remove morax add tailscale auth key

README.md

@@ -35,16 +35,6 @@ All machines are named after Goetic demons:
 - Vaultwarden password manager
 - Beszel
 
-### 🥧 Morax (Raspberry Pi 4)
-**Hardware**: Raspberry Pi 4
-
-**Services**:
-- Pi-hole DNS filtering
-- Speedtest monitoring (every 10 minutes)
-- Headscale connection
-
-**Notes**: Direct gigabit connection from router - looking to add more services to utilize bandwidth
-
 ### 🍎 Gabriel
 **Hardware**: M4 16gb Mac Mini
 

common/services.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 {
   # system packages + services
   environment.systemPackages = with pkgs; [
@@ -21,4 +21,6 @@
   services.printing.enable        = true;
   services.tailscale.enable       = true;
   services.tailscale.useRoutingFeatures = "both";
+  services.tailscale.authKeyFile = lib.mkIf (config ? age && config.age ? secrets) 
+    config.age.secrets."headscale-authkey".path;
 }

flake.nix

@@ -45,21 +45,12 @@
             system = "x86_64-linux";
           };
           modules = [
-            ./hosts/focalor
-            lix-module.nixosModules.default
-
-            /*microvm.nixosModules.host
-            {
-              microvm.autostart = [
-                "windows"
-              ];
-            }*/
-
-            vscode-server.nixosModules.default
             agenix.nixosModules.default
 
+            ./hosts/focalor
+            lix-module.nixosModules.default
+            vscode-server.nixosModules.default
             catppuccin.nixosModules.catppuccin
-
             home-manager.nixosModules.home-manager
             {
               home-manager.useGlobalPkgs = true;
@@ -83,11 +74,11 @@
             system = "x86_64-linux";
           };
           modules = [
+            agenix.nixosModules.default
+
             ./hosts/valefar
             lix-module.nixosModules.default
-
             vscode-server.nixosModules.default
-            agenix.nixosModules.default
             microvm.nixosModules.host
             
             { imports = builtins.attrValues nixosModules; }
@@ -106,34 +97,6 @@
             agenix.nixosModules.default
           ];
         };
-
-        morax = nixpkgs.lib.nixosSystem {
-          system = "aarch64-linux";
-          specialArgs = {
-            inherit inputs;
-            system = "aarch64-linux";
-          };
-          modules = [
-            ./hosts/morax
-            nixos-hardware.nixosModules.raspberry-pi-4
-            
-            agenix.nixosModules.default
-            { imports = builtins.attrValues nixosModules; }
-          ];
-        };
-
-
-        # Easy to add more hosts
-        /*
-          server2 = nixpkgs.lib.nixosSystem {
-            system = "x86_64-linux";
-            modules = [
-              ./hosts/server2
-              agenix.nixosModules.default
-              # different services for server2
-            ];
-          };
-        */
       };
     };
 }

hosts/morax/default.nix

@@ -1,56 +0,0 @@
-{ config, lib, pkgs, modulesPath, inputs, ... }:
-
-{
-  imports = [
-    ./hardware.nix
-    ./secrets.nix
-    
-    ../../common/system.nix
-    ../../common/users.nix
-    ../../common/services.nix
-    ../../host-secrets.nix
-  ];
-
-  # Enable modules
-  modules.caddy.enable = true;
-  modules.garage.enable = true;
-
-  modules.caddy = {
-    email = "ana@nekomimi.pet";
-    reverseProxies = {
-      "s3.nkp.pet" = ["valefar:3900" "morax:3900"];
-    };
-  };
-
-  system.stateVersion = "25.05";
-
-  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
-  hardware.enableRedistributableFirmware = true;
-  hardware.enableAllHardware = lib.mkForce false; #https://github.com/NixOS/nixpkgs/issues/154163#issuecomment-2868994145
-
-  networking = {
-    hostName = "morax";
-    hostId = "2631a44a";
-    firewall.enable = false;
-    defaultGateway = {
-      address = "10.0.0.1";
-      interface = "eth0";
-    };
-    nameservers = [ "1.1.1.1" ];
-    interfaces.eth0 = {
-      ipv4.addresses = [{
-        address = "10.0.0.210";
-        prefixLength = 24;
-      }];
-    };
-  };
-
-  environment.systemPackages = with pkgs; [
-    inputs.agenix.packages.aarch64-linux.default
-  ];
-
-  virtualisation.docker = {
-    enable = true;
-    enableOnBoot = true;
-  };
-}

hosts/morax/hardware.nix

@@ -1,39 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
-      fsType = "ext4";
-    };
-
-  fileSystems."/garage" = {
-  device = "/dev/sda1";
-    fsType = "ext4";
-  };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.docker0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
-}

hosts/morax/secrets.nix

@@ -1,3 +0,0 @@
-{
-  
-}

hosts/valefar/default.nix

@@ -10,15 +10,15 @@
     ./secrets.nix
     ../../common/nvidia.nix
 
+    # Common secrets
+    ../../host-secrets.nix
+    
     # Common modules shared across hosts
     ../../common/system.nix
     ../../common/users.nix
     ../../common/services.nix
     ../../common/efi.nix
     
-    # Common secrets
-    ../../host-secrets.nix
-    
     # Hardware-specific (commented out)
     # ../../common/nvidia.nix
   ];