Compare commits
No commits in common. "5470f2672df0f259dc06441cbcee554f0be32a3f" and "bda35d7da4b1b7fcec2c5d2ee7073921fcc4dc9d" have entirely different histories.
5470f2672d
...
bda35d7da4
|
@ -43,10 +43,7 @@
|
||||||
};
|
};
|
||||||
catacomb = nixpkgs.lib.nixosSystem {
|
catacomb = nixpkgs.lib.nixosSystem {
|
||||||
system = "aarch64-linux";
|
system = "aarch64-linux";
|
||||||
modules = [
|
modules = [ ./machine/catacomb ];
|
||||||
self.nixosModules.beatific
|
|
||||||
./machine/catacomb
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
empyrean = nixpkgs-next.lib.nixosSystem {
|
empyrean = nixpkgs-next.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
|
|
@ -8,8 +8,6 @@ in {
|
||||||
./fileserver.nix
|
./fileserver.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
beatific.hostName = "catacomb";
|
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
loader = {
|
loader = {
|
||||||
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
|
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
|
||||||
|
@ -25,7 +23,9 @@ in {
|
||||||
|
|
||||||
swapDevices = [ { device = "/swap"; size = 1024; } ];
|
swapDevices = [ { device = "/swap"; size = 1024; } ];
|
||||||
|
|
||||||
beatific.defaults.programs = false; # Disabled until I know the flask-python env isn't necessary for something
|
console.keyMap = "us";
|
||||||
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
|
||||||
environment.systemPackages = with pkgs;
|
environment.systemPackages = with pkgs;
|
||||||
let
|
let
|
||||||
py3-packages = python-packages: with python-packages; [
|
py3-packages = python-packages: with python-packages; [
|
||||||
|
@ -46,10 +46,12 @@ in {
|
||||||
];
|
];
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
|
hostName = "catacomb";
|
||||||
hostId = "beeeeee5";
|
hostId = "beeeeee5";
|
||||||
firewall = {
|
firewall = {
|
||||||
enable = true;
|
enable = true;
|
||||||
allowedTCPPorts = [ 139 445 ];
|
allowPing = true;
|
||||||
|
allowedTCPPorts = [ 22 139 445 ];
|
||||||
allowedUDPPorts = [ 137 138 ];
|
allowedUDPPorts = [ 137 138 ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -69,7 +71,15 @@ in {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.openssh.passwordAuthentication = true;
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
passwordAuthentication = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.ntp = {
|
||||||
|
enable = true;
|
||||||
|
servers = ["time.nist.gov"];
|
||||||
|
};
|
||||||
|
|
||||||
services.rsyncd.enable = true;
|
services.rsyncd.enable = true;
|
||||||
|
|
||||||
|
@ -151,6 +161,22 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.nebula.networks.beatific = lib.recursiveUpdate beatific.nebula-defaults {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
# Network certificate and host credentials
|
||||||
|
ca = "/etc/nebula/beatific/beatific.crt";
|
||||||
|
cert = "/etc/nebula/beatific/catacomb.crt";
|
||||||
|
key = "/etc/nebula/beatific/catacomb.key";
|
||||||
|
|
||||||
|
# Connect to the lighthouse at empyrean
|
||||||
|
# Note that this is a VPN address, not a public address
|
||||||
|
lighthouses = [ beatific.empyrean-vpn-ip ];
|
||||||
|
|
||||||
|
# Map the lighthouse address to its public address
|
||||||
|
staticHostMap = beatific.empyrean-host-map;
|
||||||
|
};
|
||||||
|
|
||||||
services.zfs = {
|
services.zfs = {
|
||||||
autoScrub = {
|
autoScrub = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -164,8 +190,16 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.tvb = {
|
users.users.tvb = {
|
||||||
|
isNormalUser = true;
|
||||||
uid = 1001;
|
uid = 1001;
|
||||||
extraGroups = [ "nas" ];
|
password = "badpassword";
|
||||||
|
extraGroups = ["wheel" "nas"];
|
||||||
|
openssh.authorizedKeys.keyFiles = [
|
||||||
|
../../keys/tvb.palamas.pub
|
||||||
|
../../keys/tvb.stagirite.pub
|
||||||
|
../../keys/tvb.vagrant.pub
|
||||||
|
../../keys/tvb.empyrean.pub
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.katydid = {
|
users.users.katydid = {
|
||||||
|
@ -174,4 +208,5 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
nix.settings.cores = 4;
|
nix.settings.cores = 4;
|
||||||
|
nix.extraOptions = "experimental-features = nix-command flakes";
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue