Home

dotnix @main - refs - log -
-
https://git.jolheiser.com/dotnix.git
My nix dotfiles
tree log patch
feat: gunpowder Signed-off-by: jolheiser <git@jolheiser.com>
Signature
-----BEGIN SSH SIGNATURE----- U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgBTEvCQk6VqUAdN2RuH6bj1dNkY oOpbPWj+jw4ua1B1cAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5 AAAAQBys0/USdYbIHbrnhIIYQHjWLqFTRozoSRNb2EOU/t8CY4R84OhiL/Zi2rTKc4CkeF 0fvnBjgF/59cJPLmQsOQw= -----END SSH SIGNATURE-----
jolheiser <git@jolheiser.com>
3 months ago
5 changed files, 124 additions(+), 80 deletions(-)
M flake.nix -> flake.nix
diff --git a/flake.nix b/flake.nix
index 3d7ca78ab94c53ed22d42c64b0e43d54e7131057..9012df212992067a3bc28ff84683ae56189f4b9a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -202,13 +202,6 @@         };
       };
       nixosConfigurations = {
         nixpkgs.follows = "nixpkgs";
-          inherit system;
-          modules = [
-            ./machines/matcha
-            commonConfig
-          ];
-        };
-        nixpkgs.follows = "nixpkgs";
     flake-utils.url = "github:numtide/flake-utils"; # Only expressed here to use for followers
           inherit system;
           modules = [
@@ -244,6 +237,12 @@               ./machines/dragonwell
             ];
             services.tclip.package = inputs.tclip.packages.${pkgs.system}.tclipd;
           };
+        gunpowder = {
+          imports = [
+            inputs.tsnet-serve.nixosModules.default
+            ./machines/gunpowder
+          ];
+        };
       };
       nixConfig = {
         extra-substitutors = [ "https://jolheiser.cachix.org" ];
M machines/common/nogui/default.nix -> machines/common/nogui/default.nix
diff --git a/machines/common/nogui/default.nix b/machines/common/nogui/default.nix
index 8bc8c87c92ab9c0940eb07e1b0ed11053766dd7f..b16f021092ff16e8ce3f5956973e20e2426f39f1 100644
--- a/machines/common/nogui/default.nix
+++ b/machines/common/nogui/default.nix
@@ -72,11 +72,3 @@   };
 
   services.tailscale.enable = true;
 
