From 4ee0f79bc9241b656c679259499cee7568a82da8 Mon Sep 17 00:00:00 2001 From: Lauren Lagarde Date: Tue, 10 Jun 2025 22:51:08 -0500 Subject: [PATCH] Add config for outpost --- features/base.nix | 1 - flake.lock | 44 +++++++++--------------- flake.nix | 32 ++++++++++++++---- secrets.tar.zst.gpg | Bin 2260 -> 2342 bytes systems/outpost.nix | 80 ++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 120 insertions(+), 37 deletions(-) create mode 100644 systems/outpost.nix diff --git a/features/base.nix b/features/base.nix index 137f6ae..745be01 100644 --- a/features/base.nix +++ b/features/base.nix @@ -1,6 +1,5 @@ { pkgs, ... }: { users.mutableUsers = false; - nixpkgs.config.allowUnfree = true; networking.wireless.enable = false; # For some reason this is needed all of the time diff --git a/flake.lock b/flake.lock index 1569b3a..a7e03e4 100644 --- a/flake.lock +++ b/flake.lock @@ -2,7 +2,9 @@ "nodes": { "disko": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1736864502, @@ -14,7 +16,7 @@ }, "original": { "owner": "nix-community", - "ref": "v1.11.0", + "ref": "latest", "repo": "disko", "type": "github" } @@ -133,17 +135,17 @@ "mlaga97-home-manager": { "inputs": { "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable" }, "locked": { "lastModified": 1, - "narHash": "sha256-oKpqiYEEMrno6/Cx7kk3FSIeshwyhmm29jppwTEcbMY=", - "path": "/nix/store/4nfp193ifb272bqfln8bwi788vkqs0p5-source/modules/mlaga97-home-manager", + "narHash": "sha256-pYpD+mKj2FS//91FsFc7YfemYBNLrFwXev9v3Q4JUEo=", + "path": "/nix/store/rm2bwhpxralxzakij7s6mcgbhcn9a5gx-source/modules/mlaga97-home-manager", "type": "path" }, "original": { - "path": "/nix/store/4nfp193ifb272bqfln8bwi788vkqs0p5-source/modules/mlaga97-home-manager", + "path": "/nix/store/rm2bwhpxralxzakij7s6mcgbhcn9a5gx-source/modules/mlaga97-home-manager", "type": "path" } }, @@ -186,16 +188,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736241350, - "narHash": "sha256-CHd7yhaDigUuJyDeX0SADbTM9FXfiWaeNyY34FL1wQU=", + "lastModified": 1741332913, + "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8c9fd3e564728e90829ee7dbac6edc972971cd0f", + "rev": "20755fa05115c84be00b04690630cb38f0a203ad", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } @@ -233,22 +235,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1741332913, - "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "20755fa05115c84be00b04690630cb38f0a203ad", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1735531152, "narHash": "sha256-As8I+ebItDKtboWgDXYZSIjGlKeqiLBvjxsQHUmAf1Q=", @@ -264,7 +250,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1, "narHash": "sha256-QJFvxzBCZHVjWApIe4KaxC3gRd5d1QgDT3xJNetMwVE=", @@ -283,7 +269,7 @@ "lix-module": "lix-module", "mlaga97-home-manager": "mlaga97-home-manager", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable_2", "waveforms": "waveforms" } @@ -305,7 +291,7 @@ }, "waveforms": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1722915115, diff --git a/flake.nix b/flake.nix index cd12ab4..5f61b54 100644 --- a/flake.nix +++ b/flake.nix @@ -27,8 +27,9 @@ lix-module.url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"; lix-module.inputs.nixpkgs.follows = "nixpkgs"; - # Installers - disko.url = "github:nix-community/disko/v1.11.0"; + disko.url = "github:nix-community/disko/latest"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + nixos-generators.url = "github:nix-community/nixos-generators/7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565"; nixos-generators.inputs.nixpkgs.follows = "nixpkgs"; @@ -48,7 +49,10 @@ locale = "en_US.UTF-8"; stateVersion = "24.11"; - pkgs = import nixpkgs {inherit system; }; + pkgs = import nixpkgs { + inherit system; + config.allowUnfree = true; + }; pkgs-unstable = import nixpkgs-unstable { inherit system; config.allowUnfree = true; @@ -73,14 +77,17 @@ }]; # TODO: Surely a better way, no? - inherited_modules = [ + inherited_modules_lite = [ { time.timeZone = timezone; system.stateVersion = stateVersion; } - lix-module.nixosModules.default home-manager.nixosModules.home-manager + ]; + + inherited_modules = inherited_modules_lite ++ [ + lix-module.nixosModules.default waveforms.nixosModule disko.nixosModules.default ]; @@ -130,7 +137,7 @@ modules = iso_modules ++ [ { networking.hostName = "ll-nixos-base"; - home-manager.users."lauren_lagarde" = { config, ... }: { + home-manager.users."lauren_lagarde" = { config, pkgs-unstable, ... }: { imports = inputs.mlaga97-home-manager.homeManagerModules."lauren_lagarde@ll-latitude-e5591"; }; } @@ -204,6 +211,15 @@ ] ++ inherited_modules; specialArgs = { inherit inputs pkgs-unstable; }; }; + + outpost-sdcard = nixos-generators.nixosGenerate { + system = "aarch64-linux"; + format = "sd-aarch64"; + modules = pi_modules ++ [ + ./systems/outpost.nix + ] ++ inherited_modules_lite; + specialArgs = { inherit inputs pkgs-unstable; }; + }; }; packages.x86_64-linux = { @@ -220,7 +236,8 @@ modules = iso_modules ++ [ { networking.hostName = "ll-nixos"; - home-manager.users."lauren_lagarde" = { config, ... }: { + home-manager.users."lauren_lagarde" = { + nixpkgs.config.allowUnfree = true; imports = inputs.mlaga97-home-manager.homeManagerModules."lauren_lagarde@ll-latitude-e5591"; }; } @@ -238,6 +255,7 @@ { networking.hostName = "ll-nixos"; home-manager.users."lauren_lagarde" = { config, ... }: { + nixpkgs.config.allowUnfree = true; imports = inputs.mlaga97-home-manager.homeManagerModules."lauren_lagarde@ll-latitude-e5591"; }; } diff --git a/secrets.tar.zst.gpg b/secrets.tar.zst.gpg index b2801d8c1e1794f52e9d8950ef317719abd8d999..128020faf7953458259acf1383512ea7b859511a 100644 GIT binary patch literal 2342 zcmV+>3EB3A0t^GtQPoXEkO}7j5C3(=WEFSqB5N4+Fe5DJR-*%@TqVbE={bl4&|^iS z>38GBqfvkVuX)7L&i%FaJl$>x7# zZAmf8QFj(1{iY>giIKV4q zAuIl%C#?mnEbgLx9bvlku-PGgY)|$IY!@v8>R8M7q_eR7Nw7TlfZ5L8{>fVevctRB z>-g5mZ{`8czW+iMtu?ukjr?umUh?|_0&lrI1D@zE!XXWj_ek_3(CS8z*FnYjnt%}0*M%-|j=c%tWh65B~SljHHOu`!mQ>4ibr~=Zz zzj-DsIkZA=f+B?%p)3HXo7;5fzsneL+h3+$Px_L1}R_>{T-9 zDm4mG0faiWEUCN`y`iNw2Mj@R=cC(WPSiY8MsdLgN_%lR>1QQ*mk(a) zfO?SWk=tD{b2y6y87zW^k;>2r+dVrqzNxF}`WbV}pS6ks$f-6eY72?qB=WcL%glG3B#vTdU}1lCgwy;V1t zdda{ma5C1jO~NprPT3QvalnBIkJv9go28_|g_;^Qfyg@6l_kBLlzqWGZ!`Qja?`X% zspV(6ai0@FAT&TbS&xybVr~>tEbRR({y}JU%|ficL^grO-*MwzUW7<;#FS7TRZN@? z>}H0E%O1s$ZgmdKhq{8L+|e^bJmX8H1%vD+?YvfE>+ZO^)$M(^0;g@|o(V+9eg;H_ zFT=fc_Gqu73bYMNVVN@3*#1oA)k*PMTb(!h6a(O>l={)Jp_?)IOQb!^!ol&BAfQXP z-WzDawPBlpJW_(vO2=nXp!3IqsK=@LzS=}fQc#KnjN{TDigw4hee6qCp4P(w#b||D zGX6<($O2Z!h0kn5&mEMxa00P1B;bvC@zj& z&~XN-=pTaTGTB7jh;iV3pAr;Vu=C zgmZRV4BL2bnw4PiWLWzpGQt|Lp*^F?aF(ZsRc}1a^k*czZf&gEZL@_m?Vk>lzt(Z) zaEYS|xP;SrAE4p6hM%ljL=b2#PlRxm?=iI~1dH!S5VFmGU{(0YzE^CzrWlB&-3kIJ(!>laZ2?@O z%jiiU%ocl7dzQ}F^D3UF-C@MkY@K@x?)P?S0>Pdf)A%9NmQxDiZnJ?M4pUWQaU752Mfj=Nzi-OvO>x37r;`MdpElI zhJ0BNz&uCka!CS91gGXjDN{Ekta+SbwM@o*N_23Kk^j4gx#_RPgCH`U$_-|LTkl*?UTftPn6#>)d@ihP|c;SWTX+ MuWDx$I226|GUDledH?_b literal 2260 zcmV;_2rKu60t^GtQPoXEkO}7j5CDxL`WIDxH*$3~+!>yhEy=ISGQ)}gCf@%TYLb)K)CTQL=FCMpMmeTmL@O0qB7{)0JOK23+6eN>gg1=tPh{9BS z>5aZ%g^-m8<5z$-z1{BQ_zBkYjbp(|jZidQ^4BKOz$f14k6w2OIGQu;p;9`=*hK|? zhxWWnAhXm_uqL94=J@VH85Bd}7~>*%c~DVvShbRIu+_&%{u^;n&DVhb1h8`?&>G*U zSTOA|2e$Nc89E=^wPQJ8x>Awk2?X&zlO|qG?OX1Pauys}mij-b;oPgCgSC_gP^txe zElN3MbL)evMf=U!*5L@&10A})fHdtK636}oOAlw8fDQ;n*Li29aP*csPqXtv{9yrx z3_*xdx${a8#X?YUl9ld1we~3Ev|e;46;m{q0;>XXJF49uw^yKW^@j{50BsWt3@5dq z;&390p|eIE<}YjOI3BQ!L=}@+EtC|G^uqj4GW<(*&hbv#zbgjgEC z;Jc<*E|S|`S3PyW20W1D*v6$X*vvlD8{ibxr!6VjP68D)Gw4ipSUy{NU09Cmx+l=N z)pQ$TE7yYZGS8w+`s~u`0lD6_X~@#3f*Jum;a!qQW{O0F*mJ(F`g|O3=fHxWJ|Mnt zwHK9=RgrH&QIg(o#x&+mjY_1Fp?ZV)S|C!g*2koia3oL zbjO5L4pr^aJ5d2V1#n>?jxr#FurB5{x%@_}_f2AYR{xGE?-1IsAu9{aCk{ImCMl@5 z>i2G7T?6F!UhIKdFZXoBA?*XF>inyqm!AuOr$j@Py4mEL98R0tJzJpyi#K^Z^V^U< zNo&sZ57Bkz0$Ir0(&l2YPAQ|pyoiU{joYBLN@E!m^;Z+#u%`O&hBu2c!EHT_T ziqwTVNQ-rRu2KAVpujkcu=WSMf%6c((Hry(i+~7V(~X|c+(c&XZ!bh+3k2#owi-nm zydeH2xJQt?KGyiKYZHdN&h>mJLQ@D`$mKHtemE$u*Pqd66VjZM6A3H5S>(Q(T=cO9 z8L4}DQ?`=`rJ+el9ygrYX^bg67YT}KS*dHz`;YzH-RJf!n)H8^u;6pFD$NNr(7;Ww z1JqP%qe-JgbB(6OWOQZr3cnwbrJ4-Wm(o>w&YdC%EWiiZNyMl%Q!6n-x-u^=TFW^? zFXG^sB9M-Kyd;M$#WKXi_M;OyAYuJ&Ol-Qc%{}e~zu}kYhhZrapEyUxOlY|_wwfsl z?v)`M`##s&d%Evs@2=qvCqW?rUjI;J$psmC-so#}otJ1UL7*9q+xL-RBZjtv&@Gs6 zq<5YYhUEg4`qP_A~Eb5$pR>J zVl4trv=W)n44Ib|cf$NferO}E0-vVMwWqYQ5JaUd{BZKtbfsn)B*7@0Bm;$-soGIH%qUU7(=UO-!AxhnfP~VHUy}@ezTwU$a>21`0 zA||6M>OVha`W>_DdbjUpCK;%6!0t)$zn!@-uY-=JzHb`;^WjFphmSC3?4MoXQR;h>{92KvR<<Ds&&Jy(`Q4Qt4~`LzT9_V89XXNWrfu=fExw zaJSIcZy;c`{Y6{YF_`ilSpO2m!g<4jV%$*L-D-g+0}F1*bGn5G>wLLaVN zJXuvj2`Duvu5+7>rnPadf}fh2yrp$#d(Qp5>}5J2=Y*XxJoM)s7aYbFRCba9m`Udq zeym%YpQMl8Yy5nafCLT^`a05H7*uGcql!{B9qH!Af#!2(G6}C_uSt$TqJrkcye`xH zfXnqqQuY)kb%)gJ^VGHd)lbdCdES=w`#;*S_`vc6L@XYR7Yo)Xje1ML1Px3kjbA?; zV58Cl3V_81CgC^_*LfJq9nKM3dN#jo8EU7^dXK7<@0K(B9c(pri7g<=M!7~wbJSEaS5T!V;?!)dMX%se5)zH zbX^N!42Y4MK9-6u`%Ao+5*x0}0^aF)C!!&0&TErt@@=LvEI)vWOGfyz#A!=lZUXN;%$&sqeFXd<3wWeoQqbvki*+kKvc`97R#ZGMxfT5Z+)nrT?!W+7+wd_s zL>6$N+rbZUo3_PWsVFOpqRG%n@z1?Lp0fnfvSn2W%K)zmH|a>Moosk;KgUzRP@5DZ zsqHIl4-}^=?Cg@3AIus94@8;(2G1-8`#2epB|qYCTnr1zRUDAQ9=#j)#J3O|vX@YO z(Iky(>_vX9xrV*aS`fa>+wie=-+s24&c(M=u?M(cPH%ggly3@0f899uie`fr6BE7e iFkfvjl$t!r%!lCq5Ohs7u4b;fThZ!fR5BNdDVc{aFI(RL diff --git a/systems/outpost.nix b/systems/outpost.nix new file mode 100644 index 0000000..1d0eb3d --- /dev/null +++ b/systems/outpost.nix @@ -0,0 +1,80 @@ +{ pkgs, ... }: { + networking.hostName = "outpost"; + networking.hostId = "373a7023"; + + imports = [ + # Base Config + ../features/base.nix + ../features/headless.nix + + # Features + ../features/tui-apps.nix + ../features/openssh-server.nix + ../features/virtualization/dockge.nix + ../features/virtualization/docker.nix + + # Tweaks + ../tweaks/zfs.nix + ../tweaks/zram.nix + ../tweaks/enable_flakes.nix + ../tweaks/disable_firewall.nix + ../tweaks/systemd-resolved_nonsense.nix + + # Dotspace + ../secrets/dotspace.nix + + # Users + ../users/lauren_lagarde/lauren_lagarde.nix + ]; + + ############################################################################## + ############################################################################## + ############################################################################## + # Networking + + networking.useNetworkd = true; + + systemd.network = { + enable = true; + networks = { + "30-end0" = { + matchConfig.Name = "end0"; + linkConfig = { + RequiredForOnline = "routable"; + }; + networkConfig = { + DHCP = "ipv4"; + IPv6AcceptRA = true; + }; + }; + + "90-tinc" = { + matchConfig.Name = "tinc.dotspace"; + address = [ "10.86.84.106/32" ]; + routes = [ { Destination = "10.86.84.0/24"; } ]; + }; + }; + }; + + services.tinc.networks.dotspace = { + name = "outpost"; + ed25519PrivateKeyFile = "/root/tinc/dotspace_ed25519_key.priv"; + + chroot = false; + settings.ConnectTo = [ "fortress" "stronghold" ]; + }; + + ############################################################################## + ############################################################################## + ############################################################################## + # Services + + # TODO: Put scripts into version control + services.cron = { + enable = true; + mailto = ""; + systemCronJobs = [ + "* * * * * lauren_lagarde /home/lauren_lagarde/bin/PublishStats > /dev/null" + ]; + }; +}