diff --git a/flake.nix b/flake.nix index a8dc5ae..42a33c1 100644 --- a/flake.nix +++ b/flake.nix @@ -102,10 +102,10 @@ sops-nix.nixosModules.sops ]; }; - ######################### - # AWS Nebula Lighthouse # - ######################### - WCE-Lighthouse-AWS = nixpkgs.lib.nixosSystem { + ########################## + # AWS Nebula Lighthouse1 # + ########################## + WCE-Lighthouse1 = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; pkgs = import nixpkgs { @@ -116,10 +116,12 @@ modules = [ ./hosts/WCE-Lighthouse "${nixpkgs}/nixos/modules/virtualisation/amazon-image.nix" + { + networking.hostName = "WCE-Lighthouse1"; + } home-manager.nixosModules.home-manager sops-nix.nixosModules.sops ]; - }; }; }; diff --git a/hosts/WCE-Lighthouse/default.nix b/hosts/WCE-Lighthouse/default.nix index 4661763..a4b7480 100644 --- a/hosts/WCE-Lighthouse/default.nix +++ b/hosts/WCE-Lighthouse/default.nix @@ -8,6 +8,5 @@ ../../modules ]; - networking.hostName = "WCE-Lighthouse"; nixpkgs.hostPlatform = "x86_64-linux"; } diff --git a/modules/options.nix b/modules/options.nix index 3109309..e3af93d 100644 --- a/modules/options.nix +++ b/modules/options.nix @@ -38,6 +38,9 @@ live = { enable = lib.mkEnableOption "enable live disk user"; }; + lighthouse = { + enable = lib.mkEnableOption "enable nebula lighthouse server"; + }; }; desktop = { @@ -92,6 +95,9 @@ live = { enable = lib.mkDefault false; }; + lighthouse = { + enable = lib.mkDefault false; + }; }; # Desktop options are declared in their relevant modules in module/desktops diff --git a/modules/users/lighthouse/default.nix b/modules/users/lighthouse/default.nix new file mode 100644 index 0000000..0f69f56 --- /dev/null +++ b/modules/users/lighthouse/default.nix @@ -0,0 +1,10 @@ +{ + lib, + config, + ... +}: { + imports = [ + ./user.nix + ./setup.nix + ]; +} diff --git a/modules/users/lighthouse/setup.nix b/modules/users/lighthouse/setup.nix new file mode 100644 index 0000000..9a37e05 --- /dev/null +++ b/modules/users/lighthouse/setup.nix @@ -0,0 +1,16 @@ +{ + lib, + inputs, + config, + pkgs, + ... +}: +lib.mkIf config.user.lighthouse.enable { + + + services.nebula.networks.test = { + enable = true; + isLighthouse = true; + }; + +} diff --git a/modules/users/lighthouse/user.nix b/modules/users/lighthouse/user.nix new file mode 100644 index 0000000..4db6503 --- /dev/null +++ b/modules/users/lighthouse/user.nix @@ -0,0 +1,15 @@ +{ + inputs, + lib, + config, + ... +}: { + config.users.users.lighthouse = lib.mkIf config.user.lighthouse.enable { + isNormalUser = true; + initialPassword = "changeme"; + extraGroups = ["wheel"]; + openssh.authorizedKeys.keyFiles = [ + inputs.nix-secrets.keys.default + ]; + }; +} diff --git a/modules/users/overseer/services/bookstack.nix b/modules/users/overseer/services/bookstack.nix index 2d8f448..7a3d53e 100644 --- a/modules/users/overseer/services/bookstack.nix +++ b/modules/users/overseer/services/bookstack.nix @@ -1,37 +1,37 @@ let volumePath = "/overseer/services"; in -{ - lib, - pkgs, - config, - ... -}: -lib.mkIf config.user.overseer.enable { - sops.secrets."bookstack/key" = { + { + lib, + pkgs, + config, + ... + }: + lib.mkIf config.user.overseer.enable { + sops.secrets."bookstack/key" = { owner = "bookstack"; - }; - - services.restic.backups.bookstack = { - user = "root"; - timerConfig = { - OnCalendar = "daily"; - Persistent = true; - }; - backupPrepareCommand = "${pkgs.mariadb}/bin/mysqldump -u root bookstack > ${volumePath}/tmp/bookstack.sql"; - backupCleanupCommand = "rm ${volumePath}/tmp/bookstack.sql"; - paths = [ - "/var/lib/bookstack" - "${volumePath}/tmp/bookstack.sql" - ]; - repositoryFile = config.sops.secrets."restic/url".path; - passwordFile = config.sops.secrets."restic/key".path; - }; - - services.bookstack = { + }; + + services.restic.backups.bookstack = { + user = "root"; + timerConfig = { + OnCalendar = "daily"; + Persistent = true; + }; + backupPrepareCommand = "${pkgs.mariadb}/bin/mysqldump -u root bookstack > ${volumePath}/tmp/bookstack.sql"; + backupCleanupCommand = "rm ${volumePath}/tmp/bookstack.sql"; + paths = [ + "/var/lib/bookstack" + "${volumePath}/tmp/bookstack.sql" + ]; + repositoryFile = config.sops.secrets."restic/url".path; + passwordFile = config.sops.secrets."restic/key".path; + }; + + services.bookstack = { enable = true; hostname = "bookstack.wanderingcrow.net"; database.createLocally = true; appKeyFile = config.sops.secrets."bookstack/key".path; - }; -} + }; + } diff --git a/modules/users/overseer/services/grocy.nix b/modules/users/overseer/services/grocy.nix index e99a396..248f07e 100644 --- a/modules/users/overseer/services/grocy.nix +++ b/modules/users/overseer/services/grocy.nix @@ -1,19 +1,16 @@ let volumePath = "/overseer/services"; in -{ - lib, - pkgs, - config, - ... -}: -lib.mkIf config.user.overseer.enable { - - services.grocy = { + { + lib, + pkgs, + config, + ... + }: + lib.mkIf config.user.overseer.enable { + services.grocy = { enable = true; hostName = "grocy.wanderingcrow.net"; nginx.enableSSL = false; - }; - - -} + }; + } diff --git a/modules/users/overseer/services/invidious.nix b/modules/users/overseer/services/invidious.nix index 8cc6c03..48146a4 100644 --- a/modules/users/overseer/services/invidious.nix +++ b/modules/users/overseer/services/invidious.nix @@ -6,7 +6,6 @@ ... }: lib.mkIf config.user.overseer.enable { - services.nginx = { enable = true; recommendedProxySettings = true; @@ -17,12 +16,12 @@ lib.mkIf config.user.overseer.enable { }; }; }; - - services.invidious = { - enable = true; - port = 3000; - nginx.enable = true; - domain = "vid.wanderingcrow.net"; - database.createLocally = true; - }; + + services.invidious = { + enable = true; + port = 3000; + nginx.enable = true; + domain = "vid.wanderingcrow.net"; + database.createLocally = true; + }; }