jolheiser
/
dotnix
mirror of https://git.jolheiser.com/dotnix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: gunpowder 

Signed-off-by: jolheiser <git@jolheiser.com>
homepage
jolheiser 2024-08-25 20:54:55 -05:00
parent ab2c06064e
commit a36e0363bf
No known key found for this signature in database
6 changed files with 124 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
flake.nix
View File

@ -201,13 +201,6 @@
}; };
}; };
nixosConfigurations = { nixosConfigurations = {
"matcha" = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./machines/matcha
commonConfig
];
};
"genmaicha" = nixpkgs.lib.nixosSystem { "genmaicha" = nixpkgs.lib.nixosSystem {
inherit system; inherit system;
modules = [ modules = [
@ -243,6 +236,12 @@
]; ];
services.tclip.package = inputs.tclip.packages.${pkgs.system}.tclipd; services.tclip.package = inputs.tclip.packages.${pkgs.system}.tclipd;
}; };
gunpowder = {
imports = [
inputs.tsnet-serve.nixosModules.default
./machines/gunpowder
];
};
}; };
nixConfig = { nixConfig = {
extra-substitutors = [ "https://jolheiser.cachix.org" ]; extra-substitutors = [ "https://jolheiser.cachix.org" ];

8
machines/common/nogui/default.nix
View File

@ -71,12 +71,4 @@
}; };
services.tailscale.enable = true; services.tailscale.enable = true;
environment = {
systemPackages = with pkgs; [
podman
podman-compose
podman-tui
];
};
} }

118
machines/gunpowder/default.nix 100644
View File

@ -0,0 +1,118 @@
{ pkgs, ... }:
let
username = "jolheiser";
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJh5aUDN/KN28+4tbayXRQliLyKFZaCZtUMEBNaJfHYj";
in
{
imports = [ ./hardware.nix ];
boot = {
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = [
"quiet"
"splash"
];
loader.grub = {
enable = true;
device = "/dev/sda";
useOSProber = true;
enableCryptodisk = true;
};
};
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
boot.initrd.luks.devices = {
"luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin";
"luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = {
device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb";
keyFile = "/crypto_keyfile.bin";
};
};
networking = {
hostName = "gunpowder";
networkmanager.enable = true;
firewall.enable = true;
};
services = {
xserver = {
enable = true;
displayManager.lightdm.enable = true;
desktopManager.xfce.enable = true;
};
openssh.enable = true;
tailscale.enable = true;
mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
resolved.enable = true;
# media
jellyfin = {
enable = true;
openFirewall = true;
};
sonarr.enable = true;
radarr.enable = true;
bazarr.enable = true;
prowlarr.enable = true;
tsnet-serve.instances = {
jellyfin = {
enable = true;
backend = "http://127.0.0.1:9086";
authKey = "tskey-auth-k8LDnQ5Lba11CNTRL-5QbfHxZRs1UUPHm64ZEB2U4uzTjGR5t2"; # One-time key
};
sonarr = {
enable = true;
backend = "http://127.0.0.1:8989";
authKey = "tskey-auth-kb3G9Gp1s811CNTRL-uwN8PCBF9M9Q6jWDpQXSM98jj6o33tkAE"; # One-time key
};
radarr = {
enable = true;
backend = "http://127.0.0.1:7878";
authKey = "tskey-auth-kJY2J4DJke11CNTRL-m5TVetb5geTxiyrtyauyeTS9C4ZvfdvRL"; # One-time key
};
bazarr = {
enable = true;
backend = "http://127.0.0.1:6767";
authKey = "tskey-auth-kEh77KQqzx11CNTRL-zofQaxrHmcJFS5Y4p6Z4dJyxkbHB8DWQ"; # One-time key
};
prowlarr = {
enable = true;
backend = "http://127.0.0.1:9696";
authKey = "tskey-auth-kkFSG4vzTN11CNTRL-tt9A1vsHSoDfJQKkcCfjoDRxtTxa9ioDX"; # One-time key
};
};
};
users = {
users = {
"${username}" = {
extraGroups = [
"wheel"
"docker"
"storage"
];
isNormalUser = true;
openssh.authorizedKeys.keys = [ key ];
};
"root".openssh.authorizedKeys.keys = [ key ];
};
groups.media.members = [
"jolheiser"
"olheiser"
"jellyfin"
"radarr"
"sonarr"
];
};
environment.systemPackages = with pkgs; [ qbittorrent ];
system.stateVersion = "22.11";
}

0
machines/matcha/hardware.nix → machines/gunpowder/hardware.nix
View File

65
machines/matcha/default.nix
View File

@ -1,65 +0,0 @@
{ pkgs, ... }:
let
username = "jolheiser";
in
{
imports = [
./hardware.nix
../common/gui
];
boot = {
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = [
"quiet"
"splash"
];
loader.grub = {
enable = true;
device = "/dev/sda";
useOSProber = true;
enableCryptodisk = true;
};
};
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
boot.initrd.luks.devices = {
"luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin";
"luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = {
device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb";
keyFile = "/crypto_keyfile.bin";
};
};
hardware = {
bluetooth.enable = true;
};
networking = {
hostName = "matcha";
networkmanager.enable = true;
firewall.enable = true;
};
services = {
blueman.enable = true;
openssh.enable = true;
pcscd.enable = true;
};
virtualisation.docker.enable = true;
users.users."${username}" = {
extraGroups = [
"wheel"
"docker"
"storage"
];
isNormalUser = true;
};
system.stateVersion = "22.11";
}

BIN
secrets/shared/ssh-config.age
View File

Binary file not shown.