Add config for outpost

2025-06-10 22:51:08 -05:00 · 2025-06-10 22:51:08 -05:00 · 4ee0f79bc9
parent 535b8c5230
commit 4ee0f79bc9
5 changed files with 120 additions and 37 deletions
--- a/features/base.nix
+++ b/features/base.nix
@ -1,6 +1,5 @@
 { pkgs, ... }: {
  users.mutableUsers = false;
-  nixpkgs.config.allowUnfree = true;

  networking.wireless.enable = false; # For some reason this is needed all of the time

--- a/flake.lock
+++ b/flake.lock
@ -2,7 +2,9 @@
  "nodes": {
    "disko": {
      "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": [
+          "nixpkgs"
+        ]
      },
      "locked": {
        "lastModified": 1736864502,
@ -14,7 +16,7 @@
      },
      "original": {
        "owner": "nix-community",
-        "ref": "v1.11.0",
+        "ref": "latest",
        "repo": "disko",
        "type": "github"
      }
@ -133,17 +135,17 @@
    "mlaga97-home-manager": {
      "inputs": {
        "home-manager": "home-manager_2",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
        "nixpkgs-unstable": "nixpkgs-unstable"
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-oKpqiYEEMrno6/Cx7kk3FSIeshwyhmm29jppwTEcbMY=",
-        "path": "/nix/store/4nfp193ifb272bqfln8bwi788vkqs0p5-source/modules/mlaga97-home-manager",
+        "narHash": "sha256-pYpD+mKj2FS//91FsFc7YfemYBNLrFwXev9v3Q4JUEo=",
+        "path": "/nix/store/rm2bwhpxralxzakij7s6mcgbhcn9a5gx-source/modules/mlaga97-home-manager",
        "type": "path"
      },
      "original": {
-        "path": "/nix/store/4nfp193ifb272bqfln8bwi788vkqs0p5-source/modules/mlaga97-home-manager",
+        "path": "/nix/store/rm2bwhpxralxzakij7s6mcgbhcn9a5gx-source/modules/mlaga97-home-manager",
        "type": "path"
      }
    },
@ -186,16 +188,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1736241350,
-        "narHash": "sha256-CHd7yhaDigUuJyDeX0SADbTM9FXfiWaeNyY34FL1wQU=",
+        "lastModified": 1741332913,
+        "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "8c9fd3e564728e90829ee7dbac6edc972971cd0f",
+        "rev": "20755fa05115c84be00b04690630cb38f0a203ad",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
+        "ref": "nixos-24.11",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -233,22 +235,6 @@
      }
    },
    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1741332913,
-        "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "20755fa05115c84be00b04690630cb38f0a203ad",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_3": {
      "locked": {
        "lastModified": 1735531152,
        "narHash": "sha256-As8I+ebItDKtboWgDXYZSIjGlKeqiLBvjxsQHUmAf1Q=",
@ -264,7 +250,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_4": {
+    "nixpkgs_3": {
      "locked": {
        "lastModified": 1,
        "narHash": "sha256-QJFvxzBCZHVjWApIe4KaxC3gRd5d1QgDT3xJNetMwVE=",
@ -283,7 +269,7 @@
        "lix-module": "lix-module",
        "mlaga97-home-manager": "mlaga97-home-manager",
        "nixos-generators": "nixos-generators",
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_2",
        "nixpkgs-unstable": "nixpkgs-unstable_2",
        "waveforms": "waveforms"
      }
@ -305,7 +291,7 @@
    },
    "waveforms": {
      "inputs": {
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
        "lastModified": 1722915115,
--- a/flake.nix
+++ b/flake.nix
@ -27,8 +27,9 @@
    lix-module.url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz";
    lix-module.inputs.nixpkgs.follows = "nixpkgs";

-    # Installers
-    disko.url = "github:nix-community/disko/v1.11.0";
+    disko.url = "github:nix-community/disko/latest";
+    disko.inputs.nixpkgs.follows = "nixpkgs";
+
    nixos-generators.url = "github:nix-community/nixos-generators/7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565";
    nixos-generators.inputs.nixpkgs.follows = "nixpkgs";

@ -48,7 +49,10 @@
    locale = "en_US.UTF-8";
    stateVersion = "24.11";

-    pkgs = import nixpkgs {inherit system; };
+    pkgs = import nixpkgs {
+      inherit system;
+      config.allowUnfree = true;
+    };
    pkgs-unstable = import nixpkgs-unstable {
      inherit system;
      config.allowUnfree = true;
@ -73,14 +77,17 @@
    }];

