dotnix @main -
refs -
log -
-
https://git.jolheiser.com/dotnix.git
Signature
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgBTEvCQk6VqUAdN2RuH6bj1dNkY
oOpbPWj+jw4ua1B1cAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
AAAAQBys0/USdYbIHbrnhIIYQHjWLqFTRozoSRNb2EOU/t8CY4R84OhiL/Zi2rTKc4CkeF
0fvnBjgF/59cJPLmQsOQw=
-----END SSH SIGNATURE-----
diff --git a/flake.nix b/flake.nix
index 3d7ca78ab94c53ed22d42c64b0e43d54e7131057..9012df212992067a3bc28ff84683ae56189f4b9a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -202,13 +202,6 @@ };
};
nixosConfigurations = {
nixpkgs.follows = "nixpkgs";
- inherit system;
- modules = [
- ./machines/matcha
- commonConfig
- ];
- };
- nixpkgs.follows = "nixpkgs";
flake-utils.url = "github:numtide/flake-utils"; # Only expressed here to use for followers
inherit system;
modules = [
@@ -244,6 +237,12 @@ ./machines/dragonwell
];
services.tclip.package = inputs.tclip.packages.${pkgs.system}.tclipd;
};
+ gunpowder = {
+ imports = [
+ inputs.tsnet-serve.nixosModules.default
+ ./machines/gunpowder
+ ];
+ };
};
nixConfig = {
extra-substitutors = [ "https://jolheiser.cachix.org" ];
diff --git a/machines/common/nogui/default.nix b/machines/common/nogui/default.nix
index 8bc8c87c92ab9c0940eb07e1b0ed11053766dd7f..b16f021092ff16e8ce3f5956973e20e2426f39f1 100644
--- a/machines/common/nogui/default.nix
+++ b/machines/common/nogui/default.nix
@@ -72,11 +72,3 @@ };
services.tailscale.enable = true;
- environment = {
- systemPackages = with pkgs; [
- podman
- podman-compose
- podman-tui
- ];
- };
-
diff --git a/machines/gunpowder/default.nix b/machines/gunpowder/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..bb08710e748da4c28387f451e0166cf7eec59893
--- /dev/null
+++ b/machines/gunpowder/default.nix
@@ -0,0 +1,118 @@
+{ pkgs, ... }:
+let
+ username = "jolheiser";
+ key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJh5aUDN/KN28+4tbayXRQliLyKFZaCZtUMEBNaJfHYj";
+in
+{
+ imports = [ ./hardware.nix ];
+
+ boot = {
+ kernelPackages = pkgs.linuxPackages_latest;
+ kernelParams = [
+ "quiet"
+ "splash"
+ ];
+ loader.grub = {
+ enable = true;
+ device = "/dev/sda";
+ useOSProber = true;
+ enableCryptodisk = true;
+ };
+ };
+
+ boot.initrd.secrets = {
+ "/crypto_keyfile.bin" = null;
+ };
+
+ boot.initrd.luks.devices = {
+ "luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin";
+ "luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = {
+ device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb";
+ keyFile = "/crypto_keyfile.bin";
+ };
+ };
+
+ networking = {
+ hostName = "gunpowder";
+ networkmanager.enable = true;
+ firewall.enable = true;
+ };
+
+ services = {
+ xserver = {
+ enable = true;
+ displayManager.lightdm.enable = true;
+ desktopManager.xfce.enable = true;
+ };
+ openssh.enable = true;
+ tailscale.enable = true;
+ mullvad-vpn = {
+ enable = true;
+ package = pkgs.mullvad-vpn;
+ };
+ resolved.enable = true;
+
+ # media
+ jellyfin = {
+ enable = true;
+ openFirewall = true;
+ };
+ sonarr.enable = true;
+ radarr.enable = true;
+ bazarr.enable = true;
+ prowlarr.enable = true;
+ tsnet-serve.instances = {
+ jellyfin = {
+ enable = true;
+ backend = "http://127.0.0.1:9086";
+ authKey = "tskey-auth-k8LDnQ5Lba11CNTRL-5QbfHxZRs1UUPHm64ZEB2U4uzTjGR5t2"; # One-time key
+ };
+ sonarr = {
+ enable = true;
+ backend = "http://127.0.0.1:8989";
+ authKey = "tskey-auth-kb3G9Gp1s811CNTRL-uwN8PCBF9M9Q6jWDpQXSM98jj6o33tkAE"; # One-time key
+ };
+ radarr = {
+ enable = true;
+ backend = "http://127.0.0.1:7878";
+ authKey = "tskey-auth-kJY2J4DJke11CNTRL-m5TVetb5geTxiyrtyauyeTS9C4ZvfdvRL"; # One-time key
+ };
+ bazarr = {
+ enable = true;
+ backend = "http://127.0.0.1:6767";
+ authKey = "tskey-auth-kEh77KQqzx11CNTRL-zofQaxrHmcJFS5Y4p6Z4dJyxkbHB8DWQ"; # One-time key
+ };
+ prowlarr = {
+ enable = true;
+ backend = "http://127.0.0.1:9696";
+ authKey = "tskey-auth-kkFSG4vzTN11CNTRL-tt9A1vsHSoDfJQKkcCfjoDRxtTxa9ioDX"; # One-time key
+ };
+ };
+ };
+
+ users = {
+ users = {
+ "${username}" = {
+ extraGroups = [
+ "wheel"
+ "docker"
+ "storage"
+ ];
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [ key ];
+ };
+ "root".openssh.authorizedKeys.keys = [ key ];
+ };
+ groups.media.members = [
+ "jolheiser"
+ "olheiser"
+ "jellyfin"
+ "radarr"
+ "sonarr"
+ ];
+ };
+
+ environment.systemPackages = with pkgs; [ qbittorrent ];
+
+ system.stateVersion = "22.11";
+}
diff --git a/machines/matcha/default.nix b/machines/matcha/default.nix
deleted file mode 100644
index 6a277fdc31fcd8dd47f034523466a96de8c94479..0000000000000000000000000000000000000000
--- a/machines/matcha/default.nix
+++ /dev/null
@@ -1,65 +0,0 @@
-{ pkgs, ... }:
-let
- username = "jolheiser";
-in
-{
- imports = [
- ./hardware.nix
- ../common/gui
- ];
-
- boot = {
- kernelPackages = pkgs.linuxPackages_latest;
- kernelParams = [
- "quiet"
- "splash"
- ];
- loader.grub = {
- enable = true;
- device = "/dev/sda";
- useOSProber = true;
- enableCryptodisk = true;
- };
- };
-
- boot.initrd.secrets = {
- "/crypto_keyfile.bin" = null;
- };
-
- boot.initrd.luks.devices = {
- "luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin";
- "luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = {
- device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb";
- keyFile = "/crypto_keyfile.bin";
- };
- };
-
- hardware = {
- bluetooth.enable = true;
- };
-
- networking = {
- hostName = "matcha";
- networkmanager.enable = true;
- firewall.enable = true;
- };
-
- services = {
- blueman.enable = true;
- openssh.enable = true;
- pcscd.enable = true;
- };
-
- virtualisation.docker.enable = true;
-
- users.users."${username}" = {
- extraGroups = [
- "wheel"
- "docker"
- "storage"
- ];
- isNormalUser = true;
- };
-
- system.stateVersion = "22.11";
-}