index 6a277fd..0000000
--- a/machines/matcha/default.nix
+++ /dev/null
@@ -1,65 +0,0 @@
-{ pkgs, ... }:
-let
-  username = "jolheiser";
-in
-{
-  imports = [
-    ./hardware.nix
-    ../common/gui
-  ];
-
-  boot = {
-    kernelPackages = pkgs.linuxPackages_latest;
-    kernelParams = [
-      "quiet"
-      "splash"
-    ];
-    loader.grub = {
-      enable = true;
-      device = "/dev/sda";
-      useOSProber = true;
-      enableCryptodisk = true;
-    };
-  };
-
-  boot.initrd.secrets = {
-    "/crypto_keyfile.bin" = null;
-  };
-
-  boot.initrd.luks.devices = {
-    "luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin";
-    "luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = {
-      device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb";
-      keyFile = "/crypto_keyfile.bin";
-    };
-  };
-
-  hardware = {
-    bluetooth.enable = true;
-  };
-
-  networking = {
-    hostName = "matcha";
-    networkmanager.enable = true;
-    firewall.enable = true;
-  };
-
-  services = {
-    blueman.enable = true;
-    openssh.enable = true;
-    pcscd.enable = true;
-  };
-
-  virtualisation.docker.enable = true;
-
-  users.users."${username}" = {
-    extraGroups = [
-      "wheel"
-      "docker"
-      "storage"
-    ];
-    isNormalUser = true;
-  };
-
-  system.stateVersion = "22.11";
-}
diff --git a/secrets/shared/ssh-config.age b/secrets/shared/ssh-config.age
index 1f1e089e70daac9ea40938279e88db0876760946..88ba6bf134b66a207de24ca05fc81b92778d9896 100644
GIT binary patch
delta 2082
zcmV+-2;KLD5b_X^EPrWaa4<<WW^GR|RWfLJX*5N1Wh+KdNN8zfa%OW=N>6h_V^n!k
zQ#UX~a|(Jjay4^LP<l#hV@oSzZdYqcW>8XZHCAU!F?2IQP&id@QA%q#Z!}DFQ3@?S
zAaiqQEoEdfH8n9gAb3?xb~1M$K}lj|P&Zd~MMXqdX;forFhyfndNWdZGEzftcyu&&
zbw)6CO-xowQ#Wl<3M+JEOiEX8Lo#D4Ni|YIL2PGcFmGsZOK@#cNj6AyS2l1ma9KoW
zMP_G_@EBHOb3<}-W_VCpL2`3LWkN`AH!xRvMo4XGMnyzLZbdjZMnX_fMR!_nZAl7r
zLRNZNI8bSAZAvR;L0ME|HZ?~=QCdeiIczv>PfcuWR6<BLctJ8XFOyyY7*{xDP)klx
zY(`2;Wm#BsHgI+}Mpt8LGDk9GGGj?cOl~h_H)=0%XK68MRSJ1!Sa30RW_CeXNi$1s
zMS5pyI7&55LQrB*NJU9Za#d4MFmq62Omc5kS(D8H7k@ZVG)7cYLo`T6S3^xWb8atY
zV{R~3GjvsXHbz!BPi<&SHbqBxYe{E#V+u=6Z!|J1X+lv%P-kv2FE3FyNh?h`L~>1X
zdO>ndaCA2`Xi!l?GiWkMQ3@?BEg*3?S!6^tZ*NFTLQ`%*d1y64R9P`EMPqYlT5@xF
