diff --git a/nixos/hosts/nixos-rpi4-01/default.nix b/nixos/hosts/nixos-rpi4-01/default.nix index 4a420184..34b3cf3a 100644 --- a/nixos/hosts/nixos-rpi4-01/default.nix +++ b/nixos/hosts/nixos-rpi4-01/default.nix @@ -6,41 +6,42 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; + ##################################################################################### + # BEGIN hardware config + ##################################################################################### # Use the extlinux boot loader. (NixOS wants to enable GRUB by default) boot.loader.grub.enable = false; # Enables the generation of /boot/extlinux/extlinux.conf boot.loader.generic-extlinux-compatible.enable = true; - # networking.hostName = "nixos"; # Define - boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; + fileSystems."/" = { + device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; fsType = "ext4"; }; swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; - # networking.interfaces.end0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; - networking.hostName = "nixos-rpi4-01"; - - # Generic Tailscale configs are in /nixos/common/services/tailscale.nix + ##################################################################################### + # END hardware config + ##################################################################################### + + # Generic Tailscale configs are in /nixos/common/services/tailscale.nix # Set up the secrets file for the token: + sops.secrets.nixos-rpi4-01_tailscale_key = { + owner = "root"; + sopsFile = ../../../secrets/secrets.yaml; + restartUnits = [ "tailscaled.service" ]; + }; services.tailscale.authKeyFile = "/run/secrets/nixos-rpi4-01_tailscale_key"; + services.tailscale.extraUpFlags = [ "--advertise-exit-node" ]; # Temporary networking.firewall.allowedTCPPorts = [ 22 ];