This commit is contained in:
parent
d7398e38df
commit
89dade473a
55
hosts/theon.storage.ts.hillion.co.uk/default.nix
Normal file
55
hosts/theon.storage.ts.hillion.co.uk/default.nix
Normal file
@ -0,0 +1,55 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../modules/common/default.nix
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
config = {
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
networking.hostName = "theon";
|
||||
networking.domain = "storage.ts.hillion.co.uk";
|
||||
|
||||
boot.loader.grub.enable = false;
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
|
||||
## Custom Services
|
||||
custom = {
|
||||
locations.autoServe = true;
|
||||
};
|
||||
|
||||
## Networking
|
||||
systemd.network.enable = true;
|
||||
|
||||
networking.firewall = {
|
||||
trustedInterfaces = [ "tailscale0" ];
|
||||
allowedTCPPorts = lib.mkForce [
|
||||
22 # SSH
|
||||
];
|
||||
allowedUDPPorts = lib.mkForce [ ];
|
||||
interfaces = {
|
||||
end0 = {
|
||||
allowedTCPPorts = lib.mkForce [ ];
|
||||
allowedUDPPorts = lib.mkForce [ ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
## Tailscale
|
||||
age.secrets."tailscale/theon.storage.ts.hillion.co.uk".file = ../../secrets/tailscale/theon.storage.ts.hillion.co.uk.age;
|
||||
custom.tailscale = {
|
||||
enable = true;
|
||||
preAuthKeyFile = config.age.secrets."tailscale/theon.storage.ts.hillion.co.uk".path;
|
||||
ipv4Addr = "100.104.142.22";
|
||||
ipv6Addr = "fd7a:115c:a1e0::4aa8:8e16";
|
||||
};
|
||||
|
||||
## Packages
|
||||
environment.systemPackages = with pkgs; [
|
||||
scrub
|
||||
smartmontools
|
||||
];
|
||||
};
|
||||
}
|
@ -0,0 +1,33 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ahci" "usbhid" "usb_storage" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
||||
}
|
1
hosts/theon.storage.ts.hillion.co.uk/system
Normal file
1
hosts/theon.storage.ts.hillion.co.uk/system
Normal file
@ -0,0 +1 @@
|
||||
aarch64-linux
|
@ -20,7 +20,10 @@ let
|
||||
parents = { microserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0cjjNQPnJwpu4wcYmvfjB1jlIfZwMxT+3nBusoYQFr root@microserver"; };
|
||||
strangervm = { vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINb9mgyD/G3Rt6lvO4c0hoaVOlLE8e3+DUfAoB1RI5cy root@vm"; };
|
||||
terminals = { jakehillion = { gendry = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPXM5aDvNv4MTITXAvJWSS2yvr/mbxJE31tgwJtcl38c root@gendry"; }; };
|
||||
storage = { tywin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGATsjWO0qZNFp2BhfgDuWi+e/ScMkFxp79N2OZoed1k root@tywin"; };
|
||||
storage = {
|
||||
tywin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGATsjWO0qZNFp2BhfgDuWi+e/ScMkFxp79N2OZoed1k root@tywin";
|
||||
theon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN59psLVu3/sQORA4x3p8H3ei8MCQlcwX5T+k3kBeBMf root@theon";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -40,6 +43,7 @@ in
|
||||
"tailscale/microserver.home.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.home.microserver ];
|
||||
"tailscale/microserver.parents.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.parents.microserver ];
|
||||
"tailscale/router.home.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.home.router ];
|
||||
"tailscale/theon.storage.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.storage.theon ];
|
||||
"tailscale/tywin.storage.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
||||
"tailscale/vm.strangervm.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
|
||||
|
||||
|
20
secrets/tailscale/theon.storage.ts.hillion.co.uk.age
Normal file
20
secrets/tailscale/theon.storage.ts.hillion.co.uk.age
Normal file
@ -0,0 +1,20 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
PbIoYTLjFIqRoDRLerINlVGT3cAakwHPMDgQ9DCQw2Hpf0PuyKuVRJ3mNn4yxLjZ
|
||||
wW/7XC1qjP0qZusSRDpvrE1fP0+hC8CUUgbUfmtRSfeElzOofzro8E1NO3mQcfMb
|
||||
3m1XjITU2BAh56PZZIpoddhnTa2g6T5C/Csoor2vbz4H6DwiO9NRg4UyRXPVko7e
|
||||
jzRO8ezusAj88wmRD3VpZJ8HEN/gFxmeq4mm9FDgmk9u7K3W5RdGe5wEUMxaagG1
|
||||
IOaWwKHBYk0ZxfWFal3hXpgESJBAKiXm0TZE6tE2rO2R+KqHD4ylnLTJ4PZAOYTW
|
||||
bNFzcy7RrG01qm8pL5JJqg
|
||||
-> ssh-rsa K9mW1w
|
||||
PhYhNlRRprjlUvdez3aMOLlcGAHLpbyeZj2LCaBq3GzyLa8oOAbOUFD5D/R/ciX7
|
||||
K2M+ce34FBEsscqohuswXaKgoJYmp9dP3HGZOoqcIm6H8J5FS5SgzSDgFHn8uFzL
|
||||
lsMfEoX/43T6fhEnSFZuFlbNPT6V7uVYFKnggPSqz/k76rZd0O6X8Ragm8cPAerF
|
||||
M2f7zKDI48HhpQsymKJ7sFgmYWGDBXJixmkdSjonjed1GMQduWe6qFOxNyHrrjMD
|
||||
QPqo16rHlpkBZKbmoDJmrSqD25zSPqWxqcaIXhAOP2fpSOHKBViAxha/5yLwpTEv
|
||||
CWy8V0n/Jezu1K03G/T6Tw
|
||||
-> ssh-ed25519 7BDG9A aPLGHCgQu1s1T2VsbsR3SrdsZfSGGBu53p+1Zk6SXUw
|
||||
H5wp6cwozBKWg5OjuU9Z/fcFL+M47CDq//uJTUrWhYI
|
||||
--- +M8iL1TV9vJ77ICrEj9hZboRsJ1Se7yZIBvrt8eDX2U
|
||||
EŠŠ¸S~F9-µxàÇpJàÀoQ—%e\Äkã\,
|
||||
,[<5B>ð|“Ú<E2809C>\‡–<E280A1>ùjÍÈÙ[`‹· ¾: É°ó~²A‰‚ÚÓw<C393>AçüÝÿÂ;´?&<26>Y›þÏÿ{
|
Loading…
Reference in New Issue
Block a user