SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 23:29:08 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: SebastianStork:f93908d1570c2c0c21f50a1b2043e407f5e751f2
Branches Tags
SebastianStork:main
SebastianStork:dependabot/github_actions/cachix/cachix-action-17
SebastianStork:deploy
SebastianStork:deployed/srv-core
SebastianStork:deployed/vps-ns
SebastianStork:deployed/vps-www
SebastianStork:testing-srv-core
...
compare: SebastianStork:ae5e7e80400d5768c43b1988af90c7478b26fdc4
Branches Tags
SebastianStork:dependabot/github_actions/cachix/cachix-action-17
SebastianStork:deploy
SebastianStork:deployed/srv-core
SebastianStork:deployed/vps-ns
SebastianStork:deployed/vps-www
SebastianStork:main
SebastianStork:testing-srv-core

3 commits
f93908d157 ... ae5e7e8040

Author SHA1 Message Date
SebastianStork
ae5e7e8040
Fix hostnames by removing string context 2026-02-08 21:22:26 +01:00
SebastianStork
41ed609dc0
external-hosts: Add fairphone 2026-02-08 20:56:33 +01:00
SebastianStork
28e704ceff
Add external host support 2026-02-08 20:55:46 +01:00
15 changed files with 71 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

29
external-hosts/fairphone/default.nix Normal file
View file

@ -0,0 +1,29 @@
{ self, ... }:
{
imports = [ self.nixosModules.default ];
nixpkgs.hostPlatform = "aarch64-linux";
custom = {
networking = {
overlay = {
address = "10.254.250.74";
role = "client";
};
underlay.useDhcp = true;
};
services = {
nebula = {
publicKeyPath = toString ./keys/nebula.pub;
certificatePath = toString ./keys/nebula.crt;
};
syncthing = {
enable = true;
deviceId = "6ROH65D-E65I5F6-URI4OUZ-RCHFC3B-PMBSIHH-5DNLJPS-SYSUWQY-HKYGHQG";
folders = [ "Documents" ];
};
};
};
}

6
external-hosts/fairphone/keys/nebula.crt Normal file
View file

@ -0,0 +1,6 @@
-----BEGIN NEBULA CERTIFICATE V2-----
MIG9oFeACWZhaXJwaG9uZaEHBAUK/vpKGKMTDAZjbGllbnQMCXN5bmN0aGluZ4UE
aYZd9oYEayh99IcgFUP+GVuq3tcsxWoMTgOEhDMlEFpe1AjCbmBFMjtzRWiCIElb
0YB49Bb2JcLlgcwZlPGgzNBIxclJSjQWFW00pdEXg0DPZt5bCLCfd1nPUk6ty6R7
UU+YZkx6A0p26wH8TeOVUIoD/9MxpPgEtewH3CPBZQhKFnmpWzDYgF3/WJY/LkQP
-----END NEBULA CERTIFICATE V2-----

3
external-hosts/fairphone/keys/nebula.pub Normal file
View file

@ -0,0 +1,3 @@
-----BEGIN NEBULA X25519 PUBLIC KEY-----
SVvRgHj0FvYlwuWBzBmU8aDM0EjFyUlKNBYVbTSl0Rc=
-----END NEBULA X25519 PUBLIC KEY-----

26
flake-parts/hosts.nix
View file

@ -6,21 +6,33 @@
}: }:
let let
mkHost = mkHost =
hostName: hostDir:
inputs.nixpkgs.lib.nixosSystem { inputs.nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs self; }; specialArgs = { inherit inputs self; };
modules = modules =
(lib.singleton { networking = { inherit hostName; }; }) (lib.singleton {
networking.hostName = hostDir |> lib.baseNameOf |> lib.unsafeDiscardStringContext;
})
++ ( ++ (
"${self}/hosts/${hostName}" hostDir
|> builtins.readDir |> builtins.readDir
|> lib.attrNames |> lib.attrNames
|> lib.filter (file: file |> lib.hasSuffix ".nix") |> lib.filter (lib.hasSuffix ".nix")
|> lib.map (file: "${self}/hosts/${hostName}/${file}") |> lib.map (file: "${hostDir}/${file}")
); );
}; };
mkHosts =
baseDir:
baseDir
|> builtins.readDir
|> lib.filterAttrs (_: type: type == "directory")
|> lib.mapAttrs (hostName: _: mkHost "${baseDir}/${hostName}");
in in
{ {
flake.nixosConfigurations = flake = {
"${self}/hosts" |> self.lib.listDirectoryNames |> self.lib.genAttrs mkHost; nixosConfigurations = mkHosts "${self}/hosts";
externalConfigurations = mkHosts "${self}/external-hosts";
allHosts = self.nixosConfigurations // self.externalConfigurations;
};
} }

4
flake-parts/sops-config.nix
View file

@ -18,14 +18,14 @@
}; };
hostCreationRules = hostCreationRules =
self.nixosConfigurations self.allHosts
|> lib.attrValues |> lib.attrValues
|> lib.map (host: host.config.custom.sops) |> lib.map (host: host.config.custom.sops)
|> lib.filter (sops: sops.enable) |> lib.filter (sops: sops.enable)
|> lib.map mkCreationRule; |> lib.map mkCreationRule;
userCreationRules = userCreationRules =
self.nixosConfigurations self.allHosts
|> lib.attrValues |> lib.attrValues
|> lib.filter (host: host.config |> lib.hasAttr "home-manager") |> lib.filter (host: host.config |> lib.hasAttr "home-manager")
|> lib.map (host: host.config.home-manager.users.seb.custom.sops) |> lib.map (host: host.config.home-manager.users.seb.custom.sops)

2
justfile
View file

@ -16,7 +16,7 @@ repair:
nix-store --verify --check-contents --repair nix-store --verify --check-contents --repair
repl host='$(hostname)': repl host='$(hostname)':
nix repl .#nixosConfigurations.{{ host }} nix repl .#allHosts.{{ host }}
[group('rebuild')] [group('rebuild')]
rebuild mode: rebuild mode:

2
modules/system/networking/default.nix
View file

@ -18,7 +18,7 @@ in
nodes = lib.mkOption { nodes = lib.mkOption {
type = lib.types.anything; type = lib.types.anything;
default = default =
self.nixosConfigurations self.allHosts
|> lib.attrValues |> lib.attrValues
|> lib.map (host: host.config.custom.networking) |> lib.map (host: host.config.custom.networking)
|> lib.map ( |> lib.map (

2
modules/system/networking/overlay.nix
View file

@ -57,7 +57,7 @@ in
dnsServers = lib.mkOption { dnsServers = lib.mkOption {
type = lib.types.anything; type = lib.types.anything;
default = default =
self.nixosConfigurations self.allHosts
|> lib.attrValues |> lib.attrValues
|> lib.filter (host: host.config.custom.services.dns.enable) |> lib.filter (host: host.config.custom.services.dns.enable)
|> lib.map (host: host.config.custom.networking.overlay.address); |> lib.map (host: host.config.custom.networking.overlay.address);

2
modules/system/services/dns.nix
View file

@ -27,7 +27,7 @@ in
netCfg.nodes netCfg.nodes
|> lib.map (node: "\"${node.hostName}.${node.overlay.domain}. A ${node.overlay.address}\""); |> lib.map (node: "\"${node.hostName}.${node.overlay.domain}. A ${node.overlay.address}\"");
serviceRecords = serviceRecords =
self.nixosConfigurations self.allHosts
|> lib.attrValues |> lib.attrValues
|> lib.concatMap ( |> lib.concatMap (
host: host:

2
modules/system/services/sshd.nix
View file

@ -41,7 +41,7 @@ in
}; };
users.users.seb.openssh.authorizedKeys.keyFiles = users.users.seb.openssh.authorizedKeys.keyFiles =
self.nixosConfigurations self.allHosts
|> lib.attrValues |> lib.attrValues
|> lib.filter (host: host.config.networking.hostName != netCfg.hostName) |> lib.filter (host: host.config.networking.hostName != netCfg.hostName)
|> lib.filter (host: host.config |> lib.hasAttr "home-manager") |> lib.filter (host: host.config |> lib.hasAttr "home-manager")

2
modules/system/services/syncthing.nix
View file

@ -87,7 +87,7 @@ in
settings = settings =
let let
hosts = hosts =
self.nixosConfigurations self.allHosts
|> lib.filterAttrs (_: host: host.config.networking.hostName != config.networking.hostName) |> lib.filterAttrs (_: host: host.config.networking.hostName != config.networking.hostName)
|> lib.filterAttrs (_: host: host.config.custom.services.syncthing.enable); |> lib.filterAttrs (_: host: host.config.custom.services.syncthing.enable);
in in

2
modules/system/web-services/gatus.nix
View file

@ -173,7 +173,7 @@ in
web-services.gatus.endpoints = web-services.gatus.endpoints =
let let
defaultEndpoints = defaultEndpoints =
self.nixosConfigurations self.allHosts
|> lib.mapAttrs ( |> lib.mapAttrs (
_: host: _: host:
host.config.custom.services.caddy.virtualHosts |> lib.attrValues |> lib.map (vHost: vHost.domain) host.config.custom.services.caddy.virtualHosts |> lib.attrValues |> lib.map (vHost: vHost.domain)

8
profiles/core.nix
View file

@ -112,12 +112,4 @@
sshd.enable = true; sshd.enable = true;
}; };
}; };
services.syncthing.settings = {
devices."fairphone" = {
id = "6ROH65D-E65I5F6-URI4OUZ-RCHFC3B-PMBSIHH-5DNLJPS-SYSUWQY-HKYGHQG";
addresses = "tcp://10.254.250.74:22000";
};
folders."Documents".devices = [ config.services.syncthing.settings.devices."fairphone".name ];
};
} }

2
scripts/nebula/recert-all-hosts.nix
View file

@ -9,7 +9,7 @@ pkgs.writeShellApplication {
]; ];
text = '' text = ''
hosts="$(nix eval .#nixosConfigurations --apply 'builtins.attrNames' --json | jq -r '.[]')" hosts="$(nix eval .#allHosts --apply 'builtins.attrNames' --json | jq -r '.[]')"
if ! declare -px BW_SESSION >/dev/null 2>&1; then if ! declare -px BW_SESSION >/dev/null 2>&1; then
BW_SESSION="$(bw unlock --raw || bw login --raw)" BW_SESSION="$(bw unlock --raw || bw login --raw)"

8
scripts/nebula/recert-host.nix
View file

@ -14,11 +14,11 @@ pkgs.writeShellApplication {
fi fi
host="$1" host="$1"
address="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.networking.overlay.cidr")" address="$(nix eval --raw ".#allHosts.$host.config.custom.networking.overlay.cidr")"
groups="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.services.nebula.groups" --apply 'builtins.concatStringsSep ","')" groups="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.groups" --apply 'builtins.concatStringsSep ","')"
ca_cert='modules/system/services/nebula/ca.crt' ca_cert='modules/system/services/nebula/ca.crt'
host_pub="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.services.nebula.publicKeyPath")" host_pub="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.publicKeyPath")"
host_cert="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.services.nebula.certificatePath")" host_cert="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.certificatePath")"
host_cert="''${host_cert#*-source/}" host_cert="''${host_cert#*-source/}"
if [[ $# -eq 2 ]]; then if [[ $# -eq 2 ]]; then