mlaga97/mlaga97-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Reinstall Outpost

Browse source
This commit is contained in:
Lauren Lagarde 2025-08-21 23:08:20 -05:00
parent f2204b3489
commit 70604b5bba
5 changed files with 180 additions and 84 deletions
Download patch file Download diff file Expand all files Collapse all files

6
flake.nix
View file

@ -140,6 +140,12 @@
modules = [ ./systems/ll-nixos-live/configuration.nix ];
};
outpost = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
specialArgs = { inherit self inputs pkgs-unstable; };
modules = [ ./systems/outpost/configuration.nix ];
};
redoubt = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
specialArgs = { inherit self inputs pkgs-unstable; };

84
systems/outpost.nix
View file

@ -1,84 +0,0 @@
{ pkgs, ... }: {
networking.hostName = "outpost";
networking.hostId = "373a7023";
imports = [
# Base Config
../features/base.nix
../features/headless.nix
# Features
../features/tui-apps.nix
../features/openssh-server.nix
../features/hardware/yubikey.nix
../features/virtualization/dockge.nix
../features/virtualization/docker.nix
# Tweaks
../tweaks/zfs.nix
../tweaks/zram.nix
../tweaks/enable_flakes.nix
../tweaks/disable_firewall.nix
../tweaks/systemd-resolved_nonsense.nix
# Dotspace
../../dotspace/configuration.nix
# Users
../../users/lauren_lagarde/configuration.nix
# Outpost
../../nixos/tweaks/disable_firewall.nix
];
##############################################################################
##############################################################################
##############################################################################
# Networking
networking.useNetworkd = true;
systemd.network = {
enable = true;
networks = {
"30-end0" = {
matchConfig.Name = "end0";
linkConfig = {
RequiredForOnline = "routable";
};
networkConfig = {
DHCP = "ipv4";
IPv6AcceptRA = true;
};
};
"90-tinc" = {
matchConfig.Name = "tinc.dotspace";
address = [ "10.86.84.106/32" ];
routes = [ { Destination = "10.86.84.0/24"; } ];
};
};
};
services.tinc.networks.dotspace = {
name = "outpost";
ed25519PrivateKeyFile = "/root/tinc/dotspace_ed25519_key.priv";
chroot = false;
settings.ConnectTo = [ "fortress" "stronghold" ];
};
##############################################################################
##############################################################################
##############################################################################
# Services
# TODO: Put scripts into version control
services.cron = {
enable = true;
mailto = "";
systemCronJobs = [
"* * * * * lauren_lagarde /home/lauren_lagarde/bin/PublishStats > /dev/null"
];
};
}

10
systems/outpost/.sops.yaml Normal file
View file

@ -0,0 +1,10 @@
keys:
- &system_ll_latitude age19v2gpucsykaqu3hsvskl67ss8mpqstp59vn687am6px9nmg585ksvlhctz
- &yubikey_lauren_primary 5F78261B65C565041662A3B7FF8FC3C735BD4A51
creation_rules:
- path_regex: secrets.yaml$
key_groups:
- pgp:
- *yubikey_lauren_primary
age:
- *system_ll_latitude

86
systems/outpost/configuration.nix Normal file
View file

@ -0,0 +1,86 @@
{ lib, inputs, self, pkgs, pkgs-unstable, ... }: let
hostName = "outpost";
hostId = "373a7023";
tinc-ip = "10.86.84.106/32";
stateVersion = "25.05";
in {
networking.hostId = hostId;
networking.hostName = hostName;
system.stateVersion = stateVersion;
home-manager = {
users."lauren_lagarde" = {
home.stateVersion = stateVersion;
imports = self.homeManagerModules."lauren_lagarde@tui.mlaga97.space";
};
extraSpecialArgs = { inherit self pkgs-unstable; };
};
time.timeZone = "America/Chicago";
sops.defaultSopsFile = ../../secrets.yaml;
imports = [
inputs.sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.home-manager
../../nixos/features/pi.nix
# Core Features
../../nixos/features/base.nix
../../nixos/features/tui-apps.nix
../../nixos/features/openssh-server.nix
# Core Tweaks
../../nixos/tweaks/zram.nix
../../nixos/tweaks/enable_flakes.nix
../../nixos/tweaks/systemd-resolved_nonsense.nix
# Dotspace
../../dotspace/configuration.nix
# Users
../../users/lauren_lagarde/configuration.nix
../../users/ashley_funkhouser/ashley_funkhouser.nix
# Outpost
../../nixos/tweaks/disable_firewall.nix
];
##############################################################################
##############################################################################
##############################################################################
# Services
services.smartd.enable = lib.mkForce false;
##############################################################################
##############################################################################
##############################################################################
# Networking
networking.useNetworkd = true;
systemd.network = {
enable = true;
};
##############################################################################
# Tinc
sops.secrets."dotspace/${hostName}/keys/tinc/rsa_key.priv" = { sopsFile = ./secrets.yaml; };
sops.secrets."dotspace/${hostName}/keys/tinc/ed25519_key.priv" = { sopsFile = ./secrets.yaml; };
systemd.network.networks."90-tinc" = {
matchConfig.Name = "tinc.dotspace";
address = [ "${tinc-ip}/32" ];
routes = [ { Destination = "10.86.84.0/24"; } ];
};
services.tinc.networks.dotspace = {
name = hostName;
ed25519PrivateKeyFile = "/run/secrets/dotspace/${hostName}/keys/tinc/ed25519_key.priv";
chroot = false;
settings.ConnectTo = [ "fortress" ];
};
}

