forked from pub-solar/os
SQ cube
This commit is contained in:
parent
5117333177
commit
06d72216b5
165
flake.lock
165
flake.lock
|
@ -20,26 +20,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"beautysh": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"poetry2nix": "poetry2nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1641830469,
|
||||
"narHash": "sha256-uhDmgNP/biOWe4FtOa6c2xZnREH+NP9rdrMm0LccRUk=",
|
||||
"owner": "lovesegfault",
|
||||
"repo": "beautysh",
|
||||
"rev": "e85d9736927c0fcf2abb05cb3a2d8d9b4502a2eb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lovesegfault",
|
||||
"repo": "beautysh",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"blank": {
|
||||
"locked": {
|
||||
"lastModified": 1625557891,
|
||||
|
@ -55,31 +35,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"bud": {
|
||||
"inputs": {
|
||||
"beautysh": "beautysh",
|
||||
"devshell": [
|
||||
"digga",
|
||||
"devshell"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixos"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1654190822,
|
||||
"narHash": "sha256-B8z3stYaULNDBBjzJHrFHGgiJHrLqhBkxH+9u5iBP7E=",
|
||||
"owner": "divnix",
|
||||
"repo": "bud",
|
||||
"rev": "0ff3e4e4b8791ea4d827bf5bfcac28cef060f209",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "divnix",
|
||||
"repo": "bud",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"darwin": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -145,7 +100,7 @@
|
|||
},
|
||||
"devshell": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_2",
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"digga",
|
||||
"nixpkgs"
|
||||
|
@ -251,11 +206,11 @@
|
|||
},
|
||||
"flake-utils": {
|
||||
"locked": {
|
||||
"lastModified": 1631561581,
|
||||
"narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=",
|
||||
"lastModified": 1642700792,
|
||||
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19",
|
||||
"rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -266,7 +221,7 @@
|
|||
},
|
||||
"flake-utils-plus": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_3"
|
||||
"flake-utils": "flake-utils_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1654029967,
|
||||
|
@ -284,21 +239,6 @@
|
|||
}
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"locked": {
|
||||
"lastModified": 1642700792,
|
||||
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_3": {
|
||||
"locked": {
|
||||
"lastModified": 1644229661,
|
||||
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
|
||||
|
@ -313,22 +253,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_4": {
|
||||
"locked": {
|
||||
"lastModified": 1656928814,
|
||||
"narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_5": {
|
||||
"flake-utils_3": {
|
||||
"locked": {
|
||||
"lastModified": 1649676176,
|
||||
"narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
|
||||
|
@ -436,27 +361,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-dram": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_4",
|
||||
"nixpkgs": [
|
||||
"latest"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1660180791,
|
||||
"narHash": "sha256-oPO+keK4S9daL9ubU51hZ+QOWVSMbZ56F20iFI9Px3s=",
|
||||
"owner": "dramforever",
|
||||
"repo": "nix-dram",
|
||||
"rev": "ae7f0b7c5d39eec5941fe21e9f202106bdea9ac2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "dramforever",
|
||||
"repo": "nix-dram",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixlib": {
|
||||
"locked": {
|
||||
"lastModified": 1636849918,
|
||||
|
@ -491,7 +395,7 @@
|
|||
"nixos-generators": {
|
||||
"inputs": {
|
||||
"nixlib": "nixlib",
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1660661347,
|
||||
|
@ -524,16 +428,16 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1633971123,
|
||||
"narHash": "sha256-WmI4NbH1IPGFWVkuBkKoYgOnxgwSfWDgdZplJlQ93vA=",
|
||||
"lastModified": 1637186689,
|
||||
"narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "e4ef597edfd8a0ba5f12362932fc9b1dd01a0aef",
|
||||
"rev": "7fad01d9d5a3f82081c00fb57918d64145dc904c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable-small",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
|
@ -554,22 +458,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1637186689,
|
||||
"narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "7fad01d9d5a3f82081c00fb57918d64145dc904c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nur": {
|
||||
"locked": {
|
||||
"lastModified": 0,
|
||||
|
@ -585,7 +473,7 @@
|
|||
"nvfetcher": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_3",
|
||||
"flake-utils": "flake-utils_5",
|
||||
"flake-utils": "flake-utils_3",
|
||||
"nixpkgs": [
|
||||
"nixos"
|
||||
]
|
||||
|
@ -604,37 +492,9 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"poetry2nix": {
|
||||
"inputs": {
|
||||
"flake-utils": [
|
||||
"bud",
|
||||
"beautysh",
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"bud",
|
||||
"beautysh",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1633382856,
|
||||
"narHash": "sha256-hYlet806M9xJj4yxf0g5fhDT2IEUVIMAl7sqIeZ8DUM=",
|
||||
"owner": "nix-community",
|
||||
"repo": "poetry2nix",
|
||||
"rev": "705cbfa10e3d9bfed2e59e0256844ae3704dbd7e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "poetry2nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"bud": "bud",
|
||||
"darwin": "darwin",
|
||||
"deploy": "deploy",
|
||||
"digga": "digga",
|
||||
|
@ -642,7 +502,6 @@
|
|||
"latest": "latest_2",
|
||||
"musnix": "musnix",
|
||||
"naersk": "naersk",
|
||||
"nix-dram": "nix-dram",
|
||||
"nixos": "nixos",
|
||||
"nixos-generators": "nixos-generators",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
|
|
|
@ -133,10 +133,10 @@
|
|||
iso = base ++ [ base-user graphical pub-solar-iso ];
|
||||
pubsolaros = [ base-user users.root ];
|
||||
anonymous = [ pubsolaros users.pub-solar ];
|
||||
pubsolaros-light = [ core-light base-user users.root ];
|
||||
pubsolaros-light = [ base-user users.root ];
|
||||
hensoko = pubsolaros ++ [ users.hensoko ];
|
||||
hensoko-light = pubsolaros-light ++ [ users.hensoko ];
|
||||
hensoko-iot = [ core-light base-user users.root users.hensoko ];
|
||||
hensoko-iot = [ base-user users.root users.hensoko ];
|
||||
|
||||
# server
|
||||
cube = hensoko-iot;
|
||||
|
@ -182,8 +182,7 @@
|
|||
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
|
||||
|
||||
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
|
||||
cube = {
|
||||
};
|
||||
cube = { };
|
||||
companion = {
|
||||
#profilesOrder = [ "system" "direnv" ];
|
||||
#profiles.direnv = {
|
||||
|
|
|
@ -5,10 +5,10 @@
|
|||
[
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
./home-controller.nix
|
||||
./acme.nix
|
||||
./home-assistant.nix
|
||||
./nextcloud.nix
|
||||
./wireguard.nix
|
||||
];
