microserver.parents -> li.pop

README.md

@@ -10,3 +10,4 @@ Raspberry Pi images that support Tailscale and headless SSH can be built using a
     nixos-generate -f sd-aarch64-installer --system aarch64-linux -c hosts/microserver.home.ts.hillion.co.uk/default.nix
     cp SOME_OUTPUT out.img.zst
 
+Alternatively, a Raspberry Pi image with headless SSH can be easily built using the logic in [this repo](https://github.com/Robertof/nixos-docker-sd-image-builder/tree/master).

hosts/li.pop.ts.hillion.co.uk/default.nix

@@ -0,0 +1,38 @@
+{ config, pkgs, lib, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ../../modules/common/default.nix
+    ../../modules/rpi/rpi4.nix
+  ];
+
+  config = {
+    system.stateVersion = "23.11";
+
+    networking.hostName = "li";
+    networking.domain = "pop.ts.hillion.co.uk";
+
+    # Networking
+    ## Tailscale
+    age.secrets."tailscale/li.pop.ts.hillion.co.uk".file = ../../secrets/tailscale/li.pop.ts.hillion.co.uk.age;
+    services.tailscale = {
+      enable = true;
+      authKeyFile = config.age.secrets."tailscale/li.pop.ts.hillion.co.uk".path;
+      useRoutingFeatures = "server";
+      extraUpFlags = [ "--advertise-routes" "192.168.1.0/24" ];
+    };
+
+    ## Enable ZRAM to make up for 2GB of RAM
+    zramSwap = {
+      enable = true;
+      memoryPercent = 200;
+      algorithm = "zstd";
+    };
+
+    ## Run a persistent iperf3 server
+    services.iperf3.enable = true;
+    services.iperf3.openFirewall = true;
+  };
+}
+

hosts/microserver.parents.ts.hillion.co.uk/default.nix

@@ -1,42 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  imports = [
-    ./hardware-configuration.nix
-    ../../modules/common/default.nix
-    ../../modules/rpi/rpi4.nix
-  ];
-
-  config = {
-    system.stateVersion = "22.05";
-
-    networking.hostName = "microserver";
-    networking.domain = "parents.ts.hillion.co.uk";
-
-    # Networking
-    ## Tailscale
-    age.secrets."tailscale/microserver.parents.ts.hillion.co.uk".file = ../../secrets/tailscale/microserver.parents.ts.hillion.co.uk.age;
-    custom.tailscale = {
-      enable = true;
-      preAuthKeyFile = config.age.secrets."tailscale/microserver.parents.ts.hillion.co.uk".path;
-      advertiseRoutes = [ "192.168.1.0/24" ];
-    };
-
-    ## Enable IP forwarding for Tailscale
-    boot.kernel.sysctl = {
-      "net.ipv4.ip_forward" = true;
-    };
-
-    ## Enable ZRAM to make up for 2GB of RAM
-    zramSwap = {
-      enable = true;
-      memoryPercent = 200;
-      algorithm = "zstd";
-    };
-
-    ## Run a persistent iperf3 server
-    services.iperf3.enable = true;
-    services.iperf3.openFirewall = true;
-  };
-}
-

modules/common/ssh.nix

@@ -30,8 +30,8 @@
     "gendry.jakehillion.terminals.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPXM5aDvNv4MTITXAvJWSS2yvr/mbxJE31tgwJtcl38c";
     "homeassistant.homeassistant.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM2ytacl/zYXhgvosvhudsl0zW5eQRHXm9aMqG9adux";
     "jorah.cx.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILA9Hp37ljgVRZwjXnTh+XqRuQWk23alOqe7ptwSr2A5";
+    "li.pop.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQWgcDFL9UZBDKHPiEGepT1Qsc4gz3Pee0/XVHJ6V6u";
     "microserver.home.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPPOCPqXm5a+vGB6PsJFvjKNgjLhM5MxrwCy6iHGRjXw";
-    "microserver.parents.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0cjjNQPnJwpu4wcYmvfjB1jlIfZwMxT+3nBusoYQFr";
     "router.home.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlCj/i2xprN6h0Ik2tthOJQy6Qwq3Ony73+yfbHYTFu";
     "theon.storage.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN59psLVu3/sQORA4x3p8H3ei8MCQlcwX5T+k3kBeBMf";
     "tywin.storage.ts.hillion.co.uk".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGATsjWO0qZNFp2BhfgDuWi+e/ScMkFxp79N2OZoed1k";

secrets/secrets.nix

@@ -17,7 +17,7 @@ let
               microserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPPOCPqXm5a+vGB6PsJFvjKNgjLhM5MxrwCy6iHGRjXw root@microserver";
               router = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlCj/i2xprN6h0Ik2tthOJQy6Qwq3Ony73+yfbHYTFu root@router";
             };
-            parents = { microserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0cjjNQPnJwpu4wcYmvfjB1jlIfZwMxT+3nBusoYQFr root@microserver"; };
+            pop = { li = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQWgcDFL9UZBDKHPiEGepT1Qsc4gz3Pee0/XVHJ6V6u root@li"; };
             terminals = { jakehillion = { gendry = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPXM5aDvNv4MTITXAvJWSS2yvr/mbxJE31tgwJtcl38c root@gendry"; }; };
             storage = {
               tywin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGATsjWO0qZNFp2BhfgDuWi+e/ScMkFxp79N2OZoed1k root@tywin";
@@ -40,7 +40,7 @@ in
   "tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ];
   "tailscale/jorah.cx.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
   "tailscale/microserver.home.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.home.microserver ];
-  "tailscale/microserver.parents.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.parents.microserver ];
+  "tailscale/li.pop.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.pop.li ];
   "tailscale/router.home.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.home.router ];
   "tailscale/theon.storage.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.storage.theon ];
   "tailscale/tywin.storage.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.storage.tywin ];

secrets/tailscale/li.pop.ts.hillion.co.uk.age

@@ -0,0 +1,20 @@
+age-encryption.org/v1
+-> ssh-rsa GxPFJQ
+SQTBZLqLSZF1qk3F6YHkohBdxBA7Rc0sA8ztZcgSu6b1QtAeMR+WCPjF4faxdGnd
+gIh4gJoiC7iF3GTr280VuyeldqelBd7xGJ8V84+WXL9v3br7+o3qNIYPwoFBogx1
+DBV4if3l1w8Pi4haUkxibagN2p+bv5MBxF+gwd3axUaROR94L2HPemqS6WlL1sui
+hOtTUrSMOUu55Hh6E+LjFEsZDym3NQLc85CS9Cm0tM+bV1J+O++CiYdwsRcTG7Iv
+uuA+XSp1xngYnutgzkdB0Gnx4GELU+g7qGAU9ax1xEFufMXw9bSECiWpK5geupyr
+3djMf7PfkMx0e4N2z7UmsQ
+-> ssh-rsa K9mW1w
+JCmqBB+NorRVGbVMQDz4nWN46P9h33qpG5qZ9R10NYUNZbTwQF+h9akIT379ZGrG
+dZ/22wsS1qOESXbLU3l7JIQDnGP/sxhgU9Alm8fQtbahxtLBSNvju1hqa/Z7oa+Z
++U+Bynd+8qPfEAxMKDf3Y+y4h+17NO7ijA2trLgIrqMnTVm4bR8plEBkIMC++LB4
+Vg7ze7w9gTVO6WYi2ybUnrrsRbrCl/GbKjtb+THERXGVNoR+ID4OzuhCj2hT0cLA
+xFNhZxIkUNriYd9WLa3+fmQFCWBCsnSfYCS3Qzh+jeiJbIDR+klpUJVIxweJRdDZ
+EscWQivkscSKsUBD7679Nw
+-> ssh-ed25519 f268Tw E3UlXQTE/yDbBaukFto15hBb1kyudXA7cDFR658qsDY
+dCPqHkoHvKK6+prYaOBSyymqYRcePUH5BfhjoMcQIzk
+--- B9msRbaSxQPJ8DgWPsAq3OudbwAWMYGhSJt8AHbgU/4
+ê.¾ºAt@¤\ºF<C2BA>ìd¸š%†fËÂbpÙ
¢~ÁQáF¶
+$×éì.m<>“Ó,m<ÅFÄ©Oü’l=µ#Ííü‹=³_zŸ%fx<7F><78>5|ס®:èSU[_£.øg

secrets/tailscale/microserver.parents.ts.hillion.co.uk.age

@@ -1,22 +0,0 @@
-age-encryption.org/v1
--> ssh-rsa GxPFJQ
-Yo+wHpsHuYC66kQSt1gxE/e8PZrJLI97cOdxCn7idrkgQn4cgI3ikbx+biKq+7Jy
-nASaMD/EEiOd3Ryjj+0o/4BJP21iP6tH2QUYhzZ3kVvxYhd9mhtgckWaUO1NqTE0
-OIxVRBlAQWs0T8PP0WJrEL8H4ig5cmdWzfeLPKTMpph7laI0HDJf0DLZAH1XpcBa
-SppQxSj6ob3wie2ixKBjiRUkdoGe2rdV+WFkWro1+EAobI36CBmmPMTNLTrBgKDT
-ANGvxRkODzdH0SaBCNJtuNZRU+k25z+izX9Mxnw4VRAMYr63lUKgVCz8NbuLHinf
-hRnGZ1Stn8FFrkzyTV+SFA
--> ssh-rsa K9mW1w
-ioraEWZ19bulZJ2vaiNbKe9f9hZBaE9U8HX10Q7oRXAsJ+MS5x1kcgUk5Afnvymp
-O6z3peH7cgEkWGAVN9eN71WY3l+V5CieV06tGNVKYdQZpXpeN/maJbIosbzqvy5N
-6rTp3IaRO2/5DY+EEDGOrqXBJpAo6GtcalgDOnCylnIjarCqdCfo3poWtmRfZd5l
-bN0pEo97MeQRJ4qJYvLggX0XkZfiRgRTHLw18NHmotxEGqDhITAaGb8LLPnVazOm
-yafG6umoICz/hrXSDZG4iYdEjOEI+Wt6z6IQWGXjtRrqGMbgniTMHL2r0F4wrlfh
-gRLqGXy4dCJt7sui1KzJ/Q
--> ssh-ed25519 aDuQXQ oK470iNVMGm67Na1vWSNTEZm5YBpX2+Td5Ef587HFWM
-oWMRqa2FuIHbdAAJ6w+J7YpE0LAyxEhvLW3vxG4G0rw
--> T{-grease
-og2ZkuZjLYtA1ZZeFGJjojtiHBf4BarCmFCkrufoPJVw4V0+Ib6UA7IVnz3bPlth
-jQwc8tS/RwO80DqAdjq+csYJ1KsrrwJAeB12a0aMjQrDipM
---- vZLN8TNIsg4EaR8FnjfSXZN+J7tkCG/pYJQePQIZLgM
-%.å±(<28>rtpfÙ¸gë™VÌ8ðKO2Ãpz[÷…*@ZíÛÝ|ê'ûy6\^·§ƒoöò©yµ8†vÞZêÍ.“›?¶L·ˆå:eÙÙ·Ú= €ôÝ„¬[uí