erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

Add tailscale to all machines

Browse source
This commit is contained in:
Erwin Boskma 2023-05-23 17:12:31 +02:00
parent fa849e1bd5
commit 60b9355ada
Signed by: erwin
SSH key fingerprint: SHA256:3F6Cm6I3erRqlBwEghZWAQl6eS5WrGTX1Vs/Evec1lQ
9 changed files with 90 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
machines/drone/configuration.nix
View file

@ -1,6 +1,7 @@
{ self, ... }: { { self, ... }:
{ modulesPath, ... }: {
imports = [ imports = [
./hardware-configuration.nix (modulesPath + "/virtualisation/proxmox-lxc.nix")
../../users/root ../../users/root
../../users/erwin ../../users/erwin
]; ];
@ -21,28 +22,32 @@
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev; system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
networking = { # networking = {
hostName = "drone"; # hostName = "drone";
useDHCP = false; # useDHCP = false;
interfaces = { # interfaces = {
eth0 = { # eth0 = {
ipv4.addresses = [ # ipv4.addresses = [
{ # {
address = "10.0.0.202"; # address = "10.0.0.202";
prefixLength = 24; # prefixLength = 24;
} # }
]; # ];
}; # };
}; # };
defaultGateway = "10.0.0.1"; # defaultGateway = "10.0.0.1";
nameservers = [ "10.0.0.254" ]; # nameservers = [ "10.0.0.254" ];
# };
proxmoxLXC = {
privileged = true;
}; };
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;
services.openssh.enable = true; services.tailscale.enable = true;
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = { sops.secrets = {

2
machines/frigate/configuration.nix
View file

@ -49,7 +49,7 @@
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;
# services.openssh.enable = true; services.tailscale.enable = true;
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = { sops.secrets = {

42
machines/gitea/configuration.nix
View file

@ -1,6 +1,8 @@
{ self, ... } @ inputs: { { self, ... }:
{ modulesPath, ... }: {
imports = [ imports = [
./hardware-configuration.nix (modulesPath + "/virtualisation/proxmox-lxc.nix")
../../users/root ../../users/root
../../users/erwin ../../users/erwin
./backup.nix ./backup.nix
@ -21,28 +23,32 @@
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev; system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
networking = { # networking = {
hostName = "gitea"; # hostName = "gitea";
useDHCP = false; # useDHCP = false;
interfaces = { # interfaces = {
eth0 = { # eth0 = {
ipv4.addresses = [ # ipv4.addresses = [
{ # {
address = "10.0.0.201"; # address = "10.0.0.201";
prefixLength = 24; # prefixLength = 24;
} # }
]; # ];
}; # };
}; # };
defaultGateway = "10.0.0.1"; # defaultGateway = "10.0.0.1";
nameservers = [ "10.0.0.254" ]; # nameservers = [ "10.0.0.254" ];
# };
proxmoxLXC = {
privileged = true;
}; };
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;
# services.openssh.enable = true; services.tailscale.enable = true;
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = { sops.secrets = {

5
machines/mimir/configuration.nix
View file

@ -147,6 +147,11 @@
enable = true; enable = true;
DHCP = "yes"; DHCP = "yes";
domains = [
"internal.horus.nu"
"bedum.horus.nu"
];
matchConfig = { matchConfig = {
Name = "enp4s0"; Name = "enp4s0";
}; };

2
machines/minio/configuration.nix
View file

@ -46,7 +46,7 @@
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;
# services.openssh.enable = true; services.tailscale.enable = true;
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = { sops.secrets = {

40
machines/proxy/configuration.nix
View file

@ -1,5 +1,7 @@
{ self, ... }: { { self, ... }:
{ modulesPath, ... }: {
imports = [ imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix ./hardware-configuration.nix
../../users/root ../../users/root
../../users/erwin ../../users/erwin
@ -23,26 +25,30 @@
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev; system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
networking = { # networking = {
hostName = "proxy"; # hostName = "proxy";
useDHCP = false; # useDHCP = false;
interfaces = { # interfaces = {
eth0 = { # eth0 = {
ipv4.addresses = [ # ipv4.addresses = [
{ # {
address = "10.0.0.251"; # address = "10.0.0.251";
prefixLength = 24; # prefixLength = 24;
} # }
]; # ];
}; # };
}; # };
defaultGateway = "10.0.0.1"; # defaultGateway = "10.0.0.1";
nameservers = [ "10.0.0.254" ]; # nameservers = [ "10.0.0.254" ];
# };
proxmoxLXC = {
privileged = true;
}; };
services.openssh.enable = true; services.tailscale.enable = true;
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;

17
machines/regin/configuration.nix
View file

@ -1,8 +1,9 @@
{ nixpkgs, ... }: { nixpkgs, nixos-hardware, ... }:
{ pkgs, ... }: { pkgs, ... }:
{ {
imports = [ imports = [
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
nixos-hardware.nixosModules.raspberry-pi-4
../../users/root ../../users/root
../../users/erwin ../../users/erwin
@ -13,7 +14,7 @@
enable = true; enable = true;
server = true; server = true;
}; };
base.kernel = pkgs.linuxPackages_rpi3; base.kernel = pkgs.linuxPackages_rpi4;
klipper.enable = true; klipper.enable = true;
networking.enable = true; networking.enable = true;
nix-common.enable = true; nix-common.enable = true;
@ -24,15 +25,14 @@
hardware = { hardware = {
enableAllFirmware = true; # This also sets hardware.enableRedistributableFirmware enableAllFirmware = true; # This also sets hardware.enableRedistributableFirmware
raspberry-pi."4".fkms-3d = {
enable = true;
cma = 256;
};
}; };
boot = { boot = {
initrd.availableKernelModules = [ bootspec.enable = true;
"usbhid"
"usb_storage"
"vc4"
];
kernelModules = [ "bcm2835-v4l2" ];
}; };
zramSwap.enable = true; zramSwap.enable = true;
@ -57,6 +57,7 @@
}; };
services.openssh.enable = true; services.openssh.enable = true;
services.tailscale.enable = true;
security = { security = {
polkit.enable = true; polkit.enable = true;

1
machines/thor/configuration.nix
View file

@ -70,6 +70,7 @@
}; };
services.openssh.enable = true; services.openssh.enable = true;
services.tailscale.enable = true;
security = { security = {
polkit.enable = true; polkit.enable = true;

5
modules/klipper/default.nix
View file

@ -140,12 +140,13 @@ in
authorization = { authorization = {
cors_domains = [ cors_domains = [
"*.local" "*.local"
"*://app.fluidd.xyz" "*://my.mainsail.xyz"
]; ];
trusted_clients = [ trusted_clients = [
"10.0.0.0/24" "10.0.0.0/24"
"10.1.0.0/24" "10.1.0.0/24"
"100.64.0.0/16"
"127.0.0.0/8" "127.0.0.0/8"
"fe80::/10" "fe80::/10"
"::1/128" "::1/128"
@ -162,7 +163,7 @@ in
}; };
}; };
services.fluidd = { services.mainsail = {
enable = true; enable = true;
hostName = config.networking.hostName; hostName = config.networking.hostName;
}; };