erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

Add tailscale to all machines

Browse source
This commit is contained in:
Erwin Boskma 2023-05-23 17:12:31 +02:00
parent fa849e1bd5
commit 60b9355ada
Signed by: erwin
SSH key fingerprint: SHA256:3F6Cm6I3erRqlBwEghZWAQl6eS5WrGTX1Vs/Evec1lQ
9 changed files with 90 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
machines/drone/configuration.nix
View file

@ -1,6 +1,7 @@
{ self, ... }: {
{ self, ... }:
{ modulesPath, ... }: {
imports = [
./hardware-configuration.nix
(modulesPath + "/virtualisation/proxmox-lxc.nix")
../../users/root
../../users/erwin
];
@ -21,28 +22,32 @@
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
networking = {
hostName = "drone";
useDHCP = false;
# networking = {
# hostName = "drone";
# useDHCP = false;
interfaces = {
eth0 = {
ipv4.addresses = [
{
address = "10.0.0.202";
prefixLength = 24;
}
];
};
};
# interfaces = {
# eth0 = {
# ipv4.addresses = [
# {
# address = "10.0.0.202";
# prefixLength = 24;
# }
# ];
# };
# };
defaultGateway = "10.0.0.1";
nameservers = [ "10.0.0.254" ];
# defaultGateway = "10.0.0.1";
# nameservers = [ "10.0.0.254" ];
# };
proxmoxLXC = {
privileged = true;
};
security.sudo.execWheelOnly = true;
services.openssh.enable = true;
services.tailscale.enable = true;
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {

2
machines/frigate/configuration.nix
View file

@ -49,7 +49,7 @@
security.sudo.execWheelOnly = true;
# services.openssh.enable = true;
services.tailscale.enable = true;
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {

42
machines/gitea/configuration.nix
View file

@ -1,6 +1,8 @@
{ self, ... } @ inputs: {
{ self, ... }:
{ modulesPath, ... }: {
imports = [
./hardware-configuration.nix
(modulesPath + "/virtualisation/proxmox-lxc.nix")
../../users/root
../../users/erwin
./backup.nix
@ -21,28 +23,32 @@
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
networking = {
hostName = "gitea";
useDHCP = false;
# networking = {
# hostName = "gitea";
# useDHCP = false;
interfaces = {
eth0 = {
ipv4.addresses = [
{
address = "10.0.0.201";
prefixLength = 24;
}
];
};
};
# interfaces = {
# eth0 = {
# ipv4.addresses = [
# {
# address = "10.0.0.201";
# prefixLength = 24;
# }
# ];
# };
# };
defaultGateway = "10.0.0.1";
nameservers = [ "10.0.0.254" ];
# defaultGateway = "10.0.0.1";
# nameservers = [ "10.0.0.254" ];
# };
proxmoxLXC = {
privileged = true;
};
security.sudo.execWheelOnly = true;
# services.openssh.enable = true;
services.tailscale.enable = true;
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {

5
machines/mimir/configuration.nix
View file

@ -147,6 +147,11 @@
enable = true;
DHCP = "yes";
domains = [
"internal.horus.nu"
"bedum.horus.nu"
];
matchConfig = {
Name = "enp4s0";
};

2
machines/minio/configuration.nix
View file

@ -46,7 +46,7 @@
security.sudo.execWheelOnly = true;
# services.openssh.enable = true;
services.tailscale.enable = true;
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {

42
machines/proxy/configuration.nix
View file

@ -1,5 +1,7 @@
{ self, ... }: {
{ self, ... }:
{ modulesPath, ... }: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
../../users/root
../../users/erwin
@ -23,26 +25,30 @@
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
networking = {
hostName = "proxy";
useDHCP = false;
# networking = {
# hostName = "proxy";
# useDHCP = false;
interfaces = {
eth0 = {
ipv4.addresses = [
{
address = "10.0.0.251";
prefixLength = 24;
}
];
};
# interfaces = {
# eth0 = {
# ipv4.addresses = [
# {
# address = "10.0.0.251";
# prefixLength = 24;
# }
# ];
# };
# };
# defaultGateway = "10.0.0.1";
# nameservers = [ "10.0.0.254" ];
# };
proxmoxLXC = {
privileged = true;
};
defaultGateway = "10.0.0.1";
nameservers = [ "10.0.0.254" ];
};
services.openssh.enable = true;
services.tailscale.enable = true;
security.sudo.execWheelOnly = true;

17
machines/regin/configuration.nix
View file

@ -1,8 +1,9 @@
{ nixpkgs, ... }:
{ nixpkgs, nixos-hardware, ... }:
{ pkgs, ... }:
{
imports = [
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
nixos-hardware.nixosModules.raspberry-pi-4
../../users/root
../../users/erwin
@ -13,7 +14,7 @@
enable = true;
server = true;
};
base.kernel = pkgs.linuxPackages_rpi3;
base.kernel = pkgs.linuxPackages_rpi4;
klipper.enable = true;
networking.enable = true;
nix-common.enable = true;
@ -24,15 +25,14 @@
hardware = {
enableAllFirmware = true; # This also sets hardware.enableRedistributableFirmware
raspberry-pi."4".fkms-3d = {
enable = true;
cma = 256;
};
};
boot = {
initrd.availableKernelModules = [
"usbhid"
"usb_storage"
"vc4"
];
kernelModules = [ "bcm2835-v4l2" ];
bootspec.enable = true;
};
zramSwap.enable = true;
@ -57,6 +57,7 @@
};
services.openssh.enable = true;
services.tailscale.enable = true;
security = {
polkit.enable = true;

1
machines/thor/configuration.nix
View file

@ -70,6 +70,7 @@
};
services.openssh.enable = true;
services.tailscale.enable = true;
security = {
polkit.enable = true;

5
modules/klipper/default.nix
View file

@ -140,12 +140,13 @@ in
authorization = {
cors_domains = [
"*.local"
"*://app.fluidd.xyz"
"*://my.mainsail.xyz"
];
trusted_clients = [
"10.0.0.0/24"
"10.1.0.0/24"
"100.64.0.0/16"
"127.0.0.0/8"
"fe80::/10"
"::1/128"
@ -162,7 +163,7 @@ in
};
};
services.fluidd = {
services.mainsail = {
enable = true;
hostName = config.networking.hostName;
};