SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 22:29:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: SebastianStork:f93908d1570c2c0c21f50a1b2043e407f5e751f2
Branches Tags
SebastianStork:main
SebastianStork:dependabot/github_actions/cachix/cachix-action-17
SebastianStork:deploy
SebastianStork:deployed/srv-core
SebastianStork:deployed/vps-ns
SebastianStork:deployed/vps-www
SebastianStork:testing-srv-core
...
compare: SebastianStork:ae5e7e80400d5768c43b1988af90c7478b26fdc4
Branches Tags
SebastianStork:dependabot/github_actions/cachix/cachix-action-17
SebastianStork:deploy
SebastianStork:deployed/srv-core
SebastianStork:deployed/vps-ns
SebastianStork:deployed/vps-www
SebastianStork:main
SebastianStork:testing-srv-core

3 commits
f93908d157 ... ae5e7e8040

Author SHA1 Message Date
SebastianStork
ae5e7e8040
Fix hostnames by removing string context 2026-02-08 21:22:26 +01:00
SebastianStork
41ed609dc0
external-hosts: Add fairphone 2026-02-08 20:56:33 +01:00
SebastianStork
28e704ceff
Add external host support 2026-02-08 20:55:46 +01:00
15 changed files with 71 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

29
external-hosts/fairphone/default.nix Normal file
View file

@ -0,0 +1,29 @@
{ self, ... }:
{
imports = [ self.nixosModules.default ];
nixpkgs.hostPlatform = "aarch64-linux";
custom = {
networking = {
overlay = {
address = "10.254.250.74";
role = "client";
};
underlay.useDhcp = true;
};
services = {
nebula = {
publicKeyPath = toString ./keys/nebula.pub;
certificatePath = toString ./keys/nebula.crt;
};
syncthing = {
enable = true;
deviceId = "6ROH65D-E65I5F6-URI4OUZ-RCHFC3B-PMBSIHH-5DNLJPS-SYSUWQY-HKYGHQG";
folders = [ "Documents" ];
};
};
};
}

6
external-hosts/fairphone/keys/nebula.crt Normal file
View file

@ -0,0 +1,6 @@
-----BEGIN NEBULA CERTIFICATE V2-----
MIG9oFeACWZhaXJwaG9uZaEHBAUK/vpKGKMTDAZjbGllbnQMCXN5bmN0aGluZ4UE
aYZd9oYEayh99IcgFUP+GVuq3tcsxWoMTgOEhDMlEFpe1AjCbmBFMjtzRWiCIElb
0YB49Bb2JcLlgcwZlPGgzNBIxclJSjQWFW00pdEXg0DPZt5bCLCfd1nPUk6ty6R7
UU+YZkx6A0p26wH8TeOVUIoD/9MxpPgEtewH3CPBZQhKFnmpWzDYgF3/WJY/LkQP
-----END NEBULA CERTIFICATE V2-----

3
external-hosts/fairphone/keys/nebula.pub Normal file
View file

@ -0,0 +1,3 @@
-----BEGIN NEBULA X25519 PUBLIC KEY-----
SVvRgHj0FvYlwuWBzBmU8aDM0EjFyUlKNBYVbTSl0Rc=
-----END NEBULA X25519 PUBLIC KEY-----

26
flake-parts/hosts.nix
View file

@ -6,21 +6,33 @@
}:
let
mkHost =
hostName:
hostDir:
inputs.nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs self; };
modules =
(lib.singleton { networking = { inherit hostName; }; })
(lib.singleton {
networking.hostName = hostDir |> lib.baseNameOf |> lib.unsafeDiscardStringContext;
})
++ (
"${self}/hosts/${hostName}"
hostDir
|> builtins.readDir
|> lib.attrNames
|> lib.filter (file: file |> lib.hasSuffix ".nix")
|> lib.map (file: "${self}/hosts/${hostName}/${file}")
|> lib.filter (lib.hasSuffix ".nix")
|> lib.map (file: "${hostDir}/${file}")
);
};
mkHosts =
baseDir:
baseDir
|> builtins.readDir
|> lib.filterAttrs (_: type: type == "directory")
|> lib.mapAttrs (hostName: _: mkHost "${baseDir}/${hostName}");
in
{
flake.nixosConfigurations =
"${self}/hosts" |> self.lib.listDirectoryNames |> self.lib.genAttrs mkHost;
flake = {
nixosConfigurations = mkHosts "${self}/hosts";
externalConfigurations = mkHosts "${self}/external-hosts";
allHosts = self.nixosConfigurations // self.externalConfigurations;
};
}

