This commit is contained in:
albert 2024-03-25 11:53:39 +09:00
parent dd2e858b64
commit 78c70dc4ef
No known key found for this signature in database
GPG key ID: 64F6C4EB46C4543A
6 changed files with 38 additions and 18 deletions

View file

@ -29,6 +29,12 @@ creation_rules:
- *host_framework-server - *host_framework-server
- *host_backups-rpi4 - *host_backups-rpi4
- path_regex: secrets\/containers\/rdesktop\.yaml$
key_groups:
- pgp:
- *user_albert
- *host_framework-server
- path_regex: secrets\/hosts\/milan-linode-01\.yaml$ - path_regex: secrets\/hosts\/milan-linode-01\.yaml$
key_groups: key_groups:
- pgp: - pgp:

View file

@ -59,18 +59,18 @@
milan-linode-01 = libx.mkHost { hostname = "milan-linode-01"; type = "small";}; milan-linode-01 = libx.mkHost { hostname = "milan-linode-01"; type = "small";};
framework-server = libx.mkHost { hostname = "framework-server"; }; framework-server = libx.mkHost { hostname = "framework-server"; };
nuc-server = libx.mkHost { hostname = "nuc-server"; }; nuc-server = libx.mkHost { hostname = "nuc-server"; };
nixos-desktop = libx.mkHost { hostname = "nixos-desktop"; unfree = true; desktop = "hyprland"; theme = "tokyo-night"; }; nixos-desktop = libx.mkHost { hostname = "nixos-desktop"; unfree = true; desktop = "hyprland"; theme = "tokyo-night"; };
nixos-framework = libx.mkHost { hostname = "nixos-framework"; unfree = true; desktop = "hyprland"; theme = "green"; }; nixos-framework = libx.mkHost { hostname = "nixos-framework"; unfree = true; desktop = "hyprland"; theme = "green"; };
backups-rpi4 = libx.mkHost { hostname = "backups-rpi4"; system = "aarch64-linux"; type = "small"; }; backups-rpi4 = libx.mkHost { hostname = "backups-rpi4"; system = "aarch64-linux"; type = "small"; };
piaware-rpi4 = libx.mkHost { hostname = "piaware-rpi4"; system = "aarch64-linux"; type = "small"; }; piaware-rpi4 = libx.mkHost { hostname = "piaware-rpi4"; system = "aarch64-linux"; type = "small"; };
quitman-rpi4 = libx.mkHost { hostname = "quitman-rpi4"; system = "aarch64-linux"; type = "small"; }; quitman-rpi4 = libx.mkHost { hostname = "quitman-rpi4"; system = "aarch64-linux"; type = "small"; };
}; };
homeConfigurations = { homeConfigurations = {
"albert@osaka-linode-01" = libx.mkHome { hostname = "osaka-linode-01"; }; "albert@osaka-linode-01" = libx.mkHome { hostname = "osaka-linode-01"; type = "small"; };
"albert@milan-linode-01" = libx.mkHome { hostname = "milan-linode-01"; }; "albert@milan-linode-01" = libx.mkHome { hostname = "milan-linode-01"; type = "small"; };
"albert@framework-server" = libx.mkHome { hostname = "framework-server"; }; "albert@framework-server" = libx.mkHome { hostname = "framework-server"; };
"albert@nuc-server" = libx.mkHome { hostname = "nuc-server"; }; "albert@nuc-server" = libx.mkHome { hostname = "nuc-server"; };
"albert@nixos-desktop" = libx.mkHome { hostname = "nixos-desktop"; desktop = "hyprland"; theme = "tokyo-night"; }; "albert@nixos-desktop" = libx.mkHome { hostname = "nixos-desktop"; desktop = "hyprland"; theme = "tokyo-night"; };
"albert@nixos-framework" = libx.mkHome { hostname = "nixos-framework"; desktop = "hyprland"; theme = "green"; }; "albert@nixos-framework" = libx.mkHome { hostname = "nixos-framework"; desktop = "hyprland"; theme = "green"; };
"albert@backups-rpi4" = libx.mkHome { hostname = "backups-rpi4"; system = "aarch64-linux"; type = "small"; }; "albert@backups-rpi4" = libx.mkHome { hostname = "backups-rpi4"; system = "aarch64-linux"; type = "small"; };
"albert@piaware-rpi4" = libx.mkHome { hostname = "piaware-rpi4"; system = "aarch64-linux"; type = "small"; }; "albert@piaware-rpi4" = libx.mkHome { hostname = "piaware-rpi4"; system = "aarch64-linux"; type = "small"; };

View file

@ -1,4 +1,4 @@
{ self, inputs, outputs, stateVersion, hmStateVersion , ... }: { { lib ? lib, self, inputs, outputs, stateVersion, hmStateVersion , ... }: {
deploy = { deploy = {
hostname, hostname,
system ? "x86_64-linux", system ? "x86_64-linux",
@ -44,7 +44,10 @@
pkgs-unstable ? import inputs.nixpkgs-unstable pkgs-unstable ? import inputs.nixpkgs-unstable
{ inherit system; config.allowUnfree = unfree; hostPlatform = system; } { inherit system; config.allowUnfree = unfree; hostPlatform = system; }
}: { }: {
bindMounts = import ../nixos/containers/${hostname}/mounts.nix; bindMounts = lib.mkMerge [
( import ../nixos/containers/mounts.nix )
( import ../nixos/containers/${hostname}/mounts.nix )
];
autoStart = true; autoStart = true;
privateNetwork = false; privateNetwork = false;
specialArgs = { inherit pkgs-unstable hostname username desktop theme system repo unfree stateVersion; }; specialArgs = { inherit pkgs-unstable hostname username desktop theme system repo unfree stateVersion; };

View file

@ -3,7 +3,22 @@
./${hostname} ./${hostname}
../users/${username} ../users/${username}
../common/modules/nixos.nix ../common/modules/nixos.nix
../common/modules/networking.nix ../common/modules/networking.nix
# Services
../common/services/promtail.nix
../common/services/telegraf.nix
../common/services/tailscale.nix
]; ];
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
# Set up the secrets file:
sops.secrets."tailscale_key" = {
owner = "root";
sopsFile = ../../../secrets/containers/${hostname}.yaml;
restartUnits = [
"tailscaled.service"
"tailscaled-autoconnect.service"
];
};
services.tailscale.authKeyFile = "/run/secrets/tailscale_key";
networking.hostName = "${hostname}"; networking.hostName = "${hostname}";
} }

View file

@ -1,7 +1,5 @@
{ "/etc/nixos/git" = {
"/etc/nixos/git" = { hostPath = "/etc/nixos/git";
hostPath = "/etc/nixos/git"; mountPoint = "/etc/nixos/git";
mountPoint = "/etc/nixos/git"; isReadOnly = false;
isReadOnly = false;
};
} }

View file

@ -1,9 +1,7 @@
{ self, inputs, outputs, stateVersion, hmStateVersion, pkgs, pkgs-unstable, ... }: { lib, self, inputs, outputs, stateVersion, hmStateVersion, pkgs, pkgs-unstable, ... }:
let let
libx = import ../../../lib { inherit self inputs outputs stateVersion hmStateVersion; }; libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; };
in { in {
# TODO: Set up Tailscale key
# Set up the bridge network: # Set up the bridge network:
containers = { containers = {
rdesktop = libx.mkContainer { hostname = "rdesktop"; unfree = true; repo = "nixpkgs-unstable"; desktop = "xfce"; }; rdesktop = libx.mkContainer { hostname = "rdesktop"; unfree = true; repo = "nixpkgs-unstable"; desktop = "xfce"; };