78
systems/outpost/secrets.yaml Normal file
View file

@ -0,0 +1,78 @@
dotspace:
outpost:
keys:
tinc:
ed25519_key.priv: ENC[AES256_GCM,data:gQ17aLaRXgItUfoR9ZjvoU0nh/8rbPoFrgjGJ6XacaixYZp2J7evD5QKbJQpAn2vrVnOU1CEsLZngIR4DCXBek6XiqQsPOTA47E/8nNwB74go3VIdx/jCSWU0ObLm32Z27zKKkUwd62yOmyuYZIWpGrSWlEwlQj+Xf+lPlHEZGHLHahXvsuiA28wJ6ZYhNgQC9zjx5yi2SK0tnnfR68q4d57yVEe3I3KTruh01nVH86Vm1sR9Vum/KWViko/rIHNqwdKtzE2qQ==,iv:SZYQofepeR+Uq6mdlleYNbhHg72aB3i4GwY2Xdgriq8=,tag:Xf2BL6qLhwRqmNLkNtQY4Q==,type:str]
rsa_key.priv: ENC[AES256_GCM,data:ofZzGqt+OfmzWPJfRY9OaHoS264OwsuI8St0ldAnB55tcA/WZu0MHpOzsFlR8ibAhYpMN7Qvj2Hjmw/Fq0tt1V9hrpiIWkyJ2SxrlPtNrVRSPxJaqBkOtm42r/L5we/wZO/xr6JAUV3ZXrNbpBv/Y58YLpvg/YCnjCYtUgzeZdwxRlRjUcx4rOEWI9GgbSraVlehG6EQiQLcrSENeZRnDAyrThuy1RgX/fduXnzHfHkNGqAepK9IfC1ffletWK+1xhRVfLrq9bSCKI2085PJIR8xLDk2/Saq6o2V/+xZEBRO8ISAvk9ZZ48XcjD0a/incyKKLXXbdUrGuS4BXGeIqdN7anG1BmrjlMNwajpc6hHTXiXb79B0bReQ2QR+8T0jK0hDPjC/6d+q32xm42jsHcXPaPP2R29+tf8N4ry2N9RYmxLPM48jOKrsAD4l7iF7d23HfvPHoYk6LknAEq3jXtDkqyNW5RTVfoSZtinHdijM6zvuGiyKl0kK88/EXTOZrjym2kHxN9gPPlk2neg5aKJ1Y0qHTbkh9BP6D7nPBz+ecjRx7CL+pGAyyfhwO/HFMX2Zyz0oog2Y+teErFVjg0p/WhMxlz/5KtslG5aSM0Q6+fMwcLmE46yb/VpuJCnNu8m3OwqInQS4Hpq7h2oIEnB+ptGaL3iDy2FdCZxsLN4ABatSaxDtjOnwaxWNHHtl1KaCRz+WU4MF8Me6u6xTQxj4GxHPKi9tV1sLRJgW1gA7ioMT8nhOlc9DKw6vZU7mZRGNHYiJMGII0LrrSr3pNN1qH4DpuLR5RDzYAFClsIKi6ZH73JPU0EhEPgrSO0xjqpje/vpf29haS6xaMn3djzuDKgkqDpqW5lDOrJvP8sHeNNYB5fkYbhPZbz1R79PnEQWW3zq9Z9iPK0/q5NiTy9rkqJp8vNmUXiwvP7/9nugTAHFDpt8fvImTA5Mxoy3r8y8+QUeZQvayVMuspBVmLrcpV0PEeZvoTU+G2/8Rx5CMLG2OMfdGUvpM4gHPlHWb+U4GsgCc7bTA7Ob7+sqXbKyGC9UudVnD8mtONtkngUqR7rT+TbQFVwid9DPmgnl17UVs8/qpcGJ+gbmjEbBmQ3ucZ9u0vdwBe+IK+tPmnCtQFnWpHRUvdTp6g0asLN/kYn1Y5nZ6VAOLXc/ANfq02jqTmBKQQXnR28OVXgM7pCJKufUTmfzDnRfszl83ILpUI3EHuiFzXw6Eb67HySajMKGGYrSRK8wSlr9bJSTN9I6k7ij3VvhSOEEsTO5coSmf5SNRWBkfCEDl0Oa3rsWhpAHcWZGcMEOEqKv2OsQ7IVnS8JRzJ8w3v7Ddy8Uu3D1uFZXKP779D8XvbUowKk1GD71fgRNWn027cl814OpLD8ncEjx3lGd0/PWH1+OK39ZYlmXZx9fBvUYnVoNT6XevTouW2c/VAkZR+D4SdTXEp+EZNscihPPW5vIb1xj59K96kqM6TS49VDOPQGritCHu2xDGJ0Wqxw0Pbd4c9yTfPu5Y8A5EeDXUA1/2UpxgpjC1fpXkztTGM2tVStbOcqeB+HieBNRUdUzexcuwKFC5aZ3ES8SXt4kEjiMlyHPyneMbd7LmGLaHwBHH