test
This commit is contained in:
parent
dd2e858b64
commit
78c70dc4ef
6 changed files with 38 additions and 18 deletions
|
@ -29,6 +29,12 @@ creation_rules:
|
||||||
- *host_framework-server
|
- *host_framework-server
|
||||||
- *host_backups-rpi4
|
- *host_backups-rpi4
|
||||||
|
|
||||||
|
- path_regex: secrets\/containers\/rdesktop\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *user_albert
|
||||||
|
- *host_framework-server
|
||||||
|
|
||||||
- path_regex: secrets\/hosts\/milan-linode-01\.yaml$
|
- path_regex: secrets\/hosts\/milan-linode-01\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp:
|
- pgp:
|
||||||
|
|
10
flake.nix
10
flake.nix
|
@ -59,18 +59,18 @@
|
||||||
milan-linode-01 = libx.mkHost { hostname = "milan-linode-01"; type = "small";};
|
milan-linode-01 = libx.mkHost { hostname = "milan-linode-01"; type = "small";};
|
||||||
framework-server = libx.mkHost { hostname = "framework-server"; };
|
framework-server = libx.mkHost { hostname = "framework-server"; };
|
||||||
nuc-server = libx.mkHost { hostname = "nuc-server"; };
|
nuc-server = libx.mkHost { hostname = "nuc-server"; };
|
||||||
nixos-desktop = libx.mkHost { hostname = "nixos-desktop"; unfree = true; desktop = "hyprland"; theme = "tokyo-night"; };
|
nixos-desktop = libx.mkHost { hostname = "nixos-desktop"; unfree = true; desktop = "hyprland"; theme = "tokyo-night"; };
|
||||||
nixos-framework = libx.mkHost { hostname = "nixos-framework"; unfree = true; desktop = "hyprland"; theme = "green"; };
|
nixos-framework = libx.mkHost { hostname = "nixos-framework"; unfree = true; desktop = "hyprland"; theme = "green"; };
|
||||||
backups-rpi4 = libx.mkHost { hostname = "backups-rpi4"; system = "aarch64-linux"; type = "small"; };
|
backups-rpi4 = libx.mkHost { hostname = "backups-rpi4"; system = "aarch64-linux"; type = "small"; };
|
||||||
piaware-rpi4 = libx.mkHost { hostname = "piaware-rpi4"; system = "aarch64-linux"; type = "small"; };
|
piaware-rpi4 = libx.mkHost { hostname = "piaware-rpi4"; system = "aarch64-linux"; type = "small"; };
|
||||||
quitman-rpi4 = libx.mkHost { hostname = "quitman-rpi4"; system = "aarch64-linux"; type = "small"; };
|
quitman-rpi4 = libx.mkHost { hostname = "quitman-rpi4"; system = "aarch64-linux"; type = "small"; };
|
||||||
};
|
};
|
||||||
homeConfigurations = {
|
homeConfigurations = {
|
||||||
"albert@osaka-linode-01" = libx.mkHome { hostname = "osaka-linode-01"; };
|
"albert@osaka-linode-01" = libx.mkHome { hostname = "osaka-linode-01"; type = "small"; };
|
||||||
"albert@milan-linode-01" = libx.mkHome { hostname = "milan-linode-01"; };
|
"albert@milan-linode-01" = libx.mkHome { hostname = "milan-linode-01"; type = "small"; };
|
||||||
"albert@framework-server" = libx.mkHome { hostname = "framework-server"; };
|
"albert@framework-server" = libx.mkHome { hostname = "framework-server"; };
|
||||||
"albert@nuc-server" = libx.mkHome { hostname = "nuc-server"; };
|
"albert@nuc-server" = libx.mkHome { hostname = "nuc-server"; };
|
||||||
"albert@nixos-desktop" = libx.mkHome { hostname = "nixos-desktop"; desktop = "hyprland"; theme = "tokyo-night"; };
|
"albert@nixos-desktop" = libx.mkHome { hostname = "nixos-desktop"; desktop = "hyprland"; theme = "tokyo-night"; };
|
||||||
"albert@nixos-framework" = libx.mkHome { hostname = "nixos-framework"; desktop = "hyprland"; theme = "green"; };
|
"albert@nixos-framework" = libx.mkHome { hostname = "nixos-framework"; desktop = "hyprland"; theme = "green"; };
|
||||||
"albert@backups-rpi4" = libx.mkHome { hostname = "backups-rpi4"; system = "aarch64-linux"; type = "small"; };
|
"albert@backups-rpi4" = libx.mkHome { hostname = "backups-rpi4"; system = "aarch64-linux"; type = "small"; };
