mlaga97/mlaga97-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
mlaga97-nix/systems/outpost/configuration.nix
Lauren Lagarde abd3663878 Add trusted users and zfs to outpost
2025-08-29 22:06:37 -05:00

92 lines
2.6 KiB
Nix
Raw Blame History

{ lib, inputs, self, pkgs, pkgs-unstable, ... }: let
hostName = "outpost";
hostId = "373a7023";
tinc-ip = "10.86.84.106/32";
stateVersion = "25.05";
in {
networking.hostId = hostId;
networking.hostName = hostName;
system.stateVersion = stateVersion;
home-manager = {
users."lauren_lagarde" = {
home.stateVersion = stateVersion;
imports = self.homeManagerModules."lauren_lagarde@tui.mlaga97.space";
};
extraSpecialArgs = { inherit self pkgs-unstable; };
};
time.timeZone = "America/Chicago";
sops.defaultSopsFile = ./secrets.yaml;
imports = [
inputs.sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.home-manager
../../nixos/features/pi.nix
# Core Features
../../nixos/features/base.nix
../../nixos/features/tui-apps.nix
../../nixos/features/openssh-server.nix
# Core Tweaks
../../nixos/tweaks/zram.nix
../../nixos/tweaks/enable_flakes.nix
../../nixos/tweaks/systemd-resolved_nonsense.nix
# Dotspace
../../dotspace/parts/tinc.nix
# Users
../../users/lauren_lagarde/configuration.nix
../../users/ashley_funkhouser/ashley_funkhouser.nix
# Outpost
../../nixos/tweaks/disable_firewall.nix
../../nixos/tweaks/zfs.nix
];
# TODO: Break this one out, for sure
nix.settings.trusted-users = [
"lauren_lagarde"
];
##############################################################################
##############################################################################
##############################################################################
# Services
services.smartd.enable = lib.mkForce false;
##############################################################################
##############################################################################
##############################################################################
# Networking
networking.useNetworkd = true;
systemd.network = {
enable = true;
};
##############################################################################
# Tinc
sops.secrets."dotspace/${hostName}/keys/tinc/rsa_key.priv" = { sopsFile = ./secrets.yaml; };
sops.secrets."dotspace/${hostName}/keys/tinc/ed25519_key.priv" = { sopsFile = ./secrets.yaml; };
systemd.network.networks."90-tinc" = {
matchConfig.Name = "tinc.dotspace";
address = [ "${tinc-ip}" ];
routes = [ { Destination = "10.86.84.0/24"; } ];
};
services.tinc.networks.dotspace = {
name = hostName;
ed25519PrivateKeyFile = "/run/secrets/dotspace/${hostName}/keys/tinc/ed25519_key.priv";
chroot = false;
settings.ConnectTo = [ "fortress" ];
};
}
Reference in a new issue View git blame Copy permalink