diff --git a/flake.nix b/flake.nix index 0d4c2e0..4a21f8a 100644 --- a/flake.nix +++ b/flake.nix @@ -206,7 +206,7 @@ networking.hostName = "stronghold"; networking.hostId = "c581a1cd"; } - ./systems/vm-docker-base.nix + ./systems/stronghold/configuration.nix lix-module.nixosModules.default home-manager.nixosModules.home-manager diff --git a/nixos/disko/libvirt/uefi-zfs-base.nix b/nixos/disko/libvirt/uefi-zfs-base.nix index c78602f..bd041bd 100644 --- a/nixos/disko/libvirt/uefi-zfs-base.nix +++ b/nixos/disko/libvirt/uefi-zfs-base.nix @@ -1,4 +1,6 @@ { ... }: { + boot.supportedFilesystems = [ "zfs" ]; + disko.devices = { disk = { vda = { diff --git a/secrets.tar.zst.gpg b/secrets.tar.zst.gpg index cd61a2d..92633c0 100644 Binary files a/secrets.tar.zst.gpg and b/secrets.tar.zst.gpg differ diff --git a/systems/stronghold/configuration.nix b/systems/stronghold/configuration.nix new file mode 100644 index 0000000..fe588c4 --- /dev/null +++ b/systems/stronghold/configuration.nix @@ -0,0 +1,73 @@ +{ pkgs, ... }: { + imports = [ + # Core Features + ../../nixos/features/base.nix + ../../nixos/features/tui-apps.nix + ../../nixos/features/openssh-server.nix + + # Core Tweaks + ../../nixos/tweaks/zram.nix + ../../nixos/tweaks/enable_flakes.nix + ../../nixos/tweaks/disable_nixos_user.nix + ../../nixos/tweaks/systemd-resolved_nonsense.nix + + # Lauren Base + ../../users/lauren_lagarde/lauren_lagarde.nix + + # Dotspace + ../../secrets/dotspace.nix + ../../nixos/features/stronghold-binary-cache.nix + + # Docker Host Stuff + ../../nixos/tweaks/disable_firewall.nix + ../../nixos/features/virtualization/docker.nix + ../../nixos/features/virtualization/dockge.nix + + # UEFI SSH ZFS + #../../nixos/tweaks/zfs.nix + #../../nixos/features/initrd-ssh.nix + #../../nixos/features/virtualization/libvirt-guest-uefi.nix + + #../../nixos/disko/libvirt/uefi-zfs-base.nix + #../../nixos/disko/libvirt/zfs-encrypted.nix + ]; + + ############################################################################## + ############################################################################## + ############################################################################## + # Networking + + # To generate keys: + # sudo mkdir -p /root/wireguard && wg genkey | sudo tee /root/wireguard/dotspace.priv | wg pubkey + networking.wireguard.enable = true; + networking.wireguard.interfaces."wg.dotspace" = { + ips = [ "10.13.13.2" ]; + listenPort = 51820; + privateKeyFile = "/root/wireguard/dotspace.priv"; + }; + + systemd.network = { + networks = { + "90-tinc-dotspace" = { + matchConfig.Name = "tinc.dotspace"; + address = [ "10.86.84.3/32" ]; + routes = [ { Destination = "10.86.84.0/24"; } ]; + }; + }; + }; + + # To Generate Keys: + # sudo tinc -b -n dotspace generate-ed25519-keys; cat /etc/tinc/dotspace/hosts/$(hostname) | grep "^Ed" + services.tinc.networks.dotspace = { + name = "stronghold"; + ed25519PrivateKeyFile = "/etc/tinc/dotspace/ed25519_key.priv"; + + chroot = false; + settings.ConnectTo = [ "fortress" "citadel" ]; + }; + + ############################################################################## + ############################################################################## + ############################################################################## + # Services +} diff --git a/systems/vm-docker-host/vm-docker-host-zfs.nix b/systems/vm-docker-host/vm-docker-host-zfs.nix index 20df804..957ecc5 100644 --- a/systems/vm-docker-host/vm-docker-host-zfs.nix +++ b/systems/vm-docker-host/vm-docker-host-zfs.nix @@ -14,6 +14,4 @@ ../../disko/libvirt/zfs-mirror.nix ../../disko/libvirt/zfs-encrypted.nix ]; - - boot.supportedFilesystems = [ "zfs" ]; } diff --git a/vm.sh b/vm.sh new file mode 100755 index 0000000..343b3c0 --- /dev/null +++ b/vm.sh @@ -0,0 +1 @@ +nixos-rebuild build-vm --flake ".#$1" && "./result/bin/run-$1-vm" #-nographic