|
||||||
"albert@piaware-rpi4" = libx.mkHome { hostname = "piaware-rpi4"; system = "aarch64-linux"; type = "small"; };
|
"albert@piaware-rpi4" = libx.mkHome { hostname = "piaware-rpi4"; system = "aarch64-linux"; type = "small"; };
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ self, inputs, outputs, stateVersion, hmStateVersion , ... }: {
|
{ lib ? lib, self, inputs, outputs, stateVersion, hmStateVersion , ... }: {
|
||||||
deploy = {
|
deploy = {
|
||||||
hostname,
|
hostname,
|
||||||
system ? "x86_64-linux",
|
system ? "x86_64-linux",
|
||||||
|
@ -44,7 +44,10 @@
|
||||||
pkgs-unstable ? import inputs.nixpkgs-unstable
|
pkgs-unstable ? import inputs.nixpkgs-unstable
|
||||||
{ inherit system; config.allowUnfree = unfree; hostPlatform = system; }
|
{ inherit system; config.allowUnfree = unfree; hostPlatform = system; }
|
||||||
}: {
|
}: {
|
||||||
bindMounts = import ../nixos/containers/${hostname}/mounts.nix;
|
bindMounts = lib.mkMerge [
|
||||||
|
( import ../nixos/containers/mounts.nix )
|
||||||
|
( import ../nixos/containers/${hostname}/mounts.nix )
|
||||||
|
];
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
privateNetwork = false;
|
privateNetwork = false;
|
||||||
specialArgs = { inherit pkgs-unstable hostname username desktop theme system repo unfree stateVersion; };
|
specialArgs = { inherit pkgs-unstable hostname username desktop theme system repo unfree stateVersion; };
|
||||||
|
|
|
@ -3,7 +3,22 @@
|
||||||
./${hostname}
|
./${hostname}
|
||||||
../users/${username}
|
../users/${username}
|
||||||
../common/modules/nixos.nix
|
../common/modules/nixos.nix
|
||||||
../common/modules/networking.nix
|
../common/modules/networking.nix
|
||||||
|
# Services
|
||||||
|
../common/services/promtail.nix
|
||||||
|
../common/services/telegraf.nix
|
||||||
|
../common/services/tailscale.nix
|
||||||
];
|
];
|
||||||
|
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
|
||||||
|
# Set up the secrets file:
|
||||||
|
sops.secrets."tailscale_key" = {
|
||||||
|
owner = "root";
|
||||||
|
sopsFile = ../../../secrets/containers/${hostname}.yaml;
|
||||||
|
restartUnits = [
|
||||||
|
"tailscaled.service"
|
||||||
|
"tailscaled-autoconnect.service"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
services.tailscale.authKeyFile = "/run/secrets/tailscale_key";
|
||||||
networking.hostName = "${hostname}";
|
networking.hostName = "${hostname}";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,5 @@
|
||||||
{
|
"/etc/nixos/git" = {
|
||||||
"/etc/nixos/git" = {
|
hostPath = "/etc/nixos/git";
|
||||||
hostPath = "/etc/nixos/git";
|
mountPoint = "/etc/nixos/git";
|
||||||
mountPoint = "/etc/nixos/git";
|
isReadOnly = false;
|
||||||
isReadOnly = false;
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,7 @@
|
||||||
{ self, inputs, outputs, stateVersion, hmStateVersion, pkgs, pkgs-unstable, ... }:
|
{ lib, self, inputs, outputs, stateVersion, hmStateVersion, pkgs, pkgs-unstable, ... }:
|
||||||
let
|
let
|
||||||
libx = import ../../../lib { inherit self inputs outputs stateVersion hmStateVersion; };
|
libx = import ../../../lib { inherit lib self inputs outputs stateVersion hmStateVersion; };
|
||||||
in {
|
in {
|
||||||
# TODO: Set up Tailscale key
|
|
||||||
|
|
||||||
# Set up the bridge network:
|
# Set up the bridge network:
|
||||||
containers = {
|
containers = {
|
||||||
rdesktop = libx.mkContainer { hostname = "rdesktop"; unfree = true; repo = "nixpkgs-unstable"; desktop = "xfce"; };
|
rdesktop = libx.mkContainer { hostname = "rdesktop"; unfree = true; repo = "nixpkgs-unstable"; desktop = "xfce"; };
|
||||||
|
|
Loading…
Reference in a new issue