waveringana/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

remove morax add tailscale auth key

Browse source
This commit is contained in:
waveringana 2025-06-21 06:48:45 -04:00
parent 24cb520aeb
commit 2ba4eea37f
12 changed files with 11 additions and 154 deletions
Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -35,16 +35,6 @@ All machines are named after Goetic demons:
- Vaultwarden password manager
- Beszel
### 🥧 Morax (Raspberry Pi 4)
**Hardware**: Raspberry Pi 4
**Services**:
- Pi-hole DNS filtering
- Speedtest monitoring (every 10 minutes)
- Headscale connection
**Notes**: Direct gigabit connection from router - looking to add more services to utilize bandwidth
### 🍎 Gabriel
**Hardware**: M4 16gb Mac Mini

4
common/services.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
{
# system packages + services
environment.systemPackages = with pkgs; [
@ -21,4 +21,6 @@
services.printing.enable = true;
services.tailscale.enable = true;
services.tailscale.useRoutingFeatures = "both";
services.tailscale.authKeyFile = lib.mkIf (config ? age && config.age ? secrets)
config.age.secrets."headscale-authkey".path;
}

47
flake.nix
View file

@ -45,21 +45,12 @@
system = "x86_64-linux";
};
modules = [
./hosts/focalor
lix-module.nixosModules.default
/*microvm.nixosModules.host
{
microvm.autostart = [
"windows"
];
}*/
vscode-server.nixosModules.default
agenix.nixosModules.default
./hosts/focalor
lix-module.nixosModules.default
vscode-server.nixosModules.default
catppuccin.nixosModules.catppuccin
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
@ -83,11 +74,11 @@
system = "x86_64-linux";
};
modules = [
agenix.nixosModules.default
./hosts/valefar
lix-module.nixosModules.default
vscode-server.nixosModules.default
agenix.nixosModules.default
microvm.nixosModules.host
{ imports = builtins.attrValues nixosModules; }
@ -106,34 +97,6 @@
agenix.nixosModules.default
];
};
morax = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
specialArgs = {
inherit inputs;
system = "aarch64-linux";
};
modules = [
./hosts/morax
nixos-hardware.nixosModules.raspberry-pi-4
agenix.nixosModules.default
{ imports = builtins.attrValues nixosModules; }
];
};
# Easy to add more hosts
/*
server2 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/server2
agenix.nixosModules.default
# different services for server2
];
};
*/
};
};
}

56
hosts/morax/default.nix
View file

@ -1,56 +0,0 @@
{ config, lib, pkgs, modulesPath, inputs, ... }:
{
imports = [
./hardware.nix
./secrets.nix
../../common/system.nix
../../common/users.nix
../../common/services.nix
../../host-secrets.nix
];
# Enable modules
modules.caddy.enable = true;
modules.garage.enable = true;
modules.caddy = {
email = "ana@nekomimi.pet";
reverseProxies = {
"s3.nkp.pet" = ["valefar:3900" "morax:3900"];
};
};
system.stateVersion = "25.05";
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
hardware.enableRedistributableFirmware = true;
hardware.enableAllHardware = lib.mkForce false; #https://github.com/NixOS/nixpkgs/issues/154163#issuecomment-2868994145
networking = {
hostName = "morax";
hostId = "2631a44a";
firewall.enable = false;
defaultGateway = {
address = "10.0.0.1";
interface = "eth0";
};
nameservers = [ "1.1.1.1" ];
interfaces.eth0 = {
ipv4.addresses = [{
address = "10.0.0.210";
prefixLength = 24;
}];
};
};
environment.systemPackages = with pkgs; [
inputs.agenix.packages.aarch64-linux.default
];
virtualisation.docker = {
enable = true;
enableOnBoot = true;
};
}

39
hosts/morax/hardware.nix
View file

@ -1,39 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
fileSystems."/garage" = {
device = "/dev/sda1";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
# networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

3
hosts/morax/secrets.nix
View file

@ -1,3 +0,0 @@
{
}

6
hosts/valefar/default.nix
View file

@ -9,6 +9,9 @@
./hardware.nix
./secrets.nix
../../common/nvidia.nix
# Common secrets
../../host-secrets.nix
# Common modules shared across hosts
../../common/system.nix
@ -16,9 +19,6 @@
../../common/services.nix
../../common/efi.nix
# Common secrets
../../host-secrets.nix
# Hardware-specific (commented out)
# ../../common/nvidia.nix
];

0
secrets/build-token.age Normal file → Executable file
View file

0
secrets/garage-admin-token.age Normal file → Executable file
View file

0
secrets/garage-metrics-token.age Normal file → Executable file
View file

0
secrets/garage-rpc-secret.age Normal file → Executable file
View file

0
secrets/headscale-authkey.age Normal file → Executable file
View file