Jaculabilis
/
nixos-configs
1
1
Fork 0
Code Releases Activity

Compare commits

base: Jaculabilis:bda35d7da4b1b7fcec2c5d2ee7073921fcc4dc9d
Branches Tags
Jaculabilis:master
Jaculabilis:guesshtbook
Jaculabilis:syncthings
Jaculabilis:backyard
Jaculabilis:machine/workeric
Jaculabilis:machine/serveric
..
compare: Jaculabilis:5470f2672df0f259dc06441cbcee554f0be32a3f
Branches Tags
Jaculabilis:master
Jaculabilis:guesshtbook
Jaculabilis:syncthings
Jaculabilis:backyard
Jaculabilis:machine/workeric
Jaculabilis:machine/serveric

6 Commits
bda35d7da4 ... 5470f2672d

Author SHA1 Message Date
Tim Van Baak 5470f2672d Enable defaults.nebula 2023-08-02 17:27:42 +00:00
Tim Van Baak 504d1a4283 Enable defaults.tvb 2023-08-02 17:19:54 +00:00
Tim Van Baak a4089b030f Enable defaults.ssh, leave defaults.programs 2023-08-02 17:12:05 +00:00
Tim Van Baak 83cbd95c95 Enable defaults.i18n 2023-08-02 17:09:23 +00:00
Tim Van Baak 72720464ec Enable defaults.time 2023-08-02 17:07:00 +00:00
Tim Van Baak 13090dd594 Add beatific module to catacomb 2023-08-02 17:03:35 +00:00
2 changed files with 10 additions and 42 deletions
Show Stats Expand all files Collapse all files

5
flake.nix
View File

@ -43,7 +43,10 @@
};
catacomb = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [ ./machine/catacomb ];
modules = [
self.nixosModules.beatific
./machine/catacomb
];
};
empyrean = nixpkgs-next.lib.nixosSystem {
system = "x86_64-linux";

47
machine/catacomb/default.nix
View File

@ -8,6 +8,8 @@ in {
./fileserver.nix
];
beatific.hostName = "catacomb";
boot = {
loader = {
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
@ -23,9 +25,7 @@ in {
swapDevices = [ { device = "/swap"; size = 1024; } ];
console.keyMap = "us";
i18n.defaultLocale = "en_US.UTF-8";
beatific.defaults.programs = false; # Disabled until I know the flask-python env isn't necessary for something
environment.systemPackages = with pkgs;
let
py3-packages = python-packages: with python-packages; [
@ -46,12 +46,10 @@ in {
];
networking = {
hostName = "catacomb";
hostId = "beeeeee5";
firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [ 22 139 445 ];
allowedTCPPorts = [ 139 445 ];
allowedUDPPorts = [ 137 138 ];
};
};
@ -71,15 +69,7 @@ in {
];
};
services.openssh = {
enable = true;
passwordAuthentication = true;
};
services.ntp = {
enable = true;
servers = ["time.nist.gov"];
};
services.openssh.passwordAuthentication = true;
services.rsyncd.enable = true;
@ -161,22 +151,6 @@ in {
};
};
services.nebula.networks.beatific = lib.recursiveUpdate beatific.nebula-defaults {
enable = true;
# Network certificate and host credentials
ca = "/etc/nebula/beatific/beatific.crt";
cert = "/etc/nebula/beatific/catacomb.crt";
key = "/etc/nebula/beatific/catacomb.key";
# Connect to the lighthouse at empyrean
# Note that this is a VPN address, not a public address
lighthouses = [ beatific.empyrean-vpn-ip ];
# Map the lighthouse address to its public address
staticHostMap = beatific.empyrean-host-map;
};
services.zfs = {
autoScrub = {
enable = true;
@ -190,16 +164,8 @@ in {
};
users.users.tvb = {
isNormalUser = true;
uid = 1001;
password = "badpassword";
extraGroups = ["wheel" "nas"];
openssh.authorizedKeys.keyFiles = [
../../keys/tvb.palamas.pub
../../keys/tvb.stagirite.pub
../../keys/tvb.vagrant.pub
../../keys/tvb.empyrean.pub
];
extraGroups = [ "nas" ];
};
users.users.katydid = {
@ -208,5 +174,4 @@ in {
};
nix.settings.cores = 4;
nix.extraOptions = "experimental-features = nix-command flakes";
}