|
||||
|
||||
# Use the GRUB 2 boot loader.
|
||||
|
@ -34,7 +34,7 @@
|
|||
|
||||
services.openssh.ports = [ 2222 ];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 2222 ];
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 2222 ];
|
||||
networking.firewall.allowedUDPPorts = [ 51899 ];
|
||||
networking.firewall.enable = lib.mkForce true;
|
||||
|
||||
|
|
|
@ -9,5 +9,5 @@ in
|
|||
./configuration.nix
|
||||
];
|
||||
|
||||
|
||||
pub-solar.core.disk-encryption-active = false;
|
||||
}
|
||||
|
|
|
@ -1,48 +0,0 @@
|
|||
{ self, config, pkgs, ... }:
|
||||
|
||||
{
|
||||
config = {
|
||||
age.secrets.home_controller_k3s_token.file = "${self}/secrets/home_controller_k3s_server_token.age";
|
||||
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_cube_wireguard_key.age";
|
||||
|
||||
pub-solar.home-controller = {
|
||||
enable = true;
|
||||
role = "agent";
|
||||
ownIp = "10.0.1.5";
|
||||
|
||||
k3s = {
|
||||
enableLocalStorage = false;
|
||||
enableZfs = false;
|
||||
serverAddr = "https://api.kube:6443";
|
||||
tokenFile = "/run/agenix/home_controller_k3s_token";
|
||||
};
|
||||
|
||||
wireguard = {
|
||||
privateKeyFile = "/run/agenix/home_controller_wireguard";
|
||||
peers = [
|
||||
{
|
||||
# giggles
|
||||
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
|
||||
allowedIPs = [ "10.0.1.11/32" ];
|
||||
}
|
||||
{
|
||||
# cox
|
||||
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
|
||||
allowedIPs = [ "10.0.1.12/32" ];
|
||||
}
|
||||
{
|
||||
# companion
|
||||
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
|
||||
allowedIPs = [ "10.0.1.13/32" ];
|
||||
}
|
||||
|
||||
{
|
||||
# hsha
|
||||
publicKey = "sC0wWHE/tvNaVYX3QQTHQUmSTTjZMOjkQ5x/qy6qjTc=";
|
||||
allowedIPs = [ "10.0.1.254/32" ];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -52,7 +52,7 @@
|
|||
package = pkgs.nextcloud24;
|
||||
hostName = "data.gssws.de";
|
||||
https = true;
|
||||
#datadir = "/mnt/internal/nextcloud";
|
||||
datadir = "/mnt/internal/nextcloud";
|
||||
autoUpdateApps.enable = true;
|
||||
autoUpdateApps.startAt = "05:00:00";
|
||||
|
||||
|
|
63
hosts/cube/wireguard.nix
Normal file
63
hosts/cube/wireguard.nix
Normal file
|
@ -0,0 +1,63 @@
|
|||
{ self, config, pkgs, ... }:
|
||||
|
||||
{
|
||||
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_cube_wireguard_key.age";
|
||||
|
||||
|
||||
systemd.services.wireguard-wg0.serviceConfig.Restart = "on-failure";
|
||||
systemd.services.wireguard-wg0.serviceConfig.RestartSec = "5s";
|
||||
|
||||
# Enable WireGuard
|
||||
networking.wireguard.interfaces = {
|
||||
wg1 = {
|
||||
# Determines the IP address and subnet of the client's end of the tunnel interface.
|
||||
ips = [ "10.0.1.5" ];
|
||||
listenPort = 51899; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
|
||||
|
||||
# Path to the private key file.
|
||||
#
|
||||
# Note: The private key can also be included inline via the privateKey option,
|
||||
# but this makes the private key world-readable; thus, using privateKeyFile is
|
||||
# recommended.
|
||||
privateKeyFile = "/run/agenix/home_controller_wireguard";
|
||||
|
||||
peers = [
|
||||
# For a client configuration, one peer entry for the server will suffice.
|
||||
|
||||
{
|
||||
# giggles
|
||||
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
|
||||
allowedIPs = [ "10.0.1.11/32" ];
|
||||
|
||||
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
{
|
||||
# cox
|
||||
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
|
||||
allowedIPs = [ "10.0.1.12/32" ];
|
||||
|
||||
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
{
|
||||
# companion
|
||||
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
|
||||
allowedIPs = [ "10.0.1.13/32" ];
|
||||
|
||||
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
|
||||
{
|
||||
# hsha
|
||||
publicKey = "sC0wWHE/tvNaVYX3QQTHQUmSTTjZMOjkQ5x/qy6qjTc=";
|
||||
allowedIPs = [ "10.0.1.254/32" ];
|
||||
|
||||
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue