Make fortress actually work in production

2025-08-03 00:19:50 -05:00 · 2025-08-03 00:19:50 -05:00 · 66de69830e
commit 66de69830e
parent 3ec7d7a09e
2 changed files with 53 additions and 15 deletions
--- a/flake.nix
+++ b/flake.nix
@ -182,7 +182,9 @@
            home-manager.users."lauren_lagarde" = {
              home.stateVersion = "24.11";
-              imports = self.homeManagerModules."lauren_lagarde";
+              imports = self.homeManagerModules."lauren_lagarde" ++ [
                ./secrets/mlaga97.nix
              ];
            };
            time.timeZone = "America/Chicago";
@ -209,7 +211,9 @@
            home-manager.users."lauren_lagarde" = {
              home.stateVersion = "24.11";
-              imports = self.homeManagerModules."lauren_lagarde";
+              imports = self.homeManagerModules."lauren_lagarde" ++ [
                ./secrets/mlaga97.nix
              ];
            };
            time.timeZone = "America/Chicago";
@ -235,7 +239,9 @@
            home-manager.users."lauren_lagarde" = {
              home.stateVersion = "25.05";
-              imports = self.homeManagerModules."lauren_lagarde";
+              imports = self.homeManagerModules."lauren_lagarde" ++ [
                ./secrets/mlaga97.nix
              ];
            };
            time.timeZone = "America/Chicago";
--- a/systems/fortress/configuration.nix
+++ b/systems/fortress/configuration.nix
@ -1,6 +1,15 @@
-{ config, pkgs, inputs, ... }: {
+# To recover/repeat this monstrosity:
 # - Comment out the digital-ocean-image.nix import
 # - Build qcow2 image with `nixos-rebuild build-image --image-variant digital-ocean --flake ".#fortress"`
 # - Convert image output from .qcow2.gz to .img.zst
 # - Pipe the .img.zst over ssh into dd on the "Recovery ISO" environment of the droplet
 # - Resize the partition and reboot
 # - ????
 # - Profit
 { lib, config, pkgs, inputs, ... }: {
  imports = [
-    #"${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-image.nix"
+    # NOTE: This has to be uncommented to rebuild on a live system, but commented for build-image to work.
    "${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-image.nix"
    # Core Features
    ../../nixos/features/base.nix
@ -10,20 +19,29 @@
    # Core Tweaks
    ../../nixos/tweaks/zram.nix
    ../../nixos/tweaks/enable_flakes.nix
    ../../nixos/tweaks/systemd-resolved_nonsense.nix
    # Users
    ../../users/lauren_lagarde/lauren_lagarde.nix
    # Additional Software
-    ../../nixos/features/virtualization/dockge.nix
+    ../../nixos/tweaks/disable_firewall.nix
    #../../nixos/features/virtualization/dockge.nix
    ../../nixos/features/virtualization/docker.nix
  ];
-  users.users.root.openssh.authorizedKeys.keys = [
+  ##############################################################################
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCl881A1gvgCx+4ECrmJnO2QCTiqjaOLfAegKAAkvWNFKL0rDfsj8tZULUcyn87HYsRrdmqCOQ62GOjQyK803azq7QTxwY4vjczkJxico4LnIToTobcz+JkgF6Rf/h74bs9dHk4ZU853FRBz3wi/14rI10Iwckt37B1ayJacpELuzFobKYip2FjiL1vNH3tiAFR131z+YBByvNX+uJYEhpsI0xry9zbsSUWUq5/YFpmjezblzYRokfsReYiKJeQBeROSeRC/xFBSnikECSylNI4sw5VIpGXFIxL5xhss+s+3dnb+LFQ+zInOYxkVRydYc/In9Wz6Tu7v07K8bjvE7nQwHenoGtRW590Xu0rJApS+k8Cu16sCO2QFj/aI+gCrhU0ymM0aicr0hFAME6Y7j9HcR6PxYxnXZjI7cfqhO5TG8jot25SPzJcvH3EV5oPKtAkw9XA+8+nAI9czFlUgHnuMJAqw1IGOD3qozwqZ5yn1+kG7FZJRpvaPc5pK2HtqaAKJmnRuVaWcFuNALh86gr7Qn8IEp8Q+YyKmDqrMZ4KLJUMnVqn4y0HVS1eB5nVujaJZUGJWA4q3og0FE/2kH74WEp2ZtuJAoEPcgfZ6Ns7BmmXIZU7qu4kQoQ73b3mn6hCi5xlQ/sClzwHYkRPo4tST64ED/UIRPCYe1byNUWSww== lauren@lagarde.dev"
+  ##############################################################################
-  ];
+  ##############################################################################
  # System-specific Tweaks
  services.smartd.enable = lib.mkForce false;
  ##############################################################################
  ##############################################################################
  ##############################################################################
  # Networking
  networking.useNetworkd = true;
  networking.nameservers = [
    "67.207.67.3"
    "67.207.67.2"
@ -31,8 +49,11 @@
    "2001:4860:4860::8888"
  ];
  networking.useNetworkd = true;
  systemd.network = {
    enable = true;
    # Public IP
    networks."30-ens3" = {
      matchConfig.PermanentMACAddress = "c2:6c:55:d5:99:6a";
      address = [
@ -42,12 +63,23 @@
      ];
      routes = [
        { Gateway = "68.183.48.1"; }
        {
          Destination = "2604:a880:800:10::1";
          Scope = "link";
          Metric = 100;
        }
        {
          Gateway = "2604:a880:800:10::1";
          GatewayOnLink = true;
          Metric = 100;
        }
      ];
    };
  };
-  swapDevices = [{
+    # Private IP
-    device = "/swap/swap0";
+    networks."30-ens4" = {
-    size = 2048;
+      matchConfig.PermanentMACAddress = "5a:b1:f4:39:a2:87";
-  }];
+      address = [ "10.132.86.139/16" ];
    };
  };
 }