diff --git a/flake.lock b/flake.lock index 85f2c9e..b906cdf 100644 --- a/flake.lock +++ b/flake.lock @@ -16,22 +16,6 @@ "type": "gitlab" } }, - "blobs_2": { - "flake": false, - "locked": { - "lastModified": 1604995301, - "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", - "owner": "simple-nixos-mailserver", - "repo": "blobs", - "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", - "type": "gitlab" - }, - "original": { - "owner": "simple-nixos-mailserver", - "repo": "blobs", - "type": "gitlab" - } - }, "brew-src": { "flake": false, "locked": { @@ -175,22 +159,6 @@ "type": "github" } }, - "flake-compat_4": { - "flake": false, - "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -266,38 +234,10 @@ "git-hooks": { "inputs": { "flake-compat": [ - "private-flake", "simple-nixos-mailserver", "flake-compat" ], "gitignore": "gitignore_2", - "nixpkgs": [ - "private-flake", - "simple-nixos-mailserver", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1763319842, - "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, - "git-hooks_2": { - "inputs": { - "flake-compat": [ - "simple-nixos-mailserver", - "flake-compat" - ], - "gitignore": "gitignore_3", "nixpkgs": [ "simple-nixos-mailserver", "nixpkgs" @@ -340,29 +280,6 @@ } }, "gitignore_2": { - "inputs": { - "nixpkgs": [ - "private-flake", - "simple-nixos-mailserver", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "gitignore_3": { "inputs": { "nixpkgs": [ "simple-nixos-mailserver", @@ -626,11 +543,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1772822230, - "narHash": "sha256-yf3iYLGbGVlIthlQIk5/4/EQDZNNEmuqKZkQssMljuw=", + "lastModified": 1773068389, + "narHash": "sha256-vMrm7Pk2hjBRPnCSjhq1pH0bg350Z+pXhqZ9ICiqqCs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "71caefce12ba78d84fe618cf61644dce01cf3a96", + "rev": "44bae273f9f82d480273bab26f5c50de3724f52f", "type": "github" }, "original": { @@ -690,20 +607,23 @@ "nixpkgs": [ "nixpkgs" ], - "simple-nixos-mailserver": "simple-nixos-mailserver", - "sops-nix": "sops-nix" + "simple-nixos-mailserver": [ + "simple-nixos-mailserver" + ], + "sops-nix": [ + "sops-nix" + ] }, "locked": { - "lastModified": 1773107095, - "narHash": "sha256-FH96EdivFlkW85eumLrp17EdXLMxlPXk4+6p3eGCzOs=", + "lastModified": 1773203147, + "narHash": "sha256-16q/JVUUM8SqeDY4rmM7wt53dXj2dPeBIfGPVP9/NOo=", "owner": "genebean", "repo": "private-flake", - "rev": "1e245e3d7fab1dd1466569ed10f4488abf343e38", + "rev": "510a9214433b56fde82cd572063b99ec9a32eb7f", "type": "github" }, "original": { "owner": "genebean", - "ref": "initial_setup", "repo": "private-flake", "type": "github" } @@ -724,8 +644,8 @@ "nixpkgs": "nixpkgs_3", "nixpkgs-unstable": "nixpkgs-unstable", "private-flake": "private-flake", - "simple-nixos-mailserver": "simple-nixos-mailserver_2", - "sops-nix": "sops-nix_2" + "simple-nixos-mailserver": "simple-nixos-mailserver", + "sops-nix": "sops-nix" } }, "rust-analyzer-src": { @@ -771,31 +691,6 @@ "blobs": "blobs", "flake-compat": "flake-compat_3", "git-hooks": "git-hooks", - "nixpkgs": [ - "private-flake", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1766537863, - "narHash": "sha256-HEt+wbazRgJYeY+lgj65bxhPyVc4x7NEB2bs5NU6DF8=", - "owner": "simple-nixos-mailserver", - "repo": "nixos-mailserver", - "rev": "23f0a53ca6e58e61e1ea2b86791c69b79c91656d", - "type": "gitlab" - }, - "original": { - "owner": "simple-nixos-mailserver", - "ref": "nixos-25.11", - "repo": "nixos-mailserver", - "type": "gitlab" - } - }, - "simple-nixos-mailserver_2": { - "inputs": { - "blobs": "blobs_2", - "flake-compat": "flake-compat_4", - "git-hooks": "git-hooks_2", "nixpkgs": [ "nixpkgs" ] @@ -818,36 +713,15 @@ "sops-nix": { "inputs": { "nixpkgs": [ - "private-flake", "nixpkgs" ] }, "locked": { - "lastModified": 1769469829, - "narHash": "sha256-wFcr32ZqspCxk4+FvIxIL0AZktRs6DuF8oOsLt59YBU=", + "lastModified": 