commit 2ba4eea37f7cffd0ba2b0ff3ed7bc1ebdf479630 · nekomimi.pet/nixcfg

-10

README.md

···

       35
        
       - Vaultwarden password manager

     

       36
        
       - Beszel

     

       37
        
       

     

       38
       -
       ### 🥧 Morax (Raspberry Pi 4)

     

       39
       -
       **Hardware**: Raspberry Pi 4

     

       40
       -
       

     

       41
       -
       **Services**:

     

       42
       -
       - Pi-hole DNS filtering

     

       43
       -
       - Speedtest monitoring (every 10 minutes)

     

       44
       -
       - Headscale connection

     

       45
       -
       

     

       46
       -
       **Notes**: Direct gigabit connection from router - looking to add more services to utilize bandwidth

     

       47
       -
       

     

       48
        
       ### 🍎 Gabriel

     

       49
        
       **Hardware**: M4 16gb Mac Mini

     

       50

···

       35
        
       - Vaultwarden password manager

     

       36
        
       - Beszel

     

       37
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       38
        
       ### 🍎 Gabriel

     

       39
        
       **Hardware**: M4 16gb Mac Mini

     

       40

+3 -1

common/services.nix

···

       1
       -
       { config, pkgs, ... }:

     

       2
        
       {

     

       3
        
         # system packages + services

     

       4
        
         environment.systemPackages = with pkgs; [

     
···

       21
        
         services.printing.enable        = true;

     

       22
        
         services.tailscale.enable       = true;

     

       23
        
         services.tailscale.useRoutingFeatures = "both";

     

       0
        
       
     

       0
        
       
     

       24
        
       }

···

       1
       +
       { config, pkgs, lib, ... }:

     

       2
        
       {

     

       3
        
         # system packages + services

     

       4
        
         environment.systemPackages = with pkgs; [

     
···

       21
        
         services.printing.enable        = true;

     

       22
        
         services.tailscale.enable       = true;

     

       23
        
         services.tailscale.useRoutingFeatures = "both";

     

       24
       +
         services.tailscale.authKeyFile = lib.mkIf (config ? age && config.age ? secrets) 

     

       25
       +
           config.age.secrets."headscale-authkey".path;

     

       26
        
       }

+4 -41

flake.nix

···

       45
        
                   system = "x86_64-linux";

     

       46
        
                 };

     

       47
        
                 modules = [

     

       0
        
       
     

       0
        
       
     

       48
        
                   ./hosts/focalor

     

       49
        
                   lix-module.nixosModules.default

     

       50
       -
       

     

       51
       -
                   /*microvm.nixosModules.host

     

       52
       -
                   {

     

       53
       -
                     microvm.autostart = [

     

       54
       -
                       "windows"

     

       55
       -
                     ];

     

       56
       -
                   }*/

     

       57
       -
       

     

       58
        
                   vscode-server.nixosModules.default

     

       59
       -
                   agenix.nixosModules.default

     

       60
       -
       

     

       61
        
                   catppuccin.nixosModules.catppuccin

     

       62
       -
       

     

       63
        
                   home-manager.nixosModules.home-manager

     

       64
        
                   {

     

       65
        
                     home-manager.useGlobalPkgs = true;

     
···

       83
        
                   system = "x86_64-linux";

     

       84
        
                 };

     

       85
        
                 modules = [

     

       0
        
       
     

       0
        
       
     

       86
        
                   ./hosts/valefar

     

       87
        
                   lix-module.nixosModules.default

     

       88
       -
       

     

       89
        
                   vscode-server.nixosModules.default

     

       90
       -
                   agenix.nixosModules.default

     

       91
        
                   microvm.nixosModules.host

     

       92
        
                   

     

       93
        
                   { imports = builtins.attrValues nixosModules; }

     
···

       106
        
                   agenix.nixosModules.default

     

       107
        
                 ];

     

       108
        
               };

     

       109
       -
       

     

       110
       -
               morax = nixpkgs.lib.nixosSystem {

     

       111
       -
                 system = "aarch64-linux";

     

       112
       -
                 specialArgs = {

     

       113
       -
                   inherit inputs;

     

       114
       -
                   system = "aarch64-linux";

     

       115
       -
                 };

     

       116
       -
                 modules = [

     

       117
       -
                   ./hosts/morax

     

       118
       -
                   nixos-hardware.nixosModules.raspberry-pi-4

     

       119
       -
                   

     

       120
       -
                   agenix.nixosModules.default

     

       121
       -
                   { imports = builtins.attrValues nixosModules; }

     

       122
       -
                 ];

     

       123
       -
               };

     

       124
       -
       

     

       125
       -
       

     

       126
       -
               # Easy to add more hosts

     

       127
       -
               /*

     

       128
       -
                 server2 = nixpkgs.lib.nixosSystem {

     

       129
       -
                   system = "x86_64-linux";

     

       130
       -
                   modules = [

     

       131
       -
                     ./hosts/server2

     

       132
       -
                     agenix.nixosModules.default

     

       133
       -
                     # different services for server2

     

       134
       -
                   ];

     

       135
       -
                 };

     

       136
       -
               */

     

       137
        
             };

     

       138
        
           };

     

       139
        
       }

···

       45
        
                   system = "x86_64-linux";

     

       46
        
                 };

     

       47
        
                 modules = [

     

       48
       +
                   agenix.nixosModules.default

     

       49
       +
       

     

       50
        
                   ./hosts/focalor

     

       51
        
                   lix-module.nixosModules.default

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       52
        
                   vscode-server.nixosModules.default

     

       0
        
       
     

       0
        
       
     

       53
        
                   catppuccin.nixosModules.catppuccin

     

       0
        
       
     

       54
        
                   home-manager.nixosModules.home-manager

     

       55
        
                   {

     

       56
        
                     home-manager.useGlobalPkgs = true;

     
···

       74
        
                   system = "x86_64-linux";

     

       75
        
                 };

     

       76
        
                 modules = [

     

       77
       +
                   agenix.nixosModules.default

     

       78
       +
       

     

       79
        
                   ./hosts/valefar

     

       80
        
                   lix-module.nixosModules.default

     

       0
        
       
     

       81
        
                   vscode-server.nixosModules.default

     

       0
        
       
     

       82
        
                   microvm.nixosModules.host

     

       83
        
                   

     

       84
        
                   { imports = builtins.attrValues nixosModules; }

     
···

       97
        
                   agenix.nixosModules.default

     

       98
        
                 ];

     

       99
        
               };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       100
        
             };

     

       101
        
           };

     

       102
        
       }

-56

hosts/morax/default.nix

···

       1
       -
       { config, lib, pkgs, modulesPath, inputs, ... }:

     

       2
       -
       

     

       3
       -
       {

     

       4
       -
         imports = [

     

       5
       -
           ./hardware.nix

     

       6
       -
           ./secrets.nix

     

       7
       -
           

     

       8
       -
           ../../common/system.nix

     

       9
       -
           ../../common/users.nix

     

       10
       -
           ../../common/services.nix

     

       11
       -
           ../../host-secrets.nix

     

       12
       -
         ];

     

       13
       -
       

     

       14
       -
         # Enable modules

     

       15
       -
         modules.caddy.enable = true;

     

       16
       -
         modules.garage.enable = true;

     

       17
       -
       

     

       18
       -
         modules.caddy = {

     

       19
       -
           email = "ana@nekomimi.pet";

     

       20
       -
           reverseProxies = {

     

       21
       -
             "s3.nkp.pet" = ["valefar:3900" "morax:3900"];

     

       22
       -
           };

     

       23
       -
         };

     

       24
       -
       

     

       25
       -
         system.stateVersion = "25.05";

     

       26
       -
       

     

       27
       -
         nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";

     

       28
       -
         hardware.enableRedistributableFirmware = true;

     

       29
       -
         hardware.enableAllHardware = lib.mkForce false; #https://github.com/NixOS/nixpkgs/issues/154163#issuecomment-2868994145

     

       30
       -
       

     

       31
       -
         networking = {

     

       32
       -
           hostName = "morax";

     

       33
       -
           hostId = "2631a44a";

     

       34
       -
           firewall.enable = false;

     

       35
       -
           defaultGateway = {

     

       36
       -
             address = "10.0.0.1";

     

       37
       -
             interface = "eth0";

     

       38
       -
           };

     

       39
       -
           nameservers = [ "1.1.1.1" ];

     

       40
       -
           interfaces.eth0 = {

     

       41
       -
             ipv4.addresses = [{

     

       42
       -
               address = "10.0.0.210";

     

       43
       -
               prefixLength = 24;

     

       44
       -
             }];

     

       45
       -
           };

     

       46
       -
         };

     

       47
       -
       

     

       48
       -
         environment.systemPackages = with pkgs; [

     

       49
       -
           inputs.agenix.packages.aarch64-linux.default

     

       50
       -
         ];

     

       51
       -
       

     

       52
       -
         virtualisation.docker = {

     

       53
       -
           enable = true;

     

       54
       -
           enableOnBoot = true;

     

       55
       -
         };

     

       56
       -
       }

-39

hosts/morax/hardware.nix

···

       1
       -
       # Do not modify this file!  It was generated by ‘nixos-generate-config’

     

       2
       -
       # and may be overwritten by future invocations.  Please make changes

     

       3
       -
       # to /etc/nixos/configuration.nix instead.

     

       4
       -
       { config, lib, pkgs, modulesPath, ... }:

     

       5
       -
       

     

       6
       -
       {

     

       7
       -
         imports =

     

       8
       -
           [ (modulesPath + "/installer/scan/not-detected.nix")

     

       9
       -
           ];

     

       10
       -
       

     

       11
       -
         boot.initrd.availableKernelModules = [ "xhci_pci" ];

     

       12
       -
         boot.initrd.kernelModules = [ ];

     

       13
       -
         boot.kernelModules = [ ];

     

       14
       -
         boot.extraModulePackages = [ ];

     

       15
       -
       

     

       16
       -
         fileSystems."/" =

     

       17
       -
           { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";

     

       18
       -
             fsType = "ext4";

     

       19
       -
           };

     

       20
       -
       

     

       21
       -
         fileSystems."/garage" = {

     

       22
       -
         device = "/dev/sda1";

     

       23
       -
           fsType = "ext4";

     

       24
       -
         };

     

       25
       -
       

     

       26
       -
         swapDevices = [ ];

     

       27
       -
       

     

       28
       -
         # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

     

       29
       -
         # (the default) this is the recommended approach. When using systemd-networkd it's

     

       30
       -
         # still possible to use this option, but it's recommended to use it in conjunction

     

       31
       -
         # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.

     

       32
       -
         networking.useDHCP = lib.mkDefault true;

     

       33
       -
         # networking.interfaces.docker0.useDHCP = lib.mkDefault true;

     

       34
       -
         # networking.interfaces.eth0.useDHCP = lib.mkDefault true;

     

       35
       -
         # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;

     

       36
       -
         # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;

     

       37
       -
       

     

       38
       -
         nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";

     

       39
       -
       }

-3

hosts/morax/secrets.nix

+3 -3

hosts/valefar/default.nix

···

       9
        
           ./hardware.nix

     

       10
        
           ./secrets.nix

     

       11
        
           ../../common/nvidia.nix

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       12
        
           

     

       13
        
           # Common modules shared across hosts

     

       14
        
           ../../common/system.nix

     

       15
        
           ../../common/users.nix

     

       16
        
           ../../common/services.nix

     

       17
        
           ../../common/efi.nix

     

       18
       -
           

     

       19
       -
           # Common secrets

     

       20
       -
           ../../host-secrets.nix

     

       21
        
           

     

       22
        
           # Hardware-specific (commented out)

     

       23
        
           # ../../common/nvidia.nix

···

       9
        
           ./hardware.nix

     

       10
        
           ./secrets.nix

     

       11
        
           ../../common/nvidia.nix

     

       12
       +
       

     

       13
       +
           # Common secrets

     

       14
       +
           ../../host-secrets.nix

     

       15
        
           

     

       16
        
           # Common modules shared across hosts

     

       17
        
           ../../common/system.nix

     

       18
        
           ../../common/users.nix

     

       19
        
           ../../common/services.nix

     

       20
        
           ../../common/efi.nix

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       21
        
           

     

       22
        
           # Hardware-specific (commented out)

     

       23
        
           # ../../common/nvidia.nix

secrets/build-token.age

secrets/garage-admin-token.age

secrets/garage-metrics-token.age

secrets/garage-rpc-secret.age

secrets/headscale-authkey.age