commit 2ba4eea37f7cffd0ba2b0ff3ed7bc1ebdf479630 · nekomimi.pet/nixcfg

-10

README.md

··· 35 35 - Vaultwarden password manager 36 36 - Beszel 37 37 38 - ### 🥧 Morax (Raspberry Pi 4) 39 - **Hardware**: Raspberry Pi 4 40 - 41 - **Services**: 42 - - Pi-hole DNS filtering 43 - - Speedtest monitoring (every 10 minutes) 44 - - Headscale connection 45 - 46 - **Notes**: Direct gigabit connection from router - looking to add more services to utilize bandwidth 47 - 48 38 ### 🍎 Gabriel 49 39 **Hardware**: M4 16gb Mac Mini 50 40

+3 -1

common/services.nix

··· 1 - { config, pkgs, ... }: 1 + { config, pkgs, lib, ... }: 2 2 { 3 3 # system packages + services 4 4 environment.systemPackages = with pkgs; [ ··· 21 21 services.printing.enable = true; 22 22 services.tailscale.enable = true; 23 23 services.tailscale.useRoutingFeatures = "both"; 24 + services.tailscale.authKeyFile = lib.mkIf (config ? age && config.age ? secrets) 25 + config.age.secrets."headscale-authkey".path; 24 26 }

+4 -41

flake.nix

··· 45 45 system = "x86_64-linux"; 46 46 }; 47 47 modules = [ 48 + agenix.nixosModules.default 49 + 48 50 ./hosts/focalor 49 51 lix-module.nixosModules.default 50 - 51 - /*microvm.nixosModules.host 52 - { 53 - microvm.autostart = [ 54 - "windows" 55 - ]; 56 - }*/ 57 - 58 52 vscode-server.nixosModules.default 59 - agenix.nixosModules.default 60 - 61 53 catppuccin.nixosModules.catppuccin 62 - 63 54 home-manager.nixosModules.home-manager 64 55 { 65 56 home-manager.useGlobalPkgs = true; ··· 83 74 system = "x86_64-linux"; 84 75 }; 85 76 modules = [ 77 + agenix.nixosModules.default 78 + 86 79 ./hosts/valefar 87 80 lix-module.nixosModules.default 88 - 89 81 vscode-server.nixosModules.default 90 - agenix.nixosModules.default 91 82 microvm.nixosModules.host 92 83 93 84 { imports = builtins.attrValues nixosModules; } ··· 106 97 agenix.nixosModules.default 107 98 ]; 108 99 }; 109 - 110 - morax = nixpkgs.lib.nixosSystem { 111 - system = "aarch64-linux"; 112 - specialArgs = { 113 - inherit inputs; 114 - system = "aarch64-linux"; 115 - }; 116 - modules = [ 117 - ./hosts/morax 118 - nixos-hardware.nixosModules.raspberry-pi-4 119 - 120 - agenix.nixosModules.default 121 - { imports = builtins.attrValues nixosModules; } 122 - ]; 123 - }; 124 - 125 - 126 - # Easy to add more hosts 127 - /* 128 - server2 = nixpkgs.lib.nixosSystem { 129 - system = "x86_64-linux"; 130 - modules = [ 131 - ./hosts/server2 132 - agenix.nixosModules.default 133 - # different services for server2 134 - ]; 135 - }; 136 - */ 137 100 }; 138 101 }; 139 102 }

-56

hosts/morax/default.nix

··· 1 - { config, lib, pkgs, modulesPath, inputs, ... }: 2 - 3 - { 4 - imports = [ 5 - ./hardware.nix 6 - ./secrets.nix 7 - 8 - ../../common/system.nix 9 - ../../common/users.nix 10 - ../../common/services.nix 11 - ../../host-secrets.nix 12 - ]; 13 - 14 - # Enable modules 15 - modules.caddy.enable = true; 16 - modules.garage.enable = true; 17 - 18 - modules.caddy = { 19 - email = "ana@nekomimi.pet"; 20 - reverseProxies = { 21 - "s3.nkp.pet" = ["valefar:3900" "morax:3900"]; 22 - }; 23 - }; 24 - 25 - system.stateVersion = "25.05"; 26 - 27 - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; 28 - hardware.enableRedistributableFirmware = true; 29 - hardware.enableAllHardware = lib.mkForce false; #https://github.com/NixOS/nixpkgs/issues/154163#issuecomment-2868994145 30 - 31 - networking = { 32 - hostName = "morax"; 33 - hostId = "2631a44a"; 34 - firewall.enable = false; 35 - defaultGateway = { 36 - address = "10.0.0.1"; 37 - interface = "eth0"; 38 - }; 39 - nameservers = [ "1.1.1.1" ]; 40 - interfaces.eth0 = { 41 - ipv4.addresses = [{ 42 - address = "10.0.0.210"; 43 - prefixLength = 24; 44 - }]; 45 - }; 46 - }; 47 - 48 - environment.systemPackages = with pkgs; [ 49 - inputs.agenix.packages.aarch64-linux.default 50 - ]; 51 - 52 - virtualisation.docker = { 53 - enable = true; 54 - enableOnBoot = true; 55 - }; 56 - }

-39

hosts/morax/hardware.nix

··· 1 - # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 - # and may be overwritten by future invocations. Please make changes 3 - # to /etc/nixos/configuration.nix instead. 4 - { config, lib, pkgs, modulesPath, ... }: 5 - 6 - { 7 - imports = 8 - [ (modulesPath + "/installer/scan/not-detected.nix") 9 - ]; 10 - 11 - boot.initrd.availableKernelModules = [ "xhci_pci" ]; 12 - boot.initrd.kernelModules = [ ]; 13 - boot.kernelModules = [ ]; 14 - boot.extraModulePackages = [ ]; 15 - 16 - fileSystems."/" = 17 - { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; 18 - fsType = "ext4"; 19 - }; 20 - 21 - fileSystems."/garage" = { 22 - device = "/dev/sda1"; 23 - fsType = "ext4"; 24 - }; 25 - 26 - swapDevices = [ ]; 27 - 28 - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 29 - # (the default) this is the recommended approach. When using systemd-networkd it's 30 - # still possible to use this option, but it's recommended to use it in conjunction 31 - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 32 - networking.useDHCP = lib.mkDefault true; 33 - # networking.interfaces.docker0.useDHCP = lib.mkDefault true; 34 - # networking.interfaces.eth0.useDHCP = lib.mkDefault true; 35 - # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true; 36 - # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; 37 - 38 - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; 39 - }

-3

hosts/morax/secrets.nix

··· 1 - { 2 - 3 - }

+3 -3

hosts/valefar/default.nix

··· 9 9 ./hardware.nix 10 10 ./secrets.nix 11 11 ../../common/nvidia.nix 12 + 13 + # Common secrets 14 + ../../host-secrets.nix 12 15 13 16 # Common modules shared across hosts 14 17 ../../common/system.nix 15 18 ../../common/users.nix 16 19 ../../common/services.nix 17 20 ../../common/efi.nix 18 - 19 - # Common secrets 20 - ../../host-secrets.nix 21 21 22 22 # Hardware-specific (commented out) 23 23 # ../../common/nvidia.nix

secrets/build-token.age

secrets/garage-admin-token.age

secrets/garage-metrics-token.age

secrets/garage-rpc-secret.age

secrets/headscale-authkey.age