zI7?18O@D82Y;Z7cYDo%f3aEsCb`K{z!?(v|FU7&&B2Q_ds^E20SgCt4>Hej3nsRRb
z@{){0gK;FT;#!~df!*EcYtk{Q>q|FHdbWa8ugr>gFARh#B?DuRg10T%egekxq-p@|
zLebXUhQmXSMDZ8woHn+<Up0b!_(X4K=n+dJV1I>uaQ}Tow^-OUbos;X!m^2qqJNH9
zi~rLzKmqvlNOlr7=eL^4XPuQD5Hc=y2T(8h*E5l@W+f&2DbuFHu`)3gJMeb;Q15tT
z5Udd$v>)rU7MA3Q%jNM)*ZSuU>2GB)Mn0*~NrHD8aer%ur*Z>)KS8!qmy51CYT3>`
zSbuo5HM#C4Uu}ogr9r-|w75Lf#3H;O*&ce4s6{U-fpR?&tY8EZjUB<8mzW6fY$w|N
z77%;C`R4(cR_Y({i}5FH3`NLCBcvJzMW_o#7cT=55GFZTL7`56JH1ZeO|Ug+35=7Q
zWDOeMk}{Xe5i`N7#BCR3B5mtP<Dbjgl7BfLVi4v%2(p6s8)i{)QBAziLjcaUTG5r5
z4O>(XG&^9B4MZYkyjE+C_$%C7P@fWKGHYAsm6Lf>^3x5ii{PU!YnPSx>3lg<hNxSr
zdt@c>X&{P<EDTwe(|(_XAjc#=lF3$KKp1Z<oVHoxK`|U3?qR3KY@z}lQY6^kr+>4z
zLyu*}7BnOOS3kDjhG)U;R8;+9H76omWF?O1lYFDB+evN2SU5K$I;dk*7J)TZ$H}(<
zMjemv-b%glxqsfVYsA01Jrb;CVGT?Ac$T)%{86ON_J=16{Eb9jWbdxU`Ek`FHYvDz
zj|TSUl9n(27-DQS&!@k;U?!h?zJHFYraz#Tg6a(wG5eNJ`|;z4T0HY$&%BiLVHDwi
z;Jm>%+_+5j_7tkIB0D^Mw6W}oO$`1X^k6{!?YtGv<=m`f_m@1gMx>+nIJOo+Guoq_
z68h;C8bC;Ue)hy&RQtj*6)ex^*o@buRc)K2|N1b75w8+R)9nZ#`+_VeYJW8{gdgmw
zWrV)Bk)(f~`0I|w(>po9YJEdRUPGw{7h4d_uBxe6VV$+ctT&MBn7<%EJ@Y}m$x9#r
zKTm=Cbn;qz2dG5O%gs4;j7Mkq7RB9UK8|{>^(fXP6c&ozl)m@`bO?y^2_C3_Gmon;
zo<J(4IDBBNZBFC!58$c{<9`D<PJlVflsrC{>o}`>HSt@_KHSPppH^AXsAWW)vyfr<
zZx-@~Vn~9BWLl4QA4A2%s3uBij{HJ`%l82<O60Pdtt_e!gdKrI1DRm=S6@2Pmf4L$
zaOQr9MBo|UImHyi*8lMb{}Oc?`A1_!3P3$?esl_I`XTwiz$s;&-G3wW_LHlJDd;TD
zi8d7H#dFDdAintVVu<<OTHh{>_CWrwrP9DH0zZ!|OZ=*KKXzw+!DC<lozg%-WDH|S
zp>qqI8tJkeKzRon@+f9Iafo$Ui5C}5jU$7i(JZzkGH&`^&J{!RyjC&ijF#-L*JZpT
zuwde&Wr;PYN_(v?eSariO{_<k1r;Dtv`S|Q794Nu3xFI)#f`3R!rig<28=YRkxn3C
zX2yT3W)q~qU~Dj*<|)c%cZ%WpDngK3M8wRvBucBbpjvIS>Ud>gu!Ii&I@<c1vd0?*
z>Gt+__pF<R=JuGoE?o-jo=yX5Ny*aWbLf%kQv#urGtV&B?0-@mFuD|YW2iYVTfm2~
zcd9;n98Qg>Q(wY&P|i53rNYoQF^(=g3akWM_K&g{r{|BoSlcJCUea_1d;9b4+)B5@
zDg8~Zv3U2%{GzfL^pP=oQ@`-vgI@l!#$3*cpY_r7;a&>$k(qCJ99es)8<PKet^72z
zq>P25P$YCHe1G8I?g$XX+pnfS1MQt~E!XMgRipmvs2A@7d`MS-Df4N0JG&w)Oj`hY
zf7%{T0$V<DEAEpfNvyfC9CKbt7|<zOcK3bcm-f|PWBnK|zKb6Qg%do27t4dWhD%>3
zf;_Yw1(MEd3>96O7Ko|C8>$P)r$y^dd1!hyurK(7{~HGUpW~dP14-jW4e*3}yD2T;
MLo9|@@R0K(1`=DZ?*IS*

delta 1971
zcmV;k2Tb_#5QGqrEPppxT4{7gcPmI@Ohiz2S95btFGX@?T25mxV@ha8Xf`)lV^Voj
zNKj2fcM5B0R77lfN<vmvQ88y@ZfjaLYf?yMb9XOfGd6B-Pb+z0M=~)nK{GH?a|$g!
