diff --git a/flake.nix b/flake.nix index 79b0a57..a3186be 100644 --- a/flake.nix +++ b/flake.nix @@ -45,52 +45,43 @@ # NixOS configuration entrypoint # Available through 'nixos-rebuild --flake .#your-hostname' nixosConfigurations = { - laptop = nixpkgs.lib.nixosSystem { + legacy = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs outputs; - myhostname = "laptop"; + myhostname = "legacy"; }; modules = [ - ./maskiner/laptop/configuration.nix + ./maskiner/legacy/configuration.nix ]; }; - desktop = nixpkgs.lib.nixosSystem { + node = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs outputs; - myhostname = "desktop"; + myhostname = "node"; }; modules = [ - ./maskiner/desktop/configuration.nix + ./maskiner/node/configuration.nix sops-nix.nixosModules.sops ]; }; - jobb = nixpkgs.lib.nixosSystem { + core = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs outputs; - myhostname = "jobb"; + myhostname = "core"; }; modules = [ - ./maskiner/jobb/configuration.nix + ./maskiner/core/configuration.nix stylix.nixosModules.stylix home-manager.nixosModules.home-manager sops-nix.nixosModules.sops ]; }; - work-desktop = nixpkgs.lib.nixosSystem { + archive = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs outputs; - myhostname = "work-desktop"; + myhostname = "archive"; }; - modules = [ - ./maskiner/work-desktop/configuration.nix - ]; - }; - macmini = nixpkgs.lib.nixosSystem { - specialArgs = { - inherit inputs outputs; - myhostname = "macmini"; - }; - modules = [ ./maskiner/macmini/configuration.nix ]; + modules = [ ./maskiner/archive/configuration.nix ]; }; }; }; diff --git a/maskiner/macmini/alloy-systemd.yaml b/maskiner/archive/alloy-systemd.yaml similarity index 100% rename from maskiner/macmini/alloy-systemd.yaml rename to maskiner/archive/alloy-systemd.yaml diff --git a/maskiner/macmini/configuration.nix b/maskiner/archive/configuration.nix similarity index 95% rename from maskiner/macmini/configuration.nix rename to maskiner/archive/configuration.nix index e63a1cc..09330ce 100644 --- a/maskiner/macmini/configuration.nix +++ b/maskiner/archive/configuration.nix @@ -18,12 +18,12 @@ ]; alloy = { - enable = true; - configPath = ./alloy-systemd.yaml; + enable = true; + configPath = ./alloy-systemd.yaml; }; nixpkgs.config.permittedInsecurePackages = [ - "broadcom-sta-6.30.223.271-57-6.12.45" + "broadcom-sta-6.30.223.271-57-6.12.47" ]; nix.settings = { diff --git a/maskiner/macmini/hardware-configuration.nix b/maskiner/archive/hardware-configuration.nix similarity index 100% rename from maskiner/macmini/hardware-configuration.nix rename to maskiner/archive/hardware-configuration.nix diff --git a/maskiner/jobb/configuration.nix b/maskiner/core/configuration.nix similarity index 88% rename from maskiner/jobb/configuration.nix rename to maskiner/core/configuration.nix index 75daa37..22e00b9 100644 --- a/maskiner/jobb/configuration.nix +++ b/maskiner/core/configuration.nix @@ -26,11 +26,12 @@ in ../../moduler/lsp.nix ../../moduler/hyprland.nix ../../moduler/sound.nix - ../../moduler/programs/kubernetes-tools.nix + ../../moduler/programs/kubernetes-tools.nix ]; kubernetes-tools.enable = true; + sops.defaultSopsFile = ../../secrets/sops.yaml; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.secrets.gandi_key = { @@ -46,14 +47,14 @@ in }; programs.ssh.knownHosts = { - desktop = { - extraHostNames = [ "192.168.1.227" ]; - publicKeyFile = ../../keys/rsa_pubkey; - }; - "192.168.1.227" = { - publicKeyFile = ../../keys/rsa_pubkey; - }; - }; + desktop = { + extraHostNames = [ "192.168.1.227" ]; + publicKeyFile = ../../keys/rsa_pubkey; + }; + "192.168.1.227" = { + publicKeyFile = ../../keys/rsa_pubkey; + }; + }; home-manager.extraSpecialArgs = { inherit inputs pkgs; }; home-manager.users.fw = { diff --git a/maskiner/jobb/configuration.nix.bak b/maskiner/core/configuration.nix.bak similarity index 100% rename from maskiner/jobb/configuration.nix.bak rename to maskiner/core/configuration.nix.bak diff --git a/maskiner/jobb/hardware-configuration.nix b/maskiner/core/hardware-configuration.nix similarity index 100% rename from maskiner/jobb/hardware-configuration.nix rename to