Redoubt initial configuration

2025-08-10 00:43:41 -05:00 · 2025-08-10 00:43:41 -05:00 · 915cd1a8cb
commit 915cd1a8cb
parent 5f4e98f7b3
3 changed files with 99 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -272,6 +272,33 @@
        ];
      };

+      redoubt = nixpkgs.lib.nixosSystem {
+        system = "aarch64-linux";
+        modules = pi_modules ++ [
+          {
+            networking.hostName = "redoubt";
+            system.stateVersion = "25.05";
+
+            home-manager.users."lauren_lagarde" = {
+              home.stateVersion = "25.05";
+              imports = self.homeManagerModules."lauren_lagarde" ++ [
+                ./secrets/mlaga97.nix
+              ];
+            };
+
+            time.timeZone = "America/Chicago";
+            sops.defaultSopsFile = ./secrets.yaml;
+          }
+
+          ./nixos/features/openssh-server.nix
+          ./users/lauren_lagarde/lauren_lagarde.nix
+
+          sops-nix.nixosModules.sops
+          home-manager.nixosModules.home-manager
+        ];
+        specialArgs = { inherit inputs pkgs-unstable; };
+      };
+
      ##########################################################################
      ##########################################################################
      ##########################################################################
--- a/secrets.tar.zst.gpg
+++ b/secrets.tar.zst.gpg
--- a/systems/redoubt/configuration.nix
+++ b/systems/redoubt/configuration.nix
@ -0,0 +1,72 @@
+{ ... }: {
+  imports = [
+    # Core Features
+    ../../nixos/features/base.nix
+    ../../nixos/features/tui-apps.nix
+    ../../nixos/features/openssh-server.nix
+
+    # Core Tweaks
+    ../../nixos/tweaks/zram.nix
+    ../../nixos/tweaks/enable_flakes.nix
+    ../../nixos/tweaks/systemd-resolved_nonsense.nix
+
+    # Dotspace
+    ../../secrets/dotspace.nix
+    ../../nixos/features/stronghold-binary-cache.nix
+
+    # Users
+    ../../users/lauren_lagarde/lauren_lagarde.nix
+    ../../users/ashley_funkhouser/ashley_funkhouser.nix
+
+    # Features
+    ../../nixos/features/virtualization/dockge.nix
+    ../../nixos/features/virtualization/docker.nix
+
+    # Redoubt
+    ../../nixos/tweaks/disable_firewall.nix
+  ];
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Services
+
+  virtualisation.oci-containers.backend = "docker";
+  virtualisation.oci-containers.containers = {
+    dozzle = {
+      image = "amir20/dozzle:latest";
+      ports = [ "9999:8080" ];
+      volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ];
+    };
+  };
+
+  ##############################################################################
+  ##############################################################################
+  ##############################################################################
+  # Networking
+
+  networking.useNetworkd = true;
+  systemd.network = {
+    enable = true;
+  };
+
+  ##############################################################################
+  # Tinc
+
+  sops.secrets."dotspace/fortress/keys/tinc/rsa_key.priv" = { sopsFile = ./secrets.yaml; };
+  sops.secrets."dotspace/fortress/keys/tinc/ed25519_key.priv" = { sopsFile = ./secrets.yaml; };
+
+  systemd.network.networks."90-tinc" = {
+    matchConfig.Name = "tinc.dotspace";
+    address = [ "10.86.84.107/32" ];
+    routes = [ { Destination = "10.86.84.0/24"; } ];
+  };
+
+  services.tinc.networks.dotspace = {
+    name = "fortress";
+    ed25519PrivateKeyFile = "/run/secrets/dotspace/fortress/keys/tinc/ed25519_key.priv";
+
+    chroot = false;
+    settings.ConnectTo = [ "stronghold" ];
+  };
+}