JakeHillion/nixos
1
0
Fork 0
Code Issues 7 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

jorah.cx: delete
All checks were successful
flake / flake (push) Successful in 1m17s
Details

Browse Source
This commit is contained in:
Jake Hillion 2024-05-21 22:38:26 +01:00
parent 55ade830a8
commit 8123653a92
10 changed files with 3 additions and 209 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
hosts/jorah.cx.ts.hillion.co.uk/default.nix
View File

@ -1,106 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports = [
./hardware-configuration.nix
];
config = {
system.stateVersion = "23.05";
networking.hostName = "jorah";
networking.domain = "cx.ts.hillion.co.uk";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
custom.defaults = true;
## Impermanence
custom.impermanence.enable = true;
## Custom Services
custom = {
locations.autoServe = true;
services = {
gitea.actions = {
enable = true;
tokenSecret = ../../secrets/gitea/actions/jorah.age;
};
};
};
services.nsd.interfaces = [
"95.217.229.104"
"2a01:4f9:4b:3953::2"
];
services.foldingathome = {
enable = true;
user = "JakeH"; # https://stats.foldingathome.org/donor/id/357021
daemonNiceLevel = 19;
};
## Enable ZRAM to help with root on tmpfs
zramSwap = {
enable = true;
memoryPercent = 200;
algorithm = "zstd";
};
## Filesystems
services.btrfs.autoScrub = {
enable = true;
interval = "Tue, 02:00";
# By default both /data and /nix would be scrubbed. They are the same filesystem so this is wasteful.
fileSystems = [ "/data" ];
};
## Networking
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = true;
"net.ipv6.conf.all.forwarding" = true;
};
networking = {
useDHCP = false;
interfaces = {
enp5s0 = {
name = "eth0";
useDHCP = true;
ipv6.addresses = [{
address = "2a01:4f9:4b:3953::2";
prefixLength = 64;
}];
};
};
defaultGateway6 = {
address = "fe80::1";
interface = "eth0";
};
};
networking.firewall = {
trustedInterfaces = [ "tailscale0" ];
allowedTCPPorts = lib.mkForce [ ];
allowedUDPPorts = lib.mkForce [ ];
interfaces = {
eth0 = {
allowedTCPPorts = lib.mkForce [
53 # DNS
];
allowedUDPPorts = lib.mkForce [
53 # DNS
];
};
};
};
## Tailscale
age.secrets."tailscale/jorah.cx.ts.hillion.co.uk".file = ../../secrets/tailscale/jorah.cx.ts.hillion.co.uk.age;
services.tailscale = {
enable = true;
authKeyFile = config.age.secrets."tailscale/jorah.cx.ts.hillion.co.uk".path;
};
};
}

48
hosts/jorah.cx.ts.hillion.co.uk/hardware-configuration.nix
View File

@ -1,48 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "tmpfs";
fsType = "tmpfs";
options = [ "mode=0755" ];
};
fileSystems."/nix" =
{
device = "/dev/disk/by-id/nvme-KXG60ZNV512G_TOSHIBA_106S10VHT9LM_1-part2";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/data" =
{
device = "/dev/disk/by-id/nvme-KXG60ZNV512G_TOSHIBA_106S10VHT9LM_1-part2";
fsType = "btrfs";
options = [ "subvol=data" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/4D7E-8DE8";
fsType = "vfat";
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

1
hosts/jorah.cx.ts.hillion.co.uk/system
View File

@ -1 +0,0 @@
x86_64-linux

2
modules/dns.nix
View File

@ -40,7 +40,6 @@ in
ts = {
cx = {
boron = "100.113.188.46";
jorah = "100.96.143.138";
};
home = {
microserver = "100.105.131.47";
@ -65,7 +64,6 @@ in
ts = {
cx = {
boron = "fd7a:115c:a1e0::2a01:bc2f";
jorah = "fd7a:115c:a1e0:ab12:4843:cd96:6260:8f8a";
};
home = {
microserver = "fd7a:115c:a1e0:ab12:4843:cd96:6269:832f";