+VXnyHXap8c26guXsjgNqO5IufW3pdGjZ77BUanzwVCRZySmO+SLSs5a63dXnXoGq4Resh6gKiwJGJGCgQ6xvBljzZkaPxjSk/gUOhdfG33/0ytgCfNS8pHxI9w1Ddb44VNL5M1LOlqx6akaPa4gqd1ORlgUjR7dbJ8d9ZNPzX3zH9gfAOLjrNY/xgo3LUQEnSRqmvtw/UfH+zbxYGKzskolE2JCxankuoe8XWnqz6KTyrPMLzjJuXfqepZi23jvRe7M+/Z1G5xp0YGAmU6Qq2EeFjQ2SLcHI1uJnt4AU+NNMMl4Uop4nxc0CSCFI3k4cg+JY6meYlLZs4BA/FKdk+VenKYVwpY/tsO1GbrsxlrEFjOO1OmQgjL2AsNQnjkHcveZCRqcq19LreRMvxCfGl7Cfcq34T7uwvvXmDrti/GWDhll4iSTsRGWxobY8HiNV929duXwiymqD/tdjUzTa3l3T0t6AXkEVW25y89qFtMlI9AH3oz6RC4YvB/ZYbZBn4UQAJsAYIm8x8Ox0Y4I1npxRa6HZnz9Pjyt+tL+wMsvCgqbGljLdvh1b2uRf/YFEDAoEUT6DyfHelSpuS7YN7o+1joR0tA9Lvli5+ZCgwN+KLkI3g==,iv:+ajn2mfJWvKCVYPa52jmIZ6Q4uX5ZuJG+EoaDjKtJXc=,tag:Zrgud6tf7fhw1Rw3d5Dy7Q==,type:str]
sops:
age:
- recipient: age1up8uth9hwtd9gup3v32l8dypdarj77s2lysm8js8w8mwa80rk4ds76ke6d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWWtLdDUzOU0zTTFoRnBM
SnFlWGNiUzVGNlBsVG54QTFYVFY1OFQ4RFhvClgwTE93dk1YalFaNmJDNlFqTThB
dzFwT285aHE4bjdIWXowRGxoR0ptS0EKLS0tIHNuK2tIbVlwbkpWcU9WVnNNLzlS
bG0vb1I0NzM1UWxlWTVPWlhQOGwzaFkKeMRVoOsZM8aaI36/zQUSRXwTJz0XUfA4
KmbEgR19YfPq2+EoPtGjdTFvtpZybBIf3E4YcIXAYy5BwJg22o4BUw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1fraz2lnnqtcxnu6tnjy4f7y9tuc0fnqekzmdynnhtt0h8a230v5qddpxdu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArSXo5ZUhpalpraUdNdGxt
bjFqSjd3U3k2VTdQVk9XbDNnSCttdVBJQm1VCmU2V3VXcU9JRnVwWk5TRHVuTE1F
M084MmVIM2VtUFUydkY0czFmWmw0dkEKLS0tIERDd0drY2RxdWYraVpaSmFkQlZO
bDZjd1lnUGZ5V1gyMkE1L2hNdzFSU2sKU2gBfOG0eeWw093lOwyjW8WZKJwVR3dk
d/Uc9tujyDUXsBmhXsUtEuGWS/ZDpwfhxYK/wZtL7ZkGsbUio/gWxw==
-----END AGE ENCRYPTED FILE-----
- recipient: age14j6ns297c49wx5d8jddctfmek0kvn8rvw3y03nw3pankc03dlpuqhvvy7c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoa2tEVEY3MENjRlRMNExW
Y05nbnZmMnVuSi8xV2FEZUdLbXloeEFEVjFzCmQwSEpKQ0RvK0FUUU1oMFcydnU2
TExkNGVOZS9TQUhQbXZLeVd4enh1cHcKLS0tIFRjR3JwVkI3WjhkNXhHSVpScVF4
MGs1LzFVdXpiaXRWOFNJTit4WmR1QnMKq3W4cMAjHsFjlrDbdLf+0GvAU0t5Trcx
dBZwE0OsrHqEc+1sFitACdgeGj5uWf34f7Vx4UxoVvQRiszjLcsZiw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1kmt2khucyvscmwvrjnt0v90zggttuap9utx7rw54g9amhtrkzdlq94fe4j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2RmdNcUtzRXFsM01NTEFN
