Enable defaults.nebula

flake.nix

@@ -43,7 +43,10 @@
       };
       catacomb = nixpkgs.lib.nixosSystem {
         system = "aarch64-linux";
-        modules = [ ./machine/catacomb ];
+        modules = [
+          self.nixosModules.beatific
+          ./machine/catacomb
+        ];
       };
       empyrean = nixpkgs-next.lib.nixosSystem {
         system = "x86_64-linux";

machine/catacomb/default.nix

@@ -8,6 +8,8 @@ in {
     ./fileserver.nix
   ];
 
+  beatific.hostName = "catacomb";
+
   boot = {
     loader = {
       # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
@@ -23,9 +25,7 @@ in {
 
   swapDevices = [ { device = "/swap"; size = 1024; } ];
 
-  console.keyMap = "us";
+  beatific.defaults.programs = false; # Disabled until I know the flask-python env isn't necessary for something
-  i18n.defaultLocale = "en_US.UTF-8";
-
   environment.systemPackages = with pkgs;
   let
     py3-packages = python-packages: with python-packages; [
@@ -46,12 +46,10 @@ in {
   ];
 
   networking = {
-    hostName = "catacomb";
     hostId = "beeeeee5";
     firewall = {
       enable = true;
-      allowPing = true;
+      allowedTCPPorts = [ 139 445 ];
-      allowedTCPPorts = [ 22 139 445 ];
       allowedUDPPorts = [ 137 138 ];
     };
   };
@@ -71,15 +69,7 @@ in {
       ];
   };
 
-  services.openssh = {
+  services.openssh.passwordAuthentication = true;
-    enable = true;
-    passwordAuthentication = true;
-  };
-
-  services.ntp = {
-    enable = true;
-    servers = ["time.nist.gov"];
-  };
 
   services.rsyncd.enable = true;
 
@@ -161,22 +151,6 @@ in {
       };
     };
 
-  services.nebula.networks.beatific = lib.recursiveUpdate beatific.nebula-defaults {
-    enable = true;
-
-    # Network certificate and host credentials
-    ca = "/etc/nebula/beatific/beatific.crt";
-    cert = "/etc/nebula/beatific/catacomb.crt";
-    key = "/etc/nebula/beatific/catacomb.key";
-
-    # Connect to the lighthouse at empyrean
-    # Note that this is a VPN address, not a public address
-    lighthouses = [ beatific.empyrean-vpn-ip ];
-
-    # Map the lighthouse address to its public address
-    staticHostMap = beatific.empyrean-host-map;
-  };
-
   services.zfs = {
     autoScrub = {
       enable = true;
@@ -190,16 +164,8 @@ in {
   };
 
   users.users.tvb = {
-    isNormalUser = true;
     uid = 1001;
-    password = "badpassword";
+    extraGroups = [ "nas" ];
-    extraGroups = ["wheel" "nas"];
-    openssh.authorizedKeys.keyFiles = [
-      ../../keys/tvb.palamas.pub
-      ../../keys/tvb.stagirite.pub
-      ../../keys/tvb.vagrant.pub
-      ../../keys/tvb.empyrean.pub
-    ];
   };
 
   users.users.katydid = {
@@ -208,5 +174,4 @@ in {
   };
 
   nix.settings.cores = 4;
-  nix.extraOptions = "experimental-features = nix-command flakes";
 }