    # TODO: Surely a better way, no?
-    inherited_modules = [
+    inherited_modules_lite = [
      {
        time.timeZone = timezone;
        system.stateVersion = stateVersion;
      }

-      lix-module.nixosModules.default
      home-manager.nixosModules.home-manager
+    ];
+
+    inherited_modules = inherited_modules_lite ++ [
+      lix-module.nixosModules.default
      waveforms.nixosModule
      disko.nixosModules.default
    ];
@ -130,7 +137,7 @@
        modules = iso_modules ++ [
          {
            networking.hostName = "ll-nixos-base";
-            home-manager.users."lauren_lagarde" = { config, ... }: {
+            home-manager.users."lauren_lagarde" = { config, pkgs-unstable, ... }: {
              imports = inputs.mlaga97-home-manager.homeManagerModules."lauren_lagarde@ll-latitude-e5591";
            };
          }
@ -204,6 +211,15 @@
        ] ++ inherited_modules;
        specialArgs = { inherit inputs pkgs-unstable; };
      };
+
+      outpost-sdcard = nixos-generators.nixosGenerate {
+        system = "aarch64-linux";
+        format = "sd-aarch64";
+        modules = pi_modules ++ [
+          ./systems/outpost.nix
+        ] ++ inherited_modules_lite;
+        specialArgs = { inherit inputs pkgs-unstable; };
+      };
    };

    packages.x86_64-linux = {
@ -220,7 +236,8 @@
        modules = iso_modules ++ [
          {
            networking.hostName = "ll-nixos";
-            home-manager.users."lauren_lagarde" = { config, ... }: {
+            home-manager.users."lauren_lagarde" = {
+              nixpkgs.config.allowUnfree = true;
              imports = inputs.mlaga97-home-manager.homeManagerModules."lauren_lagarde@ll-latitude-e5591";
            };
          }
@ -238,6 +255,7 @@
          {
            networking.hostName = "ll-nixos";
            home-manager.users."lauren_lagarde" = { config, ... }: {
+              nixpkgs.config.allowUnfree = true;
              imports = inputs.mlaga97-home-manager.homeManagerModules."lauren_lagarde@ll-latitude-e5591";
            };
          }
--- a/secrets.tar.zst.gpg
+++ b/secrets.tar.zst.gpg
--- a/systems/outpost.nix
+++ b/systems/outpost.nix
@ -0,0 +1,80 @@
+{ pkgs, ... }: {
+  networking.hostName = "outpost";
+  networking.hostId = "373a7023";
+
+  imports = [
+    # Base Config
+    ../features/base.nix
+    ../features/headless.nix
+
+    # Features
+    ../features/tui-apps.nix
+    ../features/openssh-server.nix
+    ../features/virtualization/dockge.nix
+    ../features/virtualization/docker.nix
+
+    # Tweaks
+    ../tweaks/zfs.nix
+    ../tweaks/zram.nix
+    ../tweaks/enable_flakes.nix
+    ../tweaks/disable_firewall.nix
+    ../tweaks/systemd-resolved_nonsense.nix
+
+    # Dotspace
+    ../secrets/dotspace.nix
+
+    # Users
+    ../users/lauren_lagarde/lauren_lagarde.nix
+  ];
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Networking
+
+  networking.useNetworkd = true;
+
+  systemd.network = {
+    enable = true;
+    networks = {
+      "30-end0" = {
+        matchConfig.Name = "end0";
+        linkConfig = {
+          RequiredForOnline = "routable";
+        };
+        networkConfig = {
+          DHCP = "ipv4";
+          IPv6AcceptRA = true;
+        };
+      };
+
+      "90-tinc" = {
+        matchConfig.Name = "tinc.dotspace";
+        address = [ "10.86.84.106/32" ];
+        routes = [ { Destination = "10.86.84.0/24"; } ];
+      };
+    };
+  };
+
+  services.tinc.networks.dotspace = {
+    name = "outpost";
+    ed25519PrivateKeyFile = "/root/tinc/dotspace_ed25519_key.priv";
+
+    chroot = false;
+    settings.ConnectTo = [ "fortress" "stronghold" ];
+  };
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Services
+
+  # TODO: Put scripts into version control
+  services.cron = {
+    enable = true;
+    mailto = "";
+    systemCronJobs = [
+      "* * * * *	lauren_lagarde		/home/lauren_lagarde/bin/PublishStats > /dev/null"
+    ];
+  };
+}