ZWRzQlU1NFVSTjR0WXpUY2thTi9hM3RreWw0ClpyYnpDc0FSYWhwbCthQW1sYTdl
VG16U255ZHZIeWlDUjUwQUJvcldEejgKLS0tIFV1Wmo0ampvY0k1bnpFNUdkM0tq
bkV1TU5kM1l4UlhVeUxOVnYyVlBXbFEKCsPqfT4n03vLgWmAOr0zRsTt7xd4Fy8X
zJPGt+Pr+GRyVDyFcvYO0hfFQ0rwi5IxL1Ee4HlMguOA0yguyeEQjQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age19v2gpucsykaqu3hsvskl67ss8mpqstp59vn687am6px9nmg585ksvlhctz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwRVFNejF3MzVKZG5KVmh1
d0dBV0ZidEJVOVBuc0tQOFluWU83OElEOWpjCmxjVGc3MHl4WnVCUElCM240aUxP
ZGtONkhVZUtpQ3JvWU8wOXp1ZGhZbDQKLS0tIGUraWJ3Rlc2cGdiTFhIc1o0Nk5r
cUJyaW9RY2gyblRaTWdocmNVcE0vM0EK85ML4yYRTP8PqjiVTRW6U62Vm5EvExUx
tMKC4T8AJ/bYaJNy0mFH/MhmPkYHThHNxurIiGDLrzohTYy/D74xhQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-22T03:48:08Z"
mac: ENC[AES256_GCM,data:5r5USgaoTikwqkxtuXHHAaMz6mPJ07AC0TFq3mEBGEScoO4XStf2AuY2j5EFr9aLep+cIZJEO1AUMaAZTcrZfumjwn/XysCQm1A5xEPU5a7ydrtQHV6gjQaKsG7NLjbueVOhWuerxvmC7U9Gn3TZAg7OHXqXpG3SWXGE3aZJsuc=,iv:YMeRi4MYqx/cQBWtQc3uzZkpVCIRQObplE8/YN15ft8=,tag:oO+O6H7l9np79m6AWjHa8g==,type:str]
pgp:
- created_at: "2025-08-22T01:50:35Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA9BR1U1EkAnnAQ//bn+DWuHDMMxHxv5SH0zop7bzApc+mn7OXBS7OQERKR6o
2RA/ZExvEkCMXwjXI1lfzIkab5Ipa6h6Ao6DcFczdcOVa3jIzlZjpsS8lA5DqZ/v
fpP3tQOYfxvdtCLxkHPfJ7Tmq92Kqd1TBhIfG6A/YCuDiNnMQb/IC7RB7R810xtb
X/gMLftJCORa/qCaWVgjObqF5ehMFqtUIBNmBiMUihbOaAMKn60U8XWSgPH8/+uE
S/GrKEKRnuDHgaSfFDodtnLASR7UzWNSU0Xcw1dlWGDDadITextvorrwABVM2HmX
ZXh4noXFmAf8Ft16NY8Ke1FtzcqObwbIN6drcfjoI4NBqFF5OAKj6QR88yNtZrWD
5YTMSdmYCJAZ7wOH8Jze0TgCTO/2x8/car4QoFShVwftrQqdKqaTXfQ1tChAgL4O
VjkaXFfnKB4aU6iQ8XB7n5WmvYBquDB8swjaTo42ejMtpxw6hxsCtP0qaY+Syv0B
SBt4k4KTi6Yb1pwbpxn5KilyqXSt8xGINYf/jY7uOanvL/+GuUUQzq052yMTQFlI
K8ePPh6MNJz+Z6AB0LPXGEIkAERbFv52nkchO8tyMD0TE7pSuWDWliVdCUBbYxeh
DsU4qES5P/MCRoDKmlUpfhCGhVP15fR6fumvVtLZuSCOtRY/YYoGUo/KPcKYIM3S
XgFk8knsaG1Ncmqsg3Y2Su5yNGVvjICxde0xTb7PPdR1+6R+Dp461Rorzgmp9XTu
mrdYZJGqlz/yKEqsxU7ExTsppRrzRcejImyeukgHPu4/0S0lsfDRvNpX+CS48wE=
=ACo/
-----END PGP MESSAGE-----
fp: 5F78261B65C565041662A3B7FF8FC3C735BD4A51
unencrypted_suffix: _unencrypted
version: 3.10.2