dotnix @main -
refs -
log -
-
https://git.jolheiser.com/dotnix.git
Signature
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgBTEvCQk6VqUAdN2RuH6bj1dNkY
oOpbPWj+jw4ua1B1cAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
AAAAQBO7XAs+G8NfLgtohZVxe9cK6YeCHwvAskPdvsPtiA/JqeXQrrKfNvBHQ6ZOmtiOQc
KMoID15VJXamKpPWWv2gM=
-----END SSH SIGNATURE-----
diff --git a/machines/gunpowder/default.nix b/machines/gunpowder/default.nix
deleted file mode 100644
index ecc71d202176df9af5e039e51c20ef0c4bbc262c..0000000000000000000000000000000000000000
--- a/machines/gunpowder/default.nix
+++ /dev/null
@@ -1,133 +0,0 @@
-{ pkgs, ... }:
-let
- username = "jolheiser";
- key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJh5aUDN/KN28+4tbayXRQliLyKFZaCZtUMEBNaJfHYj";
-in
-{
- imports = [ ./hardware.nix ];
-
- boot = {
- kernelPackages = pkgs.linuxPackages_latest;
- kernelParams = [
- "quiet"
- "splash"
- ];
- loader.grub = {
- enable = true;
- device = "/dev/sda";
- useOSProber = true;
- enableCryptodisk = true;
- };
- };
-
- boot.initrd.secrets = {
- "/crypto_keyfile.bin" = null;
- };
-
- boot.initrd.luks.devices = {
- "luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin";
- "luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = {
- device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb";
- keyFile = "/crypto_keyfile.bin";
- };
- };
-
- networking = {
- hostName = "gunpowder";
- networkmanager.enable = true;
- firewall.enable = true;
- };
-
- services = {
- xserver = {
- enable = true;
- displayManager.lightdm.enable = true;
- desktopManager.xfce.enable = true;
- };
- openssh.enable = true;
- tailscale.enable = true;
- mullvad-vpn = {
- enable = true;
- package = pkgs.mullvad-vpn;
- };
- resolved.enable = true;
-
- # media
- jellyfin = {
- enable = true;
- openFirewall = true;
- };
- tailproxy.jellyfin = {
- enable = true;
- hostname = "jellyfin";
- port = 8096;
- authKey = "tskey-auth-khZwt3ASDX11CNTRL-jYDAVuX7VVLCebLUGdvnVLLoUkeEevXEV"; # One-time key
- };
- sonarr = {
- enable = true;
- openFirewall = true;
- };
- tailproxy.sonarr = {
- enable = true;
- hostname = "sonarr";
- port = 8989;
- authKey = "tskey-auth-k1mZ4587A511CNTRL-uxq54KBAvb6YuhvZbxscb6rf7x8UwNiP"; # One-time key
- };
- radarr = {
- enable = true;
- openFirewall = true;
- };
- tailproxy.radarr = {
- enable = true;
- hostname = "radarr";
- port = 7878;
- authKey = "tskey-auth-kjuWphWmFp11CNTRL-dcpVCTbdPTAAiqQHaKVhTA27uNQeHxmq5"; # One-time key
- };
- bazarr = {
- enable = true;
- openFirewall = true;
- };
- tailproxy.bazarr = {
- enable = true;
- hostname = "bazarr";
- port = 6767;
- authKey = "tskey-auth-kydeAt7KDA21CNTRL-bLfZMG4ip4i4a91DX1b85ipjnZi9KgoN9"; # One-time key
- };
- prowlarr = {
- enable = true;
- openFirewall = true;
- };
- tailproxy.prowlarr = {
- enable = true;
- hostname = "prowlarr";
- port = 9696;
- authKey = "tskey-auth-koCbGEVEvh11CNTRL-7pxqVBdP4v5xNvsPP5mMv5oW8PrgVQmb"; # One-time key
- };
- };
-
- users = {
- users = {
- "${username}" = {
- extraGroups = [
- "wheel"
- "docker"
- "storage"
- ];
- isNormalUser = true;
- openssh.authorizedKeys.keys = [ key ];
- };
- "root".openssh.authorizedKeys.keys = [ key ];
- };
- groups.media.members = [
- "jolheiser"
- "olheiser"
- "jellyfin"
- "radarr"
- "sonarr"
- ];
- };
-
- environment.systemPackages = with pkgs; [ qbittorrent ];
-
- system.stateVersion = "22.11";
-}
diff --git a/machines/gunpowder/hardware.nix b/machines/gunpowder/hardware.nix
deleted file mode 100644
index 769cc22055d3d1887053e3492a86c51e14cdd08b..0000000000000000000000000000000000000000
--- a/machines/gunpowder/hardware.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
- config,
- lib,
- modulesPath,
- ...
-}:
-{
- imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
- boot.initrd.availableKernelModules = [
- "xhci_pci"
- "ehci_pci"
- "ahci"
- "usb_storage"
- "usbhid"
- "sd_mod"
- "rtsx_pci_sdmmc"
- ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" = {
- device = "/dev/disk/by-uuid/a3e3e496-9497-4340-9750-2104e2ab22ab";
- fsType = "ext4";
- };
-
- fileSystems."/mnt/hdd" = {
- device = "/dev/disk/by-uuid/eb8ad2da-12cf-454b-aa20-e497c4550b7c";
- fsType = "ext4";
- options = [
- "users"
- "nofail"
- "gid=users"
- ];
- };
-
- boot.initrd.luks.devices."luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".device = "/dev/disk/by-uuid/1f9bde68-9c4c-423c-a95f-17aa170dd2b4";
-
- swapDevices = [ { device = "/dev/disk/by-uuid/7e84d904-b00a-4c6c-aba4-ec1dde2dff85"; } ];
-
- # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
- # (the default) this is the recommended approach. When using systemd-networkd it's
- # still possible to use this option, but it's recommended to use it in conjunction
- # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
- networking.useDHCP = lib.mkDefault true;
- # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
- # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
-
- nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
- hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}