zAaiqQEoEdfH8n9gAb3?xb~1M$NOU)8WkPdqb8S&FX>UhuXhl|QOl(gzYDG9qWoJZs
zXJu$-WJhvTIWj_L3Nl$VIZ#kSSW_@|NqKp6L33z1D@<!ILRM=@Y&B~+PiQcBF>+*S
zIX85X@EBHYH+5@vQZP1XRcCokSa?}sHf(NeZboidRCR7gQe;?VH$+utNo6@$Ygq~}
zT2fOrZgxd7O;a&(Q*~8iVoE|$D`9qYW;sSVYGOi0R#r@CSaMWsNt0dy7*|F#dU!c%
zS8HxrL{vgcQcQDrXE<*-Y++PcSYvK9GBbEeV`p$>G*CH3RSGaNb#G8fFmzCCT1{C+
zG%HL}abZw5MNCq0RB&r6W=m^xYeQE>T4FayYm?0Z7k^qbV^wQIL{U_1Yga)|R$)#w
zLPu;;cPns2YELm&bVD$DFKt<DPH|yWYYKKRNpNF%b3$`8a!pWFRb)>yQ%+`OL_=m`
zN@ZnkI7LxaYGX(=Xk~OSSqd#JEg)-Xc1C$bIdU*icxpmnRA+K4Hd;?+T1+u&XL(I^
zV?|mkZ+}*COG;U3d2<RBoZSw;jV(-VN(9j~!g!z0#F;BbZP$#txBXFUr@L(W>zmtv
z0C=2iw?$bdZ}1#X3$e*<tZ~9B<>a1GfoMOl3A51_QlVTT5Eu#zOeQ2PSpua_0bW<Q
zl-g6Rb#+Kq;IuoCsOU^2b%K(%zS7;R-i_?bLx18c->q5T7hBKQxEir$7>2If?en7$
zKut_4EXxi^Gs(u%1i`?4bJq;b^*Ole5_d`zTDwlQi^EWf%~o+MKM433FV}X@RW(`A
zrzjbph#so0ak_wk2Wmi4fQpoHM7GKM6_QtneM5^=${j~j<ag8^a6m5C`@zJREm7FF
z$A26zy0`SISMj8=aL;7x&WZ0RV6)usK~#G;l%@Fkf0lRt_}?eBJB6n-Q_kPq(TXh5
z5*edX1;TnhTIDaQ4g6$MKbfRw6D4ax$OAgV1LP5K-*%rBGM2W$^cz6_HwO5=@vpM;
zY(bANviHK}vHDZl+*y+=;6z;B!x5D@nSc7XAbC>w!Oi)K{kLMUYW!NLULou_yh>ot
zn~;MIHtFsvlQn(vQH8d+YjM@kuq-2cc(VPRb|Odj2g8vE|Bf}Ji;n%9-GO4)g{KQ$
z%hL!Z-k0{zuw#Ch$X;+vBADZ2TQv}U5)66va&(o=Zn#sVBc3<CgCJAVQ75j&Hh(mC
z;yJah&$uuPOUu>$XHL+_&3+i)ywgcEk&XB9#1zCX{$|v^N~95$Vgs33zo@O~!ngC%
z24&yYcs+227Txuy%A$(D+@Lhc-@ChByN{QB5a#M=mSj%2u#$O+%iEdB!B=wvf(83O
zjdG=>l!L0bCJAW^Hc#yv@dIXb1b;ED=Vt(fmn(CPzAG4xgLmGR;#b&){^ABd2_RqW
zQ(jWPu@ugBF}m9^Zp5V5fZjk}b+DX<K{$0aq5M?iiwrz#Q$@34uU3I<94k@0g|G?P
zESeVNg^%k(bMz<s>2`LbVfxx-0+v}z{uy=JrJ|UJEN-oL@6BEoPz4Vg41b}+FIZhN
z`QF^3LVwWeocvro%{`=bk)7tj4xUiN!JubEX2|6JSYzzvQz6eK(Mckyh3k>eKK^j@
z%Yx1*jSgIEiZ6&rX$$B8^C-&Y8uV(4)sBLPjpk50URXjoY8xkidPAZrKhSANxW7u=
za7*Uw0s93ketssS>@%Y|Mt_9Sgz-WYeu3|bNfXTciP1{oA}qvG*&uzAbw5J!12a(n
z20`8x3<ajHG|d=vv;S&PgQBtb9Vh2^YXgQdDAZsKpa70fT!>dKLLJTY$;8^9{kqXT
za8Vl8-ahCLi!yP&c0HD)9wm~pLP>{v`Wh7V_P|y6GvE5ANR4({^nX5jy1KdBQy$0J
z=Oij2tjV03<<cRBPzj53)D~%9##<C86aBwFV0x<@`xoNk&C!z6;^1Bq6Alb;iJ+Wb
z%2Zp@Ffv^An`4P4Hj!j%|G*Ngyjp66>!*h?(k}i}n-=A!A=PSWM88ZK_3iJf&DZsu
z1_oZDi3ms3duoj%T7SrKxmOqPOMNnGTR?2onh;9~Vo(IiVYi@W<`a%tXiTE$39i1|
zp{M+36v1L|j?>~7gW8$?<=3USZ&E>RC}g335oD)gu^Q?U2&(e{yZY@Ij(LQ3E>XDr
zI04b=t$2(nXmwhtYcCvcwjm6}YNjYi=VvB9z!;sA_W?E-6Mtj?NZqoxBClPiAxBU3
z?oLb9|BKZqTbBf5Nd0CdF07=IBbsACst)TU5=ac;9bb?)9r&|td<%{hZAJJH-q)BY
zHvOU*wrnYt`|leFPz_>;P+X`_(M?kO;Y=4NiDfhGXf%8;O5^$sEzS&=4+sUeJS0o@
z8zj>9WzmWYDl7^qG6R_&L~-6+Zmg7k_y-nye_Uw#8@>kgo<EzIr79WGnQAqkWuLIO
F?+!<Lf1LmT