diff --git a/nixos/common/modules/remote-builders.nix b/nixos/common/modules/remote-builders.nix index 84c88558..80cce6a9 100644 --- a/nixos/common/modules/remote-builders.nix +++ b/nixos/common/modules/remote-builders.nix @@ -12,6 +12,5 @@ mandatoryFeatures = [ ]; } ]; - nix.distributedBuilds = true; nix.extraOptions = ''builders-use-substitutes = true''; } \ No newline at end of file diff --git a/nixos/hosts/nixos-rpi4-01/default.nix b/nixos/hosts/nixos-rpi4-01/default.nix index 66cf42eb..1f97177a 100644 --- a/nixos/hosts/nixos-rpi4-01/default.nix +++ b/nixos/hosts/nixos-rpi4-01/default.nix @@ -6,6 +6,8 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; + # Enable distributed Builds + nix.distributedBuilds = true; ##################################################################################### # BEGIN hardware config ##################################################################################### @@ -50,34 +52,4 @@ # Temporary # networking.firewall.allowedTCPPorts = [ 22 ]; - - # Set up the secrets file: - sops.secrets."wireguard_keys/osaka-vultr-01" = { - owner = "root"; - sopsFile = ../../../secrets/wireguard.yaml; - }; - sops.secrets."wireguard_keys/preshared_key" = { - owner = "root"; - sopsFile = ../../../secrets/wireguard.yaml; - }; - - # Wireguard Forwarder - networking.wireguard = { - enable = true; - interfaces = { - "wireguard0" = { - privateKeyFile = "/run/secrets/wireguard_keys/nixos-rpi4-01"; - # Testing - peers = [ - { # osaka-vultr-01 - publicKey = "yPZ3EmmIqCkReXf1DRTxzVaKQ2k+ifGmYJHji5nnMmE="; - persistentKeepalive = 5; - allowedIPs = [ "0.0.0.0/0" ]; - endpoint = "64.176.54.57:51820"; - presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key"; - } - ]; - }; - }; - }; } \ No newline at end of file diff --git a/nixos/hosts/nixos-rpi4-02/default.nix b/nixos/hosts/nixos-rpi4-02/default.nix index 2f39f252..60f380c8 100644 --- a/nixos/hosts/nixos-rpi4-02/default.nix +++ b/nixos/hosts/nixos-rpi4-02/default.nix @@ -5,6 +5,8 @@ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + # Enable distributed Builds + nix.distributedBuilds = true; ##################################################################################### # BEGIN hardware config ##################################################################################### diff --git a/nixos/hosts/nixos-rpi4-03/default.nix b/nixos/hosts/nixos-rpi4-03/default.nix index 4eae0eac..3b76f330 100644 --- a/nixos/hosts/nixos-rpi4-03/default.nix +++ b/nixos/hosts/nixos-rpi4-03/default.nix @@ -6,6 +6,8 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; + # Enable distributed Builds + nix.distributedBuilds = true; ##################################################################################### # BEGIN hardware config ##################################################################################### @@ -50,4 +52,34 @@ # Temporary # networking.firewall.allowedTCPPorts = [ 22 ]; + + # Set up the secrets file: + sops.secrets."wireguard_keys/osaka-vultr-03" = { + owner = "root"; + sopsFile = ../../../secrets/wireguard.yaml; + }; + sops.secrets."wireguard_keys/preshared_key" = { + owner = "root"; + sopsFile = ../../../secrets/wireguard.yaml; + }; + + # Wireguard Forwarder + networking.wireguard = { + enable = true; + interfaces = { + "wireguard0" = { + privateKeyFile = "/run/secrets/wireguard_keys/nixos-rpi4-03"; + # Testing + peers = [ + { # osaka-vultr-01 + publicKey = "yPZ3EmmIqCkReXf1DRTxzVaKQ2k+ifGmYJHji5nnMmE="; + persistentKeepalive = 5; + allowedIPs = [ "0.0.0.0/0" ]; + endpoint = "64.176.54.57:51820"; + presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key"; + } + ]; + }; + }; + }; } \ No newline at end of file diff --git a/nixos/hosts/osaka-vultr-01/default.nix b/nixos/hosts/osaka-vultr-01/default.nix index 8eb19130..bf4205ee 100644 --- a/nixos/hosts/osaka-vultr-01/default.nix +++ b/nixos/hosts/osaka-vultr-01/default.nix @@ -2,6 +2,9 @@ imports = [ ./disks.nix ]; + # Enable distributed Builds + nix.distributedBuilds = true; + nixpkgs.config.allowUnfree = false; boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "virtio_pci" "virtio_blk" "sr_mod" ]; @@ -41,7 +44,7 @@ privateKeyFile = "/run/secrets/wireguard_keys/osaka-vultr-01"; # Testing peers = [ - { # nixos-rpi4-01 + { # nixos-rpi4-03 publicKey = "trHvfNtQ7HKMiJjxEXo2Iubq5G6egjx7gHiBlDmJ5Ek="; allowedIPs = [ "10.100.0.2/32" ]; persistentKeepalive = 5; diff --git a/nixos/small.nix b/nixos/small.nix index a5fe0078..749abd92 100644 --- a/nixos/small.nix +++ b/nixos/small.nix @@ -6,6 +6,9 @@ # Services ./common/services/openssh.nix ./common/services/fail2ban.nix + ./common/services/tailscale.nix + ./common/services/promtail.nix + ./common/services/telegraf.nix # NixOS Modules ./common/modules/networking.nix # Initial Networking configs diff --git a/secrets/wireguard.yaml b/secrets/wireguard.yaml index 1f605516..1509a090 100644 --- a/secrets/wireguard.yaml +++ b/secrets/wireguard.yaml @@ -1,6 +1,6 @@ wireguard_keys: preshared_key: ENC[AES256_GCM,data:yt61mO1KEyZbElTu8an1oWcapY6ufz64NQvSYKk7GdLVQCh63kpSGRfrqXc=,iv:hJt2oanEYp9uD57qK3l86hHSdAaW4UPpaeosMnlOUKE=,tag:iix3Zd6ivNy6qh7lqhtsOQ==,type:str] - nixos-rpi4-01: ENC[AES256_GCM,data:82xdm0quC/VGrWU6GZGXGplrKn4Wu0yTzgHWfpgjke4C3KlsqhSrX4DqXfw=,iv:qTMuBUr8XLlG5J+Koh7G4vArrYmj/FcNs3TFqX68sRc=,tag:EsSPYkoSU1w7OmLmh51Kow==,type:str] + nixos-rpi4-03: ENC[AES256_GCM,data:82xdm0quC/VGrWU6GZGXGplrKn4Wu0yTzgHWfpgjke4C3KlsqhSrX4DqXfw=,iv:qTMuBUr8XLlG5J+Koh7G4vArrYmj/FcNs3TFqX68sRc=,tag:EsSPYkoSU1w7OmLmh51Kow==,type:str] osaka-vultr-01: ENC[AES256_GCM,data:GsUCoViT/fDUXwzwuEUEd98aZJSfwwOVpY3iiopZPUfEpOTOOAwy05zRlfE=,iv:gzQq62HYNrnc32MggfupZ6uX4qfismpha7Nc+ySyvdU=,tag:K04ePrcP2z4sIoLvHNMSpg==,type:str] sops: kms: []