beginning of lighthouse

2026-01-11 09:44:08 -05:00 · 2025-01-28 16:55:31 -05:00 · 2025-01-28 16:55:31 -05:00 · ef9e7a469f
commit ef9e7a469f
parent 2b7270fdcc
9 changed files with 101 additions and 57 deletions
--- a/flake.nix
+++ b/flake.nix
@ -102,10 +102,10 @@
          sops-nix.nixosModules.sops
        ];
      };
-      #########################
-      # AWS Nebula Lighthouse #
-      #########################
-      WCE-Lighthouse-AWS = nixpkgs.lib.nixosSystem {
+      ##########################
+      # AWS Nebula Lighthouse1 #
+      ##########################
+      WCE-Lighthouse1 = nixpkgs.lib.nixosSystem {
        specialArgs = {
          inherit inputs;
          pkgs = import nixpkgs {
@ -116,10 +116,12 @@
        modules = [
          ./hosts/WCE-Lighthouse
          "${nixpkgs}/nixos/modules/virtualisation/amazon-image.nix"
+          {
+            networking.hostName = "WCE-Lighthouse1";
+          }
          home-manager.nixosModules.home-manager
          sops-nix.nixosModules.sops
        ];
-
      };
    };
  };
--- a/hosts/WCE-Lighthouse/default.nix
+++ b/hosts/WCE-Lighthouse/default.nix
@ -8,6 +8,5 @@
    ../../modules
  ];

-  networking.hostName = "WCE-Lighthouse";
  nixpkgs.hostPlatform = "x86_64-linux";
 }
--- a/modules/options.nix
+++ b/modules/options.nix
@ -38,6 +38,9 @@
      live = {
        enable = lib.mkEnableOption "enable live disk user";
      };
+      lighthouse = {
+        enable = lib.mkEnableOption "enable nebula lighthouse server";
+      };
    };

    desktop = {
@ -92,6 +95,9 @@
      live = {
        enable = lib.mkDefault false;
      };
+      lighthouse = {
+        enable = lib.mkDefault false;
+    };
    };

    # Desktop options are declared in their relevant modules in module/desktops
--- a/modules/users/lighthouse/default.nix
+++ b/modules/users/lighthouse/default.nix
@ -0,0 +1,10 @@
+{
+  lib,
+  config,
+  ...
+}: {
+  imports = [
+    ./user.nix
+    ./setup.nix
+  ];
+}
--- a/modules/users/lighthouse/setup.nix
+++ b/modules/users/lighthouse/setup.nix
@ -0,0 +1,16 @@
+{
+  lib,
+  inputs,
+  config,
+  pkgs,
+  ...
+}:
+lib.mkIf config.user.lighthouse.enable {
+
+
+    services.nebula.networks.test = {
+        enable = true;
+        isLighthouse = true;
+    };
+        
+}
--- a/modules/users/lighthouse/user.nix
+++ b/modules/users/lighthouse/user.nix
@ -0,0 +1,15 @@
+{
+  inputs,
+  lib,
+  config,
+  ...
+}: {
+  config.users.users.lighthouse = lib.mkIf config.user.lighthouse.enable {
+    isNormalUser = true;
+    initialPassword = "changeme";
+    extraGroups = ["wheel"];
+    openssh.authorizedKeys.keyFiles = [
+      inputs.nix-secrets.keys.default
+    ];
+  };
+}
--- a/modules/users/overseer/services/bookstack.nix
+++ b/modules/users/overseer/services/bookstack.nix
@ -1,37 +1,37 @@
 let
  volumePath = "/overseer/services";
 in
-{
-  lib,
-  pkgs,
-  config,
-  ...
-}:
-lib.mkIf config.user.overseer.enable {
-    sops.secrets."bookstack/key" = {
+  {
+    lib,
+    pkgs,
+    config,
+    ...
+  }:
+    lib.mkIf config.user.overseer.enable {
+      sops.secrets."bookstack/key" = {
        owner = "bookstack";
-    };
-      
-  services.restic.backups.bookstack = {
-    user = "root";
-    timerConfig = {
-      OnCalendar = "daily";
-      Persistent = true;
-    };
-    backupPrepareCommand = "${pkgs.mariadb}/bin/mysqldump -u root bookstack > ${volumePath}/tmp/bookstack.sql";
-    backupCleanupCommand = "rm ${volumePath}/tmp/bookstack.sql";
-    paths = [
-        "/var/lib/bookstack"
-        "${volumePath}/tmp/bookstack.sql"
-    ];
-    repositoryFile = config.sops.secrets."restic/url".path;
-    passwordFile = config.sops.secrets."restic/key".path;
-  };
-        
-    services.bookstack = {
+      };
+
+      services.restic.backups.bookstack = {
+        user = "root";
+        timerConfig = {
+          OnCalendar = "daily";
+          Persistent = true;
+        };
+        backupPrepareCommand = "${pkgs.mariadb}/bin/mysqldump -u root bookstack > ${volumePath}/tmp/bookstack.sql";
+        backupCleanupCommand = "rm ${volumePath}/tmp/bookstack.sql";
+        paths = [
+          "/var/lib/bookstack"
+          "${volumePath}/tmp/bookstack.sql"
+        ];
+        repositoryFile = config.sops.secrets."restic/url".path;
+        passwordFile = config.sops.secrets."restic/key".path;
+      };
+
+      services.bookstack = {
        enable = true;
        hostname = "bookstack.wanderingcrow.net";
        database.createLocally = true;
        appKeyFile = config.sops.secrets."bookstack/key".path;
-    };
-}
+      };
+    }
--- a/modules/users/overseer/services/grocy.nix
+++ b/modules/users/overseer/services/grocy.nix
@ -1,19 +1,16 @@
 let
  volumePath = "/overseer/services";
 in
-{
-  lib,
-  pkgs,
-  config,
-  ...
-}:
-lib.mkIf config.user.overseer.enable {
-    
-    services.grocy = {
+  {
+    lib,
+    pkgs,
+    config,
+    ...
+  }:
+    lib.mkIf config.user.overseer.enable {
+      services.grocy = {
        enable = true;
        hostName = "grocy.wanderingcrow.net";
        nginx.enableSSL = false;
-    };
-
-
-}
+      };
+    }
--- a/modules/users/overseer/services/invidious.nix
+++ b/modules/users/overseer/services/invidious.nix
@ -6,7 +6,6 @@
  ...
 }:
 lib.mkIf config.user.overseer.enable {
-    
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
@ -17,12 +16,12 @@ lib.mkIf config.user.overseer.enable {
      };
    };
  };
-  
-    services.invidious = {
-        enable = true;
-        port = 3000;
-        nginx.enable = true;
-        domain = "vid.wanderingcrow.net";
-        database.createLocally = true;
-    };
+
+  services.invidious = {
+    enable = true;
+    port = 3000;
+    nginx.enable = true;
+    domain = "vid.wanderingcrow.net";
+    database.createLocally = true;
+  };
 }