-  environment = {
-    systemPackages = with pkgs; [
-      podman
-      podman-compose
-      podman-tui
-    ];
-  };
-
I machines/gunpowder/default.nix
diff --git a/machines/gunpowder/default.nix b/machines/gunpowder/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..bb08710e748da4c28387f451e0166cf7eec59893
--- /dev/null
+++ b/machines/gunpowder/default.nix
@@ -0,0 +1,118 @@
+{ pkgs, ... }:
+let
+  username = "jolheiser";
+  key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJh5aUDN/KN28+4tbayXRQliLyKFZaCZtUMEBNaJfHYj";
+in
+{
+  imports = [ ./hardware.nix ];
+
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    kernelParams = [
+      "quiet"
+      "splash"
+    ];
+    loader.grub = {
+      enable = true;
+      device = "/dev/sda";
+      useOSProber = true;
+      enableCryptodisk = true;
+    };
+  };
+
+  boot.initrd.secrets = {
+    "/crypto_keyfile.bin" = null;
+  };
+
+  boot.initrd.luks.devices = {
+    "luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin";
+    "luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = {
+      device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb";
+      keyFile = "/crypto_keyfile.bin";
+    };
+  };
+
+  networking = {
+    hostName = "gunpowder";
+    networkmanager.enable = true;
+    firewall.enable = true;
+  };
+
+  services = {
+    xserver = {
+      enable = true;
+      displayManager.lightdm.enable = true;
+      desktopManager.xfce.enable = true;
+    };
+    openssh.enable = true;
+    tailscale.enable = true;
+    mullvad-vpn = {
+      enable = true;
+      package = pkgs.mullvad-vpn;
+    };
+    resolved.enable = true;
+
+    # media
+    jellyfin = {
+      enable = true;
+      openFirewall = true;
+    };
+    sonarr.enable = true;
+    radarr.enable = true;
+    bazarr.enable = true;
+    prowlarr.enable = true;
+    tsnet-serve.instances = {
+      jellyfin = {
+        enable = true;
+        backend = "http://127.0.0.1:9086";
+        authKey = "tskey-auth-k8LDnQ5Lba11CNTRL-5QbfHxZRs1UUPHm64ZEB2U4uzTjGR5t2"; # One-time key
+      };
+      sonarr = {
+        enable = true;
+        backend = "http://127.0.0.1:8989";
+        authKey = "tskey-auth-kb3G9Gp1s811CNTRL-uwN8PCBF9M9Q6jWDpQXSM98jj6o33tkAE"; # One-time key
+      };
+      radarr = {
+        enable = true;
+        backend = "http://127.0.0.1:7878";
+        authKey = "tskey-auth-kJY2J4DJke11CNTRL-m5TVetb5geTxiyrtyauyeTS9C4ZvfdvRL"; # One-time key
+      };
+      bazarr = {
+        enable = true;
+        backend = "http://127.0.0.1:6767";
+        authKey = "tskey-auth-kEh77KQqzx11CNTRL-zofQaxrHmcJFS5Y4p6Z4dJyxkbHB8DWQ"; # One-time key
+      };
+      prowlarr = {
+        enable = true;
+        backend = "http://127.0.0.1:9696";
+        authKey = "tskey-auth-kkFSG4vzTN11CNTRL-tt9A1vsHSoDfJQKkcCfjoDRxtTxa9ioDX"; # One-time key
+      };
+    };
+  };
+
+  users = {
+    users = {
+      "${username}" = {
+        extraGroups = [
+          "wheel"
+          "docker"
+          "storage"
+        ];
+        isNormalUser = true;
+        openssh.authorizedKeys.keys = [ key ];
+      };
+      "root".openssh.authorizedKeys.keys = [ key ];
+    };
+    groups.media.members = [
+      "jolheiser"
+      "olheiser"
+      "jellyfin"
+      "radarr"
+      "sonarr"
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [ qbittorrent ];
+
+  system.stateVersion = "22.11";
+}
D machines/matcha/default.nix
diff --git a/machines/matcha/default.nix b/machines/matcha/default.nix
deleted file mode 100644
index 6a277fdc31fcd8dd47f034523466a96de8c94479..0000000000000000000000000000000000000000
--- a/machines/matcha/default.nix
+++ /dev/null
@@ -1,65 +0,0 @@
-{ pkgs, ... }:
-let
-  username = "jolheiser";
-in
-{
-  imports = [
-    ./hardware.nix
-    ../common/gui
-  ];
-
-  boot = {
-    kernelPackages = pkgs.linuxPackages_latest;
-    kernelParams = [
-      "quiet"
-      "splash"
-    ];
-    loader.grub = {
-      enable = true;
-      device = "/dev/sda";
-      useOSProber = true;
-      enableCryptodisk = true;
-    };
-  };
-
-  boot.initrd.secrets = {
-    "/crypto_keyfile.bin" = null;
-  };
-
-  boot.initrd.luks.devices = {
-    "luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin";
-    "luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = {
-      device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb";
-      keyFile = "/crypto_keyfile.bin";
-    };
-  };
-
-  hardware = {
-    bluetooth.enable = true;
-  };
-
-  networking = {
-    hostName = "matcha";
-    networkmanager.enable = true;
-    firewall.enable = true;
-  };
-
-  services = {
-    blueman.enable = true;
-    openssh.enable = true;
-    pcscd.enable = true;
-  };
-
-  virtualisation.docker.enable = true;
-
-  users.users."${username}" = {
-    extraGroups = [
-      "wheel"
-      "docker"
-      "storage"
-    ];
-    isNormalUser = true;
-  };
-
-  system.stateVersion = "22.11";
-}
M machines/matcha/hardware.nix -> machines/gunpowder/hardware.nix
diff --git a/machines/matcha/hardware.nix b/machines/gunpowder/hardware.nix
rename from machines/matcha/hardware.nix
rename to machines/gunpowder/hardware.nix
M secrets/shared/ssh-config.age -> secrets/shared/ssh-config.age
diff --git a/secrets/shared/ssh-config.age b/secrets/shared/ssh-config.age
index 1f1e089e70daac9ea40938279e88db0876760946..88ba6bf134b66a207de24ca05fc81b92778d9896 100644
Binary files a/secrets/shared/ssh-config.age and b/secrets/shared/ssh-config.age differ