7
modules/locations.nix
View File

@ -19,10 +19,7 @@ in
{
custom.locations.locations = {
services = {
authoritative_dns = [
"boron.cx.ts.hillion.co.uk"
"jorah.cx.ts.hillion.co.uk"
];
authoritative_dns = [ "boron.cx.ts.hillion.co.uk" ];
downloads = "tywin.storage.ts.hillion.co.uk";
gitea = "boron.cx.ts.hillion.co.uk";
homeassistant = "microserver.home.ts.hillion.co.uk";
@ -33,7 +30,7 @@ in
"microserver.home.ts.hillion.co.uk"
];
unifi = "boron.cx.ts.hillion.co.uk";
version_tracker = [ "boron.cx.ts.hillion.co.uk" "jorah.cx.ts.hillion.co.uk" ];
version_tracker = [ "boron.cx.ts.hillion.co.uk" ];
};
};
}

1
modules/ssh/default.nix
View File

@ -43,7 +43,6 @@ in
"dancefloor.dancefloor.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEXkGueVYKr2wp/VHo2QLis0kmKtc/Upg3pGoHr6RkzY";
"gendry.jakehillion.terminals.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPXM5aDvNv4MTITXAvJWSS2yvr/mbxJE31tgwJtcl38c";
"homeassistant.homeassistant.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM2ytacl/zYXhgvosvhudsl0zW5eQRHXm9aMqG9adux";
"jorah.cx.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILA9Hp37ljgVRZwjXnTh+XqRuQWk23alOqe7ptwSr2A5";
"li.pop.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQWgcDFL9UZBDKHPiEGepT1Qsc4gz3Pee0/XVHJ6V6u";
"microserver.home.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPPOCPqXm5a+vGB6PsJFvjKNgjLhM5MxrwCy6iHGRjXw";
"router.home.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlCj/i2xprN6h0Ik2tthOJQy6Qwq3Ony73+yfbHYTFu";

19
secrets/gitea/actions/jorah.age
View File

@ -1,19 +0,0 @@
age-encryption.org/v1
-> ssh-rsa GxPFJQ
IULcxHpUsH6OI4cfixNPM89VJNcVkK+Z8IpgjzRspSyKc5N7jox6DYSbcuPsjGs7
aS2JYOKOx4hYW9aL3B+tef2I24+NzMDTCT31g9gvuLA0wSMWBoFwVodPbfj1ekHy
wDUK5XrgyJtFrwTrvuklGYpb/qIEG//k7M/342C9QqfNesv9nULQ6P7+r7jJvxIW
sOo6qWHFqD/wIiwtLYiX3pOWC6m91L1QNGVh+9/t58YU8RLsgLm2+2vyg13mKya1
UktTKZbhgRXyUJb7h+vVgDKjAnwqnIDL8asCSDuoSRDBcCxwgSpTDOxAEn9X2oJx
6S3JLQDhWLlIYrqmVT1aGg
-> ssh-rsa K9mW1w
hbVlu640hhzR9rJi4b+1c+/V+EilbmwWaNzV7/0+a9BQusTf413hffhk8QXvuze8
04LuVctZW5L5B1eOCIeziHc6F5CyAjTsaEDM8SeKGmFjKccjdcSUdbsql87KR5Id
/drK41oNA6NlmWrLz3YaSz7A9F+B5lgsJDWgXhMFK3Hru8+gnBQPXkwT/IuQLWI1
sXhJN/dHrBsQ5Cc+fRO7/r6u3jiQ1DOS85qQHStsYYXqea0pfiu5wpPdGZVuECwa
/R3+ov1JOTK4T3W8TIqOU9ODJxWT697Nv64c8dV3Hq5ymEKkvmZpp1C1/QoCW2EY
Nk7PF5zM95SM/IdECQjJGQ
-> ssh-ed25519 Qo6/7A 3gQq8TrBY/7Evlu+q6awqBFjG9m5b7ED+dolo8CJCE4
JdbLYPo875DQyocjOaVmWQPdgWssuz/T6DJNqgFF020
--- 0si8/IY1PiYgcmtTFDqu0cj7dW6DFqvgirY0tiSZfdA
ûÈA©®¦£Ž®¬(]ý¸7£ÆüùÙÚqp0<70>„5Èc“ý$$æW|ß%`§/uXûɈ\~â!åléedäþDg˜ .<2E>i•]§­§)l>EÌ