4
flake-parts/sops-config.nix
View file

@ -18,14 +18,14 @@
};
hostCreationRules =
self.nixosConfigurations
self.allHosts
|> lib.attrValues
|> lib.map (host: host.config.custom.sops)
|> lib.filter (sops: sops.enable)
|> lib.map mkCreationRule;
userCreationRules =
self.nixosConfigurations
self.allHosts
|> lib.attrValues
|> lib.filter (host: host.config |> lib.hasAttr "home-manager")
|> lib.map (host: host.config.home-manager.users.seb.custom.sops)

2
justfile
View file

@ -16,7 +16,7 @@ repair:
nix-store --verify --check-contents --repair
repl host='$(hostname)':
nix repl .#nixosConfigurations.{{ host }}
nix repl .#allHosts.{{ host }}
[group('rebuild')]
rebuild mode:

2
modules/system/networking/default.nix
View file

@ -18,7 +18,7 @@ in
nodes = lib.mkOption {
type = lib.types.anything;
default =
self.nixosConfigurations
self.allHosts
|> lib.attrValues
|> lib.map (host: host.config.custom.networking)
|> lib.map (

2
modules/system/networking/overlay.nix
View file

@ -57,7 +57,7 @@ in
dnsServers = lib.mkOption {
type = lib.types.anything;
default =
self.nixosConfigurations
self.allHosts
|> lib.attrValues
|> lib.filter (host: host.config.custom.services.dns.enable)
|> lib.map (host: host.config.custom.networking.overlay.address);

2
modules/system/services/dns.nix
View file

@ -27,7 +27,7 @@ in
netCfg.nodes
|> lib.map (node: "\"${node.hostName}.${node.overlay.domain}. A ${node.overlay.address}\"");
serviceRecords =
self.nixosConfigurations
self.allHosts
|> lib.attrValues
|> lib.concatMap (
host:

2
modules/system/services/sshd.nix
View file

@ -41,7 +41,7 @@ in
};
users.users.seb.openssh.authorizedKeys.keyFiles =
self.nixosConfigurations
self.allHosts
|> lib.attrValues
|> lib.filter (host: host.config.networking.hostName != netCfg.hostName)
|> lib.filter (host: host.config |> lib.hasAttr "home-manager")

2
modules/system/services/syncthing.nix
View file

@ -87,7 +87,7 @@ in
settings =
let
hosts =
self.nixosConfigurations
self.allHosts
|> lib.filterAttrs (_: host: host.config.networking.hostName != config.networking.hostName)
|> lib.filterAttrs (_: host: host.config.custom.services.syncthing.enable);
in

2
modules/system/web-services/gatus.nix
View file

@ -173,7 +173,7 @@ in
web-services.gatus.endpoints =
let
defaultEndpoints =
self.nixosConfigurations
self.allHosts
|> lib.mapAttrs (
_: host:
host.config.custom.services.caddy.virtualHosts |> lib.attrValues |> lib.map (vHost: vHost.domain)

8
profiles/core.nix
View file

@ -112,12 +112,4 @@
sshd.enable = true;
};
};
services.syncthing.settings = {
devices."fairphone" = {
id = "6ROH65D-E65I5F6-URI4OUZ-RCHFC3B-PMBSIHH-5DNLJPS-SYSUWQY-HKYGHQG";
addresses = "tcp://10.254.250.74:22000";
};
folders."Documents".devices = [ config.services.syncthing.settings.devices."fairphone".name ];
};
}

2
scripts/nebula/recert-all-hosts.nix
View file

@ -9,7 +9,7 @@ pkgs.writeShellApplication {
];
text = ''
hosts="$(nix eval .#nixosConfigurations --apply 'builtins.attrNames' --json | jq -r '.[]')"
hosts="$(nix eval .#allHosts --apply 'builtins.attrNames' --json | jq -r '.[]')"
if ! declare -px BW_SESSION >/dev/null 2>&1; then
BW_SESSION="$(bw unlock --raw || bw login --raw)"

8
scripts/nebula/recert-host.nix
View file

@ -14,11 +14,11 @@ pkgs.writeShellApplication {
fi
host="$1"
address="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.networking.overlay.cidr")"
groups="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.services.nebula.groups" --apply 'builtins.concatStringsSep ","')"
address="$(nix eval --raw ".#allHosts.$host.config.custom.networking.overlay.cidr")"
groups="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.groups" --apply 'builtins.concatStringsSep ","')"
ca_cert='modules/system/services/nebula/ca.crt'
host_pub="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.services.nebula.publicKeyPath")"
host_cert="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.services.nebula.certificatePath")"
host_pub="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.publicKeyPath")"
host_cert="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.certificatePath")"
host_cert="''${host_cert#*-source/}"
if [[ $# -eq 2 ]]; then