Compare commits
No commits in common. "5470f2672df0f259dc06441cbcee554f0be32a3f" and "bda35d7da4b1b7fcec2c5d2ee7073921fcc4dc9d" have entirely different histories.
5470f2672d
...
bda35d7da4
|
|
@ -43,10 +43,7 @@
|
|||
};
|
||||
catacomb = nixpkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
self.nixosModules.beatific
|
||||
./machine/catacomb
|
||||
];
|
||||
modules = [ ./machine/catacomb ];
|
||||
};
|
||||
empyrean = nixpkgs-next.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
|
|
|
|||
|
|
@ -8,8 +8,6 @@ in {
|
|||
./fileserver.nix
|
||||
];
|
||||
|
||||
beatific.hostName = "catacomb";
|
||||
|
||||
boot = {
|
||||
loader = {
|
||||
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
|
||||
|
|
@ -25,7 +23,9 @@ in {
|
|||
|
||||
swapDevices = [ { device = "/swap"; size = 1024; } ];
|
||||
|
||||
beatific.defaults.programs = false; # Disabled until I know the flask-python env isn't necessary for something
|
||||
console.keyMap = "us";
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
|
||||
environment.systemPackages = with pkgs;
|
||||
let
|
||||
py3-packages = python-packages: with python-packages; [
|
||||
|
|
@ -46,10 +46,12 @@ in {
|
|||
];
|
||||
|
||||
networking = {
|
||||
hostName = "catacomb";
|
||||
hostId = "beeeeee5";
|
||||
firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 139 445 ];
|
||||
allowPing = true;
|
||||
allowedTCPPorts = [ 22 139 445 ];
|
||||
allowedUDPPorts = [ 137 138 ];
|
||||
};
|
||||
};
|
||||
|
|
@ -69,7 +71,15 @@ in {
|
|||
];
|
||||
};
|
||||
|
||||
services.openssh.passwordAuthentication = true;
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
passwordAuthentication = true;
|
||||
};
|
||||
|
||||
services.ntp = {
|
||||
enable = true;
|
||||
servers = ["time.nist.gov"];
|
||||
};
|
||||
|
||||
services.rsyncd.enable = true;
|
||||
|
||||
|
|
@ -151,6 +161,22 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
services.nebula.networks.beatific = lib.recursiveUpdate beatific.nebula-defaults {
|
||||
enable = true;
|
||||
|
||||
# Network certificate and host credentials
|
||||
ca = "/etc/nebula/beatific/beatific.crt";
|
||||
cert = "/etc/nebula/beatific/catacomb.crt";
|
||||
key = "/etc/nebula/beatific/catacomb.key";
|
||||
|
||||
# Connect to the lighthouse at empyrean
|
||||
# Note that this is a VPN address, not a public address
|
||||
lighthouses = [ beatific.empyrean-vpn-ip ];
|
||||
|
||||
# Map the lighthouse address to its public address
|
||||
staticHostMap = beatific.empyrean-host-map;
|
||||
};
|
||||
|
||||
services.zfs = {
|
||||
autoScrub = {
|
||||
enable = true;
|
||||
|
|
@ -164,8 +190,16 @@ in {
|
|||
};
|
||||
|
||||
users.users.tvb = {
|
||||
isNormalUser = true;
|
||||
uid = 1001;
|
||||
extraGroups = [ "nas" ];
|
||||
password = "badpassword";
|
||||
extraGroups = ["wheel" "nas"];
|
||||
openssh.authorizedKeys.keyFiles = [
|
||||
../../keys/tvb.palamas.pub
|
||||
../../keys/tvb.stagirite.pub
|
||||
../../keys/tvb.vagrant.pub
|
||||
../../keys/tvb.empyrean.pub
|
||||
];
|
||||
};
|
||||
|
||||
users.users.katydid = {
|
||||
|
|
@ -174,4 +208,5 @@ in {
|
|||
};
|
||||
|
||||
nix.settings.cores = 4;
|
||||
nix.extraOptions = "experimental-features = nix-command flakes";
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue