Spaenny/nix-config
Spaenny/nix-config
1
0
Fork 0
Code Activity

host(aquarius): remove old host, and add new host aquarius

Browse source
This commit is contained in:
Philipp 2025-09-27 16:53:36 +02:00
parent 3e4903361c
commit 46a8141cc4
Signed by: Philipp
GPG key ID: B27C3DE2FD94AFC3
8 changed files with 89 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.sops.yaml
View file

@ -29,3 +29,7 @@ creation_rules:
key_groups: key_groups:
- age: - age:
- *primary - *primary
- path_regex: secrets/aquarius-wg.yaml
key_groups:
- age:
- *primary

1
modules/home/cli-apps/fish/default.nix
View file

@ -22,6 +22,7 @@ in
shellAliases = { shellAliases = {
nix-dns = "nixos-rebuild switch --flake ${flakeRoot}/.#dns --target-host dns-1 --sudo --ask-sudo-password && nixos-rebuild switch --flake ${flakeRoot}/.#dns --target-host dns-2 --sudo --ask-sudo-password"; nix-dns = "nixos-rebuild switch --flake ${flakeRoot}/.#dns --target-host dns-1 --sudo --ask-sudo-password && nixos-rebuild switch --flake ${flakeRoot}/.#dns --target-host dns-2 --sudo --ask-sudo-password";
nix-blarm = "nixos-rebuild switch --flake ${flakeRoot}/.#blarm --target-host blarm --sudo --ask-sudo-password"; nix-blarm = "nixos-rebuild switch --flake ${flakeRoot}/.#blarm --target-host blarm --sudo --ask-sudo-password";
nix-aquarius = "nixos-rebuild switch --flake ${flakeRoot}/.#aquarius --target-host aquarius --sudo --ask-sudo-password";
cd = "z"; cd = "z";
ls = "exa --icons"; ls = "exa --icons";
l = "exa"; l = "exa";

9
overlays/cinny/default.nix
View file

@ -8,16 +8,17 @@ final: prev: {
awesome-flake = (prev.awesome-flake or { }) // { awesome-flake = (prev.awesome-flake or { }) // {
cinny = prev.cinny-unwrapped.overrideAttrs (_old: rec { cinny = prev.cinny-unwrapped.overrideAttrs (_old: rec {
pname = "cinny-unwrapped"; pname = "cinny-unwrapped";
version = "65475050d76d6e8da8c3402528215b1425e8ed4e"; version = "76ac4e298733e67dbfcd3f0c3a4bae169cd521dd";
src = final.fetchFromGitHub { src = final.fetchFromGitHub {
owner = "GigiaJ"; #owner = "GigiaJ";
owner = "cinnyapp";
repo = "cinny"; repo = "cinny";
rev = version; rev = version;
hash = "sha256-kJZDc53mcJrGIw3Dl4ANq+1O5O2p0tcO2btQGNGRg4A="; hash = "sha256-tvBaONJwfkCK77aHmWJ/UAAZHq2WIc7geNT2tEFKuZ0=";
}; };
npmDepsHash = "sha256-GkD+CrblXBv7yPVrTBVIGkz7Wu5llWzlluNq7rmm3CE="; npmDepsHash = "sha256-9faffTlXEI1lMrVrkSyso/tfjs/4W+TVzmiv+bZAv18=";
npmDeps = final.fetchNpmDeps { npmDeps = final.fetchNpmDeps {
inherit src; inherit src;
name = "${pname}-${version}-npm-deps"; name = "${pname}-${version}-npm-deps";

18
secrets/aquarius-wg.yaml Normal file
View file

@ -0,0 +1,18 @@
privateKey: ENC[AES256_GCM,data:WtmzHDKRbqbJJ3VXKqqKnqKTcvVDV+yFgFfeKxLv+UErOiEBgqtDhKEs0Io=,iv:admaUfhhKLlu58wKpRvgyGSqOsiY82ix2xJgT0GL8Xs=,tag:eP9Ka0jo2BYxZX0w7eKGqA==,type:str]
publicKey: ENC[AES256_GCM,data://Kq875vV3gpE3tbMRVt/q7m5LqPRXOka8fzoA2oZzglfE1xtS/kAMPMR44=,iv:5fLk4lBTHwIcGiAM325ykceViCBwRHFLnxZkcqm3Ao4=,tag:g6R0ZSRa2m9JNB2UH3JIJg==,type:str]
presharedKey: ENC[AES256_GCM,data:EpOJCMzi1XHDbbqdEB+SoC/6LxkHwxZ2DxQINBnGhjXl6JhNYswqTWQuFVU=,iv:GFcxLghV+SQMaJ5J4bQOBPGDQatkSwPLtx57wlWaB+8=,tag:2ofR6eSplwLwe/vYyGyrLg==,type:str]
sops:
age:
- recipient: age132m0pg4utk3cjve2lgcjffvz7cevl0fq5krufu9sgud7wu2wgurqk49kgl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0QWtnVkU1QnVyUU9ROHpO
WWp5TU1rTSt6aUlMOHczTXhXTmpUeDIvcDB3CnRRdk5BTnRWOUZiK0R1L0NUNHBn
L3FVNnFTbEVmQ2lHUlZwZFJyUWtFRVUKLS0tIFhPcUoxbXgrd3FWYmJMU2ZUTXFv
ekZnYTVDS1habTBpSUtOaURWTFBxRU0KblHpvcdwLANZdxUmT4hDQqooPXDiRvH1
f8qVPOVveoOBzmoN9HN08TFbQcwZ6YM0IQggxdtMyhZk/qyhy+CqNw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-02T12:06:55Z"
mac: ENC[AES256_GCM,data:T9trFCzxJm3eINbuJIDN04feEHViZz6yiaA59yf9+WyJrLB467DagDc4Qv90vdRJXzakwZSYvprDtglrVReT+Wg2GLdVtNIZmPEaLrfpfBgVaBCEZch48dOh+Ytgc09f95ecyXJV/2xNLBtW8YUs3JZsIAcJQTOOrLLhhPjj96A=,iv:wrwIeLhEsN6LFpO/6RF+DE343xdFhshd4TSeF+le+m8=,tag:rNXmYSJsStd5HeDCgtKSRQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