1773096132, + "narHash": "sha256-M3zEnq9OElB7zqc+mjgPlByPm1O5t2fbUrH3t/Hm5Ag=", "owner": "mic92", "repo": "sops-nix", - "rev": "c5eebd4eb2e3372fe12a8d70a248a6ee9dd02eff", - "type": "github" - }, - "original": { - "owner": "mic92", - "repo": "sops-nix", - "type": "github" - } - }, - "sops-nix_2": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1772944399, - "narHash": "sha256-xTzsSd3r5HBeufSZ3fszAn0ldfKctvsYG7tT2YJg5gY=", - "owner": "mic92", - "repo": "sops-nix", - "rev": "c8e69670b316d6788e435a3aa0bda74eb1b82cc0", + "rev": "d1ff3b1034d5bab5d7d8086a7803c5a5968cd784", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 8b6ae2e..c21312c 100644 --- a/flake.nix +++ b/flake.nix @@ -63,8 +63,12 @@ # Private flake for sensitive configs private-flake = { - url = "github:genebean/private-flake/initial_setup"; - inputs.nixpkgs.follows = "nixpkgs"; + url = "github:genebean/private-flake"; + inputs = { + nixpkgs.follows = "nixpkgs"; + simple-nixos-mailserver.follows = "simple-nixos-mailserver"; + sops-nix.follows = "sops-nix"; + }; }; simple-nixos-mailserver = { diff --git a/lib/mkNixosHost.nix b/lib/mkNixosHost.nix index 128a6c5..68b050b 100644 --- a/lib/mkNixosHost.nix +++ b/lib/mkNixosHost.nix @@ -27,7 +27,7 @@ } inputs.nix-flatpak.nixosModules.nix-flatpak - + inputs.private-flake.nixosModules.private.ssh-keys inputs.sops-nix.nixosModules.sops # system wide secrets management ../modules/hosts/nixos # system-wide stuff ../modules/hosts/nixos/${hostname} # host specific stuff diff --git a/modules/hosts/common/linux/nixroutes.nix b/modules/hosts/common/linux/nixroutes.nix new file mode 100644 index 0000000..0b50bdf --- /dev/null +++ b/modules/hosts/common/linux/nixroutes.nix @@ -0,0 +1,7 @@ +{ config, lib, ... }: +let + hostName = config.networking.hostName; +in { + programs.zsh.shellAliases.nixroutes = + "cd ~/repos/dots && echo '=== Current Routes ===' && ip route show && ip -6 route show && echo '' && echo '=== New Build Routes ===' && nix eval --json '.#nixosConfigurations.${hostName}.config.systemd.network.networks.\"10-wan\".routes'"; +} diff --git a/modules/hosts/nixos/hetznix01/default.nix b/modules/hosts/nixos/hetznix01/default.nix index d138703..5f06448 100644 --- a/modules/hosts/nixos/hetznix01/default.nix +++ b/modules/hosts/nixos/hetznix01/default.nix @@ -1,7 +1,8 @@ -{ pkgs, username, ... }: { +{ inputs, pkgs, username, ... }: { imports = [ - ./hardware-configuration.nix + ../../common/linux/nixroutes.nix ./disk-config.nix + ./hardware-configuration.nix ./post-install ]; @@ -84,39 +85,10 @@ }; }; - systemd.network = { - enable = true; - networks."10-wan" = { - matchConfig.Name = "enp1s0"; - address = [ - "5.161.244.95/32" - "2a01:4ff:f0:977c::1/64" - ]; - dns = [ - "185.12.64.1" - "185.12.64.2" - "2a01:4ff:ff00::add:1" - "2a01:4ff:ff00::add:2" - ]; - routes = [ - { Destination = "172.31.1.1"; } - { Gateway = "172.31.1.1"; GatewayOnLink = true; } - { Gateway = "fe80::1"; } - ]; - # make the routes on this interface a dependency for network-online.target - linkConfig.RequiredForOnline = "routable"; - }; - }; - users.users.${username} = { isNormalUser = true; description = "Gene Liverman"; extraGroups = [ "networkmanager" "wheel" ]; linger = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvLaPTfG3r+bcbI6DV4l69UgJjnwmZNCQk79HXyf1Pt gene@rainbow-planet" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxSBXdng/+esUXN/uLHQ0l9SgHS5EI9Z8UbqxLMNpK5 gene@newt" - ]; }; } diff --git a/modules/hosts/nixos/hetznix01/post-install/default.nix b/modules/hosts/nixos/hetznix01/post-install/default.nix index 183898b..83eddd6 100644 --- a/modules/hosts/nixos/hetznix01/post-install/default.nix +++ b/modules/hosts/nixos/hetznix01/post-install/default.nix @@ -12,24 +12,6 @@ in { ./nginx.nix ]; - mailserver = { - enable = true; - enableImap = false; - enableImapSsl = true; - enableSubmission = false; - enableSubmissionSsl = true; - fqdn = "mail.alt.${domain}"; - domains = [ - "alt.