maskiner/core/hardware-configuration.nix diff --git a/maskiner/jobb/hardware-configuration.nix.bak b/maskiner/core/hardware-configuration.nix.bak similarity index 100% rename from maskiner/jobb/hardware-configuration.nix.bak rename to maskiner/core/hardware-configuration.nix.bak diff --git a/maskiner/laptop/configuration.nix b/maskiner/legacy/configuration.nix similarity index 100% rename from maskiner/laptop/configuration.nix rename to maskiner/legacy/configuration.nix diff --git a/maskiner/laptop/hardware-configuration.nix b/maskiner/legacy/hardware-configuration.nix similarity index 100% rename from maskiner/laptop/hardware-configuration.nix rename to maskiner/legacy/hardware-configuration.nix diff --git a/maskiner/desktop/alloy-systemd.yaml b/maskiner/node/alloy-systemd.yaml similarity index 100% rename from maskiner/desktop/alloy-systemd.yaml rename to maskiner/node/alloy-systemd.yaml diff --git a/maskiner/desktop/configuration.nix b/maskiner/node/configuration.nix similarity index 94% rename from maskiner/desktop/configuration.nix rename to maskiner/node/configuration.nix index ff4a471..8af7c08 100644 --- a/maskiner/desktop/configuration.nix +++ b/maskiner/node/configuration.nix @@ -20,7 +20,7 @@ ../../moduler/signal.nix ../../moduler/uptime-kuma.nix ../../moduler/services/monitoring - ../../moduler/services/wireguard-server + ../../moduler/services/headscale # ../../moduler/wastring.nix ]; @@ -38,18 +38,22 @@ domain = "grafana.wastring.com"; }; + headscale = { + enable = true; + }; + prometheus = { enable = true; - exporters.enable = true; + exporters.enable = true; }; loki = { - enable = true; + enable = true; }; alloy = { - enable = true; - configPath = ./alloy-systemd.yaml; + enable = true; + configPath = ./alloy-systemd.yaml; }; nix.settings = { diff --git a/maskiner/desktop/hardware-configuration.nix b/maskiner/node/hardware-configuration.nix similarity index 100% rename from maskiner/desktop/hardware-configuration.nix rename to maskiner/node/hardware-configuration.nix diff --git a/maskiner/work-desktop/configuration.nix b/maskiner/work-desktop/configuration.nix deleted file mode 100644 index 636bf1e..0000000 --- a/maskiner/work-desktop/configuration.nix +++ /dev/null @@ -1,114 +0,0 @@ -# This is your system's configuration file. -# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) -{ - inputs, - lib, - config, - pkgs, - myhostname, - ... -}: -{ - # You can import other NixOS modules here - imports = [ - ./hardware-configuration.nix - ../../moduler/openssh.nix - ../../moduler/users.nix - ../../moduler/dev.nix - ../../moduler/lsp.nix - ../../moduler/network.nix - ../../moduler/system.nix - ../../moduler/k3s.nix - ]; - nixpkgs = { - overlays = [ - ]; - config = { - allowUnfree = true; - }; - }; - - nix.registry = (lib.mapAttrs (_: flake: { inherit flake; })) ( - (lib.filterAttrs (_: lib.isType "flake")) inputs - ); - nix.nixPath = [ "/etc/nix/path" ]; - users.defaultUserShell = pkgs.bash; - programs.fish.enable = true; - programs.bash = { - interactiveShellInit = '' - if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] - then - shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" - exec ${pkgs.fish}/bin/fish $LOGIN_OPTION - fi - ''; - }; - environment.etc = lib.mapAttrs' (name: value: { - name = "nix/path/${name}"; - value.source = value.flake; - }) config.nix.registry; - - nix.settings = { - experimental-features = "nix-command flakes"; - auto-optimise-store = true; - }; - - - - # virtualisation.containers.enable = true; - virtualisation = { - # podman = { - # enable = true; - # - # # Create a `docker` alias for podman, to use it as a drop-in replacement - # dockerCompat = true; - # - # # Required for containers under podman-compose to be able to talk to each other. - # defaultNetwork.settings.dns_enabled = true; - # }; - docker = { - enable = true; - liveRestore = false; - }; - }; - - networking.networkmanager.enable = true; - - environment.sessionVariables = { - EDITOR = "nvim"; - VISUAL = "nvim"; - TERM = "xterm-256color"; - }; - - time.timeZone = "Europe/Stockholm"; - - fonts.packages = with pkgs; [ - nerd-fonts.comic-shanns-mono - nerd-fonts.fira-code - ]; - - i18n.defaultLocale = "en_US.UTF-8"; - i18n.extraLocaleSettings = { - LC_ADDRESS = "sv_SE.UTF-8"; - LC_IDENTIFICATION = "sv_SE.UTF-8"; - LC_MEASUREMENT = "sv_SE.UTF-8"; - LC_MONETARY = "sv_SE.UTF-8"; - LC_NAME = "sv_SE.UTF-8"; - LC_NUMERIC = "sv_SE.UTF-8"; - LC_PAPER = "sv_SE.UTF-8"; - LC_TELEPHONE = "sv_SE.UTF-8"; - LC_TIME = "sv_SE.UTF-8"; - }; - - console.keyMap = "sv-latin1"; -boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sda"; - boot.loader.grub.useOSProber = true; - - - networking.hostName = myhostname; - - services.xserver.dpi = 140; - - system.stateVersion = "25.05"; -} diff --git a/maskiner/work-desktop/configuration.nix.bak b/maskiner/work-desktop/configuration.nix.bak deleted file mode 100644 index d757cfa..0000000 --- a/maskiner/work-desktop/configuration.nix.bak +++ /dev/null @@ -1,101 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.hostName = "nixos"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Enable networking - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "Europe/Stockholm"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "sv_SE.UTF-8"; - LC_IDENTIFICATION = "sv_SE.UTF-8"; - LC_MEASUREMENT = "sv_SE.UTF-8"; - LC_MONETARY = "sv_SE.UTF-8"; - LC_NAME = "sv_SE.UTF-8"; - LC_NUMERIC = "sv_SE.UTF-8"; - LC_PAPER = "sv_SE.UTF-8"; - LC_TELEPHONE = "sv_SE.UTF-8"; - LC_TIME = "sv_SE.UTF-8"; - }; - - # Configure keymap in X11 - services.xserver.xkb = { - layout = "se"; - variant = ""; - }; - - # Configure console keymap - console.keyMap = "sv-latin1"; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.fw = { - isNormalUser = true; - description = "Fredrik Wastring"; - extraGroups = [ "networkmanager" "wheel" ]; - packages = with pkgs; []; - }; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - wget - git -ssh - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? - -} diff --git a/maskiner/work-desktop/hardware-configuration.nix b/maskiner/work-desktop/hardware-configuration.nix deleted file mode 100644 index 0d01336..0000000 --- a/maskiner/work-desktop/hardware-configuration.nix +++ /dev/null @@ -1,31 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/a73a76fd-122b-4b72-904c-0c2ab22c36b1"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens18.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/moduler/base.nix b/moduler/base.nix index c3a0ced..b7646a3 100644 --- a/moduler/base.nix +++ b/moduler/base.nix @@ -92,6 +92,13 @@ enable = true; }; + services.tailscale.enable = true; + networking.firewall = { + checkReversePath = "loose"; + trustedInterfaces = [ "tailscale0" ]; + allowedUDPPorts = [ config.services.tailscale.port ]; + }; + services = { printing.enable = true; clipmenu.enable = true; diff --git a/moduler/services/headscale/default.nix b/moduler/services/headscale/default.nix index 1ac4bd7..1df2a51 100644 --- a/moduler/services/headscale/default.nix +++ b/moduler/services/headscale/default.nix @@ -8,11 +8,21 @@ with lib; options = { headscale = { enable = mkEnableOption "enables headscale"; + port = lib.mkOption { + type = lib.types.int; + default = 8082; + description = "The port that headscale is served on."; + }; domain = lib.mkOption { type = lib.types.str; default = "headscale.wastring.com"; description = "The domain that headscale is served on."; }; + baseDomain = lib.mkOption { + type = lib.types.str; + default = "tailnet.wastring.com"; + description = "The base-domain that headscale is served on."; + }; }; }; @@ -22,21 +32,25 @@ with lib; headscale = { enable = true; address = "0.0.0.0"; - port = 8080; - server_url = "https://${domain}"; - dns = { - baseDomain = "example.com"; - }; + port = config.headscale.port; settings = { + server_url = "https://${config.headscale.domain}"; logtail.enabled = false; + dns = { + base_domain = config.headscale.baseDomain; + nameservers.global = [ + "1.1.1.1" + "8.8.8.8" + ]; + }; }; }; - nginx.virtualHosts.${domain} = { + nginx.virtualHosts.${config.headscale.domain} = { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://localhost:${toString config.services.headscale.port}"; + proxyPass = "http://localhost:${toString config.headscale.port}"; proxyWebsockets = true; }; };