26
systems/aarch64-linux/blarm/default.nix → systems/aarch64-linux/aquarius/default.nix
View file

@ -19,13 +19,17 @@ with lib.${namespace};
generic-extlinux-compatible.enable = true; generic-extlinux-compatible.enable = true;
}; };
nix.settings.experimental-features = [ nix.settings = {
"nix-command" trusted-users = [ "philipp" ];
"flakes" experimental-features = [
]; "nix-command"
"flakes"
];
};
# Disable detailed ddocumentation # Disable detailed ddocumentation
documentation.nixos.enable = false; documentation.nixos.enable = false;
documentation.man.generateCaches = false;
# Set your time zone. # Set your time zone.
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
@ -38,7 +42,6 @@ with lib.${namespace};
description = "Philipp Böhm"; description = "Philipp Böhm";
extraGroups = [ extraGroups = [
"wheel" "wheel"
"caddy"
]; ];
}; };
@ -50,16 +53,15 @@ with lib.${namespace};
}; };
}; };
services.openssh.settings.PasswordAuthentication = false;
services.openssh.settings.PermitRootLogin = "no";
services.cron = enabled;
awesome-flake = { awesome-flake = {
services = { services = {
ssh = enabled; ssh = enabled;
caddy = enabled; technitium-dns-server = enabled;
restic = enabled;
};
container = {
technitium = enabled;
invidious = enabled;
}; };
system.sops = enabled; system.sops = enabled;

46
systems/aarch64-linux/aquarius/networking.nix Normal file
View file

@ -0,0 +1,46 @@
{
networking = {
hostName = "aquarius";
networkmanager.enable = false;
dhcpcd.enable = true;
interfaces.end0.useDHCP = true;
firewall = {
enable = true;
allowedUDPPorts = [ 51820 ];
};
wireguard = {
enable = true;
interfaces."wg0" = {
ips = [ "192.168.100.10/24" "fd00:100::10/64" ];
listenPort = 51820;
mtu = 1400;
privateKeyFile = "/run/secrets/privateKey";
peers = [
{
publicKey = "ylsjhpKiq3B6Kv4q2uiHXUJpyxY2b1DOAlGc/FWdflQ=";
presharedKeyFile = "/run/secrets/presharedKey";
allowedIPs = [ "192.168.100.1/32" "fd00:100::1/128" ];
endpoint = "neuruppin.boehm.sh:51820";
persistentKeepalive = 25;
}
];
};
};
};
sops.secrets = {
privateKey = {
sopsFile = ../../../secrets/aquarius-wg.yaml;
key = "privateKey";
};
presharedKey = {
sopsFile = ../../../secrets/aquarius-wg.yaml;
key = "presharedKey";
};
};
}

33
systems/aarch64-linux/blarm/networking.nix
View file

@ -1,33 +0,0 @@
{
networking = {
hostName = "blarm";
firewall.enable = false;
networkmanager.enable = false;
dhcpcd.enable = true;
defaultGateway.address = "192.168.1.1";
interfaces.end0 = {
useDHCP = true;
ipv4.addresses = [
{
address = "192.168.1.251";
prefixLength = 32;
}
{
address = "192.168.1.202";
prefixLength = 32;
}
];
ipv6.addresses = [
{
address = "fd00:192:168:1::202";
prefixLength = 64;
}
{
address = "fd00:192:168:1::251";
prefixLength = 64;
}
];
};
};
}

4
systems/x86_64-linux/blarm/default.nix
View file

@ -7,9 +7,7 @@
}: }:
with lib.${namespace}; with lib.${namespace};
{ {
imports = [ imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ];
(modulesPath + "/virtualisation/proxmox-lxc.nix")
];
nix.settings = { nix.settings = {
trusted-users = [ "philipp" ]; trusted-users = [ "philipp" ];