1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

diff --git a/flake.nix b/flake.nix
index 3d7ca78ab94c53ed22d42c64b0e43d54e7131057..9012df212992067a3bc28ff84683ae56189f4b9a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -201,13 +201,6 @@           modules = homeManagerModules ++ [ ./apps/de ];
         };
       };
       nixosConfigurations = {
-        "matcha" = nixpkgs.lib.nixosSystem {
-          inherit system;
-          modules = [
-            ./machines/matcha
-            commonConfig
-          ];
-        };
         "genmaicha" = nixpkgs.lib.nixosSystem {
           inherit system;
           modules = [
@@ -243,6 +236,12 @@               ./machines/dragonwell
             ];
             services.tclip.package = inputs.tclip.packages.${pkgs.system}.tclipd;
           };
+        gunpowder = {
+          imports = [
+            inputs.tsnet-serve.nixosModules.default
+            ./machines/gunpowder
+          ];
+        };
       };
       nixConfig = {
         extra-substitutors = [ "https://jolheiser.cachix.org" ];

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

diff --git a/machines/common/nogui/default.nix b/machines/common/nogui/default.nix
index 8bc8c87c92ab9c0940eb07e1b0ed11053766dd7f..b16f021092ff16e8ce3f5956973e20e2426f39f1 100644
--- a/machines/common/nogui/default.nix
+++ b/machines/common/nogui/default.nix
@@ -71,12 +71,4 @@     '';
   };
 
   services.tailscale.enable = true;
-
-  environment = {
-    systemPackages = with pkgs; [
-      podman
-      podman-compose
-      podman-tui
-    ];
-  };
 }

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

diff --git a/machines/gunpowder/default.nix b/machines/gunpowder/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..bb08710e748da4c28387f451e0166cf7eec59893
--- /dev/null
+++ b/machines/gunpowder/default.nix
@@ -0,0 +1,118 @@
+{ pkgs, ... }:
+let
+  username = "jolheiser";
+  key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJh5aUDN/KN28+4tbayXRQliLyKFZaCZtUMEBNaJfHYj";
+in
+{
+  imports = [ ./hardware.nix ];
+
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    kernelParams = [
+      "quiet"
+      "splash"
+    ];
+    loader.grub = {
+      enable = true;
+      device = "/dev/sda";
+      useOSProber = true;
+      enableCryptodisk = true;
+    };
+  };
+
+  boot.initrd.secrets = {
+    "/crypto_keyfile.bin" = null;
+  };
+
+  boot.initrd.luks.devices = {
+    "luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin";
+    "luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = {
+      device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb";
+      keyFile = "/crypto_keyfile.bin";
+    };
+  };
+
+  networking = {
+    hostName = "gunpowder";
+    networkmanager.enable = true;
+    firewall.enable = true;
+  };
+
+  services = {
+    xserver = {
+      enable = true;
+      displayManager.lightdm.enable = true;
+      desktopManager.xfce.enable = true;
+    };
+    openssh.enable = true;
+    tailscale.enable = true;
+    mullvad-vpn = {
+      enable = true;
+      package = pkgs.mullvad-vpn;
+    };
+    resolved.enable = true;
+
+    # media
+    jellyfin = {
+      enable = true;
+      openFirewall = true;
+    };
+    sonarr.enable = true;
+    radarr.enable = true;
+    bazarr.enable = true;
+    prowlarr.enable = true;
+    tsnet-serve.instances = {
+      jellyfin = {
+        enable = true;
+        backend = "http://127.0.0.1:9086";
+        authKey = "tskey-auth-k8LDnQ5Lba11CNTRL-5QbfHxZRs1UUPHm64ZEB2U4uzTjGR5t2"; # One-time key
+      };
+      sonarr = {
+        enable = true;
+        backend = "http://127.0.0.1:8989";
+        authKey = "tskey-auth-kb3G9Gp1s811CNTRL-uwN8PCBF9M9Q6jWDpQXSM98jj6o33tkAE"; # One-time key
+      };
+      radarr = {
+        enable = true;
+        backend = "http://127.0.0.1:7878";
+        authKey = "tskey-auth-kJY2J4DJke11CNTRL-m5TVetb5geTxiyrtyauyeTS9C4ZvfdvRL"; # One-time key
+      };
+      bazarr = {
+        enable = true;
+        backend = "http://127.0.0.1:6767";
+        authKey = "tskey-auth-kEh77KQqzx11CNTRL-zofQaxrHmcJFS5Y4p6Z4dJyxkbHB8DWQ"; # One-time key
+      };
+      prowlarr = {
+        enable = true;
+        backend = "http://127.0.0.1:9696";
+        authKey = "tskey-auth-kkFSG4vzTN11CNTRL-tt9A1vsHSoDfJQKkcCfjoDRxtTxa9ioDX"; # One-time key
+      };
+    };
+  };
+
+  users = {
+    users = {
+      "${username}" = {
+        extraGroups = [
+          "wheel"
+          "docker"
+          "storage"
+        ];
+        isNormalUser = true;
+        openssh.authorizedKeys.keys = [ key ];
+      };
+      "root".openssh.authorizedKeys.keys = [ key ];
+    };
+    groups.media.members = [
+      "jolheiser"
+      "olheiser"
+      "jellyfin"
+      "radarr"
+      "sonarr"
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [ qbittorrent ];
+
+  system.stateVersion = "22.11";
+}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

diff --git a/machines/matcha/default.nix b/machines/matcha/default.nix
deleted file mode 100644
index 6a277fdc31fcd8dd47f034523466a96de8c94479..0000000000000000000000000000000000000000
--- a/machines/matcha/default.nix
+++ /dev/null
@@ -1,65 +0,0 @@
-{ pkgs, ... }:
-let
-  username = "jolheiser";
-in
-{
-  imports = [
-    ./hardware.nix
-    ../common/gui
-  ];
-
-  boot = {
-    kernelPackages = pkgs.linuxPackages_latest;
-    kernelParams = [
-      "quiet"
-      "splash"
-    ];
-    loader.grub = {
-      enable = true;
-      device = "/dev/sda";
-      useOSProber = true;
-      enableCryptodisk = true;
-    };
-  };
-
-  boot.initrd.secrets = {
-    "/crypto_keyfile.bin" = null;
-  };
-
-  boot.initrd.luks.devices = {
-    "luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin";
-    "luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = {
-      device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb";
-      keyFile = "/crypto_keyfile.bin";
-    };
-  };
-
-  hardware = {
-    bluetooth.enable = true;
-  };
-
-  networking = {
-    hostName = "matcha";
-    networkmanager.enable = true;
-    firewall.enable = true;
-  };
-
-  services = {
-    blueman.enable = true;
-    openssh.enable = true;
-    pcscd.enable = true;
-  };
-
-  virtualisation.docker.enable = true;
-
-  users.users."${username}" = {
-    extraGroups = [
-      "wheel"
-      "docker"
-      "storage"
-    ];
-    isNormalUser = true;
-  };
-
-  system.stateVersion = "22.11";
-}

1
2
3

diff --git a/machines/matcha/hardware.nix b/machines/gunpowder/hardware.nix
rename from machines/matcha/hardware.nix
rename to machines/gunpowder/hardware.nix

1
2
3

diff --git a/secrets/shared/ssh-config.age b/secrets/shared/ssh-config.age
index 1f1e089e70daac9ea40938279e88db0876760946..88ba6bf134b66a207de24ca05fc81b92778d9896 100644
Binary files a/secrets/shared/ssh-config.age and b/secrets/shared/ssh-config.age differ