${domain}" - "indianspringsbsa.org" - "pack1828.org" - ]; - stateVersion = 3; - - # Use Let's Encrypt certificates from Nginx - certificateScheme = "acme"; - }; - services = { collabora-online = { enable = true; diff --git a/modules/hosts/nixos/hetznix02/default.nix b/modules/hosts/nixos/hetznix02/default.nix index 1915a93..6d33499 100644 --- a/modules/hosts/nixos/hetznix02/default.nix +++ b/modules/hosts/nixos/hetznix02/default.nix @@ -1,8 +1,10 @@ -{ pkgs, username, ... }: { +{ inputs, pkgs, username, ... }: { imports = [ - ./hardware-configuration.nix + ../../common/linux/nixroutes.nix ./disk-config.nix + ./hardware-configuration.nix ./post-install + inputs.private-flake.nixosModules.private.hetznix02 ]; system.stateVersion = "24.05"; @@ -51,41 +53,11 @@ ''; }; - systemd.network = { - enable = true; - networks."10-wan" = { - matchConfig.Name = "enp1s0"; - address = [ - "195.201.224.89/32" - "2a01:4f8:1c1e:aa68::1/64" - "fe80::9400:3ff:feae:45aa/64" - ]; - dns = [ - "185.12.64.1" - "185.12.64.2" - "2a01:4ff:ff00::add:1" - "2a01:4ff:ff00::add:2" - ]; - routes = [ - { Destination = "172.31.1.1"; } - { Gateway = "172.31.1.1"; GatewayOnLink = true; } - { Gateway = "fe80::1"; } - ]; - # make the routes on this interface a dependency for network-online.target - linkConfig.RequiredForOnline = "routable"; - }; - }; - users.users.${username} = { isNormalUser = true; description = "Gene Liverman"; extraGroups = [ "networkmanager" "wheel" ]; linger = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvLaPTfG3r+bcbI6DV4l69UgJjnwmZNCQk79HXyf1Pt gene@rainbow-planet" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAyYpMcbTCpDtP7wUcXnfFXvekPL/tz/k2Q3kCZwfGwZ gene@kiosk-gene-desk" - ]; }; zramSwap.enable = true; diff --git a/modules/hosts/nixos/kiosk-entryway/default.nix b/modules/hosts/nixos/kiosk-entryway/default.nix index a28e1eb..a694dbf 100644 --- a/modules/hosts/nixos/kiosk-entryway/default.nix +++ b/modules/hosts/nixos/kiosk-entryway/default.nix @@ -117,10 +117,6 @@ description = "Gene Liverman"; extraGroups = [ "networkmanager" "wheel" ]; linger = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvLaPTfG3r+bcbI6DV4l69UgJjnwmZNCQk79HXyf1Pt gene@rainbow-planet" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com" - ]; }; zramSwap = { diff --git a/modules/hosts/nixos/kiosk-gene-desk/default.nix b/modules/hosts/nixos/kiosk-gene-desk/default.nix index 58cf555..ace2fe5 100644 --- a/modules/hosts/nixos/kiosk-gene-desk/default.nix +++ b/modules/hosts/nixos/kiosk-gene-desk/default.nix @@ -110,10 +110,6 @@ description = "Gene Liverman"; extraGroups = [ "networkmanager" "wheel" ]; linger = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvLaPTfG3r+bcbI6DV4l69UgJjnwmZNCQk79HXyf1Pt gene@rainbow-planet" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com" - ]; }; zramSwap = { diff --git a/modules/hosts/nixos/nixnas1/default.nix b/modules/hosts/nixos/nixnas1/default.nix index 8cd4bbf..708ccba 100644 --- a/modules/hosts/nixos/nixnas1/default.nix +++ b/modules/hosts/nixos/nixnas1/default.nix @@ -118,9 +118,5 @@ isNormalUser = true; description = "Gene Liverman"; extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvLaPTfG3r+bcbI6DV4l69UgJjnwmZNCQk79HXyf1Pt gene@rainbow-planet" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com" - ]; }; } diff --git a/modules/hosts/nixos/nixnuc/default.nix b/modules/hosts/nixos/nixnuc/default.nix index 7a60849..c3e1fb1 100644 --- a/modules/hosts/nixos/nixnuc/default.nix +++ b/modules/hosts/nixos/nixnuc/default.nix @@ -624,11 +624,6 @@ in { description = "Gene Liverman"; extraGroups = [ "docker" "podman" "networkmanager" "wheel" ]; linger = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvLaPTfG3r+bcbI6DV4l69UgJjnwmZNCQk79HXyf1Pt gene@rainbow-planet" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6bRxR9wmwO1AcKjO2gRk6oxbIoDLI3KQL7sj92sN0K Gene on BigBoy" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIp42X5DZ713+bgbOO+GXROufUFdxWo7NjJbGQ285x3N gene.liverman@ltnglobal.com" - ]; }; # Enable common container config files in /etc/containers