5
secrets/secrets.nix
View File

@ -14,7 +14,6 @@ let
ts = {
cx = {
boron = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtcJ7HY/vjtheMV8EN2wlTw1hU53CJebGIeRJcSkzt5 root@boron";
jorah = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILA9Hp37ljgVRZwjXnTh+XqRuQWk23alOqe7ptwSr2A5 root@jorah";
};
home = {
microserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPPOCPqXm5a+vGB6PsJFvjKNgjLhM5MxrwCy6iHGRjXw root@microserver";
@ -48,7 +47,6 @@ in
"tailscale/be.lt.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.lt.be ];
"tailscale/boron.cx.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.cx.boron ];
"tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ];
"tailscale/jorah.cx.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
"tailscale/microserver.home.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.home.microserver ];
"tailscale/li.pop.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.pop.li ];
"tailscale/router.home.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.home.router ];
@ -97,7 +95,7 @@ in
"storj/auth.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
# Version tracker secrets
"version_tracker/ssh.key.age".publicKeys = jake_users ++ [ ts.cx.boron ts.cx.jorah ];
"version_tracker/ssh.key.age".publicKeys = jake_users ++ [ ts.cx.boron ];
# Home Automation secrets
"mqtt/zigbee2mqtt.age".publicKeys = jake_users ++ [ ts.home.router ];
@ -117,7 +115,6 @@ in
"gitea/security_internal_token.age".publicKeys = jake_users ++ [ ts.cx.boron ];
"gitea/actions/boron.age".publicKeys = jake_users ++ [ ts.cx.boron ];
"gitea/actions/jorah.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
# HomeAssistant Secrets
"homeassistant/secrets.yaml.age".publicKeys = jake_users ++ [ ts.home.microserver ];

23
secrets/tailscale/jorah.cx.ts.hillion.co.uk.age
View File

@ -1,23 +0,0 @@
age-encryption.org/v1
-> ssh-rsa GxPFJQ
kqQ9ovZi1Wqf7hz75QB+v8oLr5oRT4Uce7juM+R04CrOOGn1O6DkQtVeFa4Q7Ho0
DTYeaP3jTR8zo7poTI323q8FbQ/dLG4jxBFafDZJZlXGEThVLnhNYqZZSjiCJHma
hUn8nSC0y6AdA+lMn8tvZcaivaYpPtT+bALXtvxZ6rTo+mTbJrVRxPY5FZdmdmCC
Z1h3UFZoyuAO9VWQKtPO3o0Ijh+L7e+TFdRl1YowGB+hvZdJ08AkPXrwIEUMnnMA
+e/FA5HxHgvi6ud8RTcAkaecYt0l/vKDgBON9ESfHIMuS+vNk5GKT7a+ImKmfb4/
o2cSmR8y/+J5z4MEBcj/Vg
-> ssh-rsa K9mW1w
veHh0OpoW3Hnvy9k7NwANMae2StqGcohTI9hfeHNi7mR6wHly1HqOD9U7eijVYIC
qvKJsk7sEO8NyAVqLWqrvdq9bLkgTgsNWQsXbulY8VHhwZMIko9YYIZeJv8Um9Bz
q4QiwJW1KoLItqJNR9c1ZLRfwHaLZwKTThAKMjgt5KFiN5NJYb9CLbAZi4eG1hi0
PsIP/S/dsUKAeN6Bz2JZ4HB0jsvyPiQLr2p4q5nfEKybJEmjOfc9Z7TjwZTNlC0Y
0MKVarhwFqsMIP63gTYZisacAhmsG7DoLFA5eHf0VPa1KjqFait0dG+zuojehMfj
uifZFGahsWaAMg+oq+/Cvg
-> ssh-ed25519 Qo6/7A sLXu4pSLH2lnzLYVzisN9Zl/EW1jL21Km6kPZO0/Zjk
chDyf7Sb5GtSVi3TmfYpwwFbI3PhoOnxS5lRcqQGwyY
-> Y1-grease ,Lz| "Uil>z36 -K
xfFD+uEZIkGkysF3HdMkMbhsPnu+Cnu6o8tT0lq8rdSOn26V6Fj5CZi1muuD7d2c
BLtH1vyQx4M71Hb6PmKu7+s5V9xsJqKxtDqx/6iAc9uZnbmeU27nsA
--- YXh9Kl4PGetzx8qsLJa5gTO3W7UNtio1tXs/HXS271U
Þûa…kž+J+/û€áñ<1A>ÍKÅbÄä‰éù|Ï$MäåÒ{NýÇ]¦ï=ö7Ïß@ƒ<E280BA>(h.ql2 ¢X}]ê,¦'ùN ÙCô!Æ;ØW£±
äû·Dï

BIN
secrets/version_tracker/ssh.key.age
View File

Binary file not shown.