jorah: add host
This commit is contained in:
parent
05ae8bb0f2
commit
538706d3f7
55
hosts/jorah.cx.ts.hillion.co.uk/default.nix
Normal file
55
hosts/jorah.cx.ts.hillion.co.uk/default.nix
Normal file
@ -0,0 +1,55 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../modules/common/default.nix
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
config = {
|
||||
system.stateVersion = "23.05";
|
||||
|
||||
networking.hostName = "jorah";
|
||||
networking.domain = "cx.ts.hillion.co.uk";
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
## Custom Services
|
||||
custom.locations.autoServe = true;
|
||||
|
||||
## Networking
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
networks."enp5s0".extraConfig = ''
|
||||
[Match]
|
||||
Name = enp5s0
|
||||
[Network]
|
||||
Address = 2a01:4f9:4b:3953::2/64
|
||||
Gateway = fe80::1
|
||||
'';
|
||||
};
|
||||
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = lib.mkForce [
|
||||
22 # SSH
|
||||
];
|
||||
allowedUDPPorts = lib.mkForce [ ];
|
||||
interfaces = {
|
||||
enp5s0 = {
|
||||
allowedTCPPorts = lib.mkForce [
|
||||
];
|
||||
allowedUDPPorts = lib.mkForce [
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
## Tailscale
|
||||
age.secrets."tailscale/jorah.cx.ts.hillion.co.uk".file = ../../secrets/tailscale/jorah.cx.ts.hillion.co.uk.age;
|
||||
custom.tailscale = {
|
||||
enable = true;
|
||||
preAuthKeyFile = config.age.secrets."tailscale/jorah.cx.ts.hillion.co.uk".path;
|
||||
};
|
||||
};
|
||||
}
|
40
hosts/jorah.cx.ts.hillion.co.uk/hardware-configuration.nix
Normal file
40
hosts/jorah.cx.ts.hillion.co.uk/hardware-configuration.nix
Normal file
@ -0,0 +1,40 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{
|
||||
device = "/dev/nvme0n1p2";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/4D7E-8DE8";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
1
hosts/jorah.cx.ts.hillion.co.uk/system
Normal file
1
hosts/jorah.cx.ts.hillion.co.uk/system
Normal file
@ -0,0 +1 @@
|
||||
x86_64-linux
|
@ -12,6 +12,7 @@ let
|
||||
co = {
|
||||
hillion = {
|
||||
ts = {
|
||||
cx = { jorah = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILA9Hp37ljgVRZwjXnTh+XqRuQWk23alOqe7ptwSr2A5 root@jorah"; };
|
||||
home = {
|
||||
microserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPPOCPqXm5a+vGB6PsJFvjKNgjLhM5MxrwCy6iHGRjXw root@microserver";
|
||||
router = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlCj/i2xprN6h0Ik2tthOJQy6Qwq3Ony73+yfbHYTFu root@router";
|
||||
@ -35,11 +36,12 @@ in
|
||||
|
||||
# Tailscale Pre-Auth Keys
|
||||
"tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ];
|
||||
"tailscale/jorah.cx.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
|
||||
"tailscale/microserver.home.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.home.microserver ];
|
||||
"tailscale/microserver.parents.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.parents.microserver ];
|
||||
"tailscale/router.home.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.home.router ];
|
||||
"tailscale/vm.strangervm.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
|
||||
"tailscale/tywin.storage.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
||||
"tailscale/vm.strangervm.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
|
||||
|
||||
# Resilio Sync Secrets
|
||||
## Encrypted Resilio Sync Secrets
|
||||
|
23
secrets/tailscale/jorah.cx.ts.hillion.co.uk.age
Normal file
23
secrets/tailscale/jorah.cx.ts.hillion.co.uk.age
Normal file
@ -0,0 +1,23 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
kqQ9ovZi1Wqf7hz75QB+v8oLr5oRT4Uce7juM+R04CrOOGn1O6DkQtVeFa4Q7Ho0
|
||||
DTYeaP3jTR8zo7poTI323q8FbQ/dLG4jxBFafDZJZlXGEThVLnhNYqZZSjiCJHma
|
||||
hUn8nSC0y6AdA+lMn8tvZcaivaYpPtT+bALXtvxZ6rTo+mTbJrVRxPY5FZdmdmCC
|
||||
Z1h3UFZoyuAO9VWQKtPO3o0Ijh+L7e+TFdRl1YowGB+hvZdJ08AkPXrwIEUMnnMA
|
||||
+e/FA5HxHgvi6ud8RTcAkaecYt0l/vKDgBON9ESfHIMuS+vNk5GKT7a+ImKmfb4/
|
||||
o2cSmR8y/+J5z4MEBcj/Vg
|
||||
-> ssh-rsa K9mW1w
|
||||
veHh0OpoW3Hnvy9k7NwANMae2StqGcohTI9hfeHNi7mR6wHly1HqOD9U7eijVYIC
|
||||
qvKJsk7sEO8NyAVqLWqrvdq9bLkgTgsNWQsXbulY8VHhwZMIko9YYIZeJv8Um9Bz
|
||||
q4QiwJW1KoLItqJNR9c1ZLRfwHaLZwKTThAKMjgt5KFiN5NJYb9CLbAZi4eG1hi0
|
||||
PsIP/S/dsUKAeN6Bz2JZ4HB0jsvyPiQLr2p4q5nfEKybJEmjOfc9Z7TjwZTNlC0Y
|
||||
0MKVarhwFqsMIP63gTYZisacAhmsG7DoLFA5eHf0VPa1KjqFait0dG+zuojehMfj
|
||||
uifZFGahsWaAMg+oq+/Cvg
|
||||
-> ssh-ed25519 Qo6/7A sLXu4pSLH2lnzLYVzisN9Zl/EW1jL21Km6kPZO0/Zjk
|
||||
chDyf7Sb5GtSVi3TmfYpwwFbI3PhoOnxS5lRcqQGwyY
|
||||
-> Y1-grease ,Lz| "Uil>z36 -K
|
||||
xfFD+uEZIkGkysF3HdMkMbhsPnu+Cnu6o8tT0lq8rdSOn26V6Fj5CZi1muuD7d2c
|
||||
BLtH1vyQx4M71Hb6PmKu7+s5V9xsJqKxtDqx/6iAc9uZnbmeU27nsA
|
||||
--- YXh9Kl4PGetzx8qsLJa5gTO3W7UNtio1tXs/HXS271U
|
||||
Þûa…kž+J+/û€áñ<1A>ÍKÅbÄä‰éù|Ï$MäåÒ{NýÇ]¦ï=ö7Ïß@ƒ›—<E280BA>(h.ql2¢X}]ê,¦'ùN ÙCô!Æ;ØW£±
|
||||
äû·Dï
|
Loading…
Reference in New Issue
Block a user