diff --git a/flake.nix b/flake.nix index 9012df212992067a3bc28ff84683ae56189f4b9a..3d7ca78ab94c53ed22d42c64b0e43d54e7131057 100644 --- a/flake.nix +++ b/flake.nix @@ -202,6 +202,14 @@ }; }; nixosConfigurations = { { + git-age = inputs.git-age.packages.${prev.system}.default; + inherit system; + modules = [ + ./machines/matcha + commonConfig + ]; + }; +{ cfg = { inherit system; modules = [ @@ -237,12 +245,6 @@ ./machines/dragonwell ]; services.tclip.package = inputs.tclip.packages.${pkgs.system}.tclipd; }; - gunpowder = { - imports = [ - inputs.tsnet-serve.nixosModules.default - ./machines/gunpowder - ]; - }; }; nixConfig = { extra-substitutors = [ "https://jolheiser.cachix.org" ]; diff --git a/machines/common/nogui/default.nix b/machines/common/nogui/default.nix index b16f021092ff16e8ce3f5956973e20e2426f39f1..8bc8c87c92ab9c0940eb07e1b0ed11053766dd7f 100644 --- a/machines/common/nogui/default.nix +++ b/machines/common/nogui/default.nix @@ -71,4 +71,12 @@ ''; }; services.tailscale.enable = true; + + environment = { + systemPackages = with pkgs; [ + podman + podman-compose + podman-tui + ]; + }; } diff --git a/machines/gunpowder/default.nix b/machines/gunpowder/default.nix deleted file mode 100644 index bb08710e748da4c28387f451e0166cf7eec59893..0000000000000000000000000000000000000000 --- a/machines/gunpowder/default.nix +++ /dev/null @@ -1,118 +0,0 @@ -{ pkgs, ... }: -let - username = "jolheiser"; - key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJh5aUDN/KN28+4tbayXRQliLyKFZaCZtUMEBNaJfHYj"; -in -{ - imports = [ ./hardware.nix ]; - - boot = { - kernelPackages = pkgs.linuxPackages_latest; - kernelParams = [ - "quiet" - "splash" - ]; - loader.grub = { - enable = true; - device = "/dev/sda"; - useOSProber = true; - enableCryptodisk = true; - }; - }; - - boot.initrd.secrets = { - "/crypto_keyfile.bin" = null; - }; - - boot.initrd.luks.devices = { - "luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin"; - "luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = { - device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb"; - keyFile = "/crypto_keyfile.bin"; - }; - }; - - networking = { - hostName = "gunpowder"; - networkmanager.enable = true; - firewall.enable = true; - }; - - services = { - xserver = { - enable = true; - displayManager.lightdm.enable = true; - desktopManager.xfce.enable = true; - }; - openssh.enable = true; - tailscale.enable = true; - mullvad-vpn = { - enable = true; - package = pkgs.mullvad-vpn; - }; - resolved.enable = true; - - # media - jellyfin = { - enable = true; - openFirewall = true; - }; - sonarr.enable = true; - radarr.enable = true; - bazarr.enable = true; - prowlarr.enable = true; - tsnet-serve.instances = { - jellyfin = { - enable = true; - backend = "http://127.0.0.1:9086"; - authKey = "tskey-auth-k8LDnQ5Lba11CNTRL-5QbfHxZRs1UUPHm64ZEB2U4uzTjGR5t2"; # One-time key - }; - sonarr = { - enable = true; - backend = "http://127.0.0.1:8989"; - authKey = "tskey-auth-kb3G9Gp1s811CNTRL-uwN8PCBF9M9Q6jWDpQXSM98jj6o33tkAE"; # One-time key - }; - radarr = { - enable = true; - backend = "http://127.0.0.1:7878"; - authKey = "tskey-auth-kJY2J4DJke11CNTRL-m5TVetb5geTxiyrtyauyeTS9C4ZvfdvRL"; # One-time key - }; - bazarr = { - enable = true; - backend = "http://127.0.0.1:6767"; - authKey = "tskey-auth-kEh77KQqzx11CNTRL-zofQaxrHmcJFS5Y4p6Z4dJyxkbHB8DWQ"; # One-time key - }; - prowlarr = { - enable = true; - backend = "http://127.0.0.1:9696"; - authKey = "tskey-auth-kkFSG4vzTN11CNTRL-tt9A1vsHSoDfJQKkcCfjoDRxtTxa9ioDX"; # One-time key - }; - }; - }; - - users = { - users = { - "${username}" = { - extraGroups = [ - "wheel" - "docker" - "storage" - ]; - isNormalUser = true; - openssh.authorizedKeys.keys = [ key ]; - }; - "root".openssh.authorizedKeys.keys = [ key ]; - }; - groups.media.members = [ - "jolheiser" - "olheiser" - "jellyfin" - "radarr" - "sonarr" - ]; - }; - - environment.systemPackages = with pkgs; [ qbittorrent ]; - - system.stateVersion = "22.11"; -} diff --git a/machines/gunpowder/hardware.nix b/machines/matcha/hardware.nix rename from machines/gunpowder/hardware.nix rename to machines/matcha/hardware.nix diff --git a/machines/matcha/default.nix b/machines/matcha/default.nix new file mode 100644 index 0000000000000000000000000000000000000000..6a277fdc31fcd8dd47f034523466a96de8c94479 --- /dev/null +++ b/machines/matcha/default.nix @@ -0,0 +1,65 @@ +{ pkgs, ... }: +let + username = "jolheiser"; +in +{ + imports = [ + ./hardware.nix + ../common/gui + ]; + + boot = { + kernelPackages = pkgs.linuxPackages_latest; + kernelParams = [ + "quiet" + "splash" + ]; + loader.grub = { + enable = true; + device = "/dev/sda"; + useOSProber = true; + enableCryptodisk = true; + }; + }; + + boot.initrd.secrets = { + "/crypto_keyfile.bin" = null; + }; + + boot.initrd.luks.devices = { + "luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin"; + "luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = { + device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb"; + keyFile = "/crypto_keyfile.bin"; + }; + }; + + hardware = { + bluetooth.enable = true; + }; + + networking = { + hostName = "matcha"; + networkmanager.enable = true; + firewall.enable = true; + }; + + services = { + blueman.enable = true; + openssh.enable = true; + pcscd.enable = true; + }; + + virtualisation.docker.enable = true; + + users.users."${username}" = { + extraGroups = [ + "wheel" + "docker" + "storage" + ]; + isNormalUser = true; + }; + + system.stateVersion = "22.11"; +} diff --git a/secrets/shared/ssh-config.age b/secrets/shared/ssh-config.age index 88ba6bf134b66a207de24ca05fc81b92778d9896..1f1e089e70daac9ea40938279e88db0876760946 100644 Binary files a/secrets/shared/ssh-config.age and b/secrets/shared/ssh-config.age differ