From e7ca693b77b0062e3ccace46b10f039888f99c93 Mon Sep 17 00:00:00 2001 From: Gabe Venberg Date: Tue, 23 Jul 2024 11:24:15 -0500 Subject: [PATCH] added config for remote acess pi. This pi will be used to acesss the offsite backup location through tailscale and ssh. --- flake.lock | 17 ++++++ flake.nix | 2 + hosts/remote-pi/default.nix | 103 +++++++++++++++++++++++++++++++++++ hosts/rockhole64/default.nix | 7 ++- 4 files changed, 126 insertions(+), 3 deletions(-) create mode 100644 hosts/remote-pi/default.nix diff --git a/flake.lock b/flake.lock index 565b3c3..9e9564a 100644 --- a/flake.lock +++ b/flake.lock @@ -263,6 +263,22 @@ "url": "ssh://git@git.venberg.xyz:7920/Gabe/nix-secrets.git" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1721413321, + "narHash": "sha256-0GdiQScDceUrVGbxYpV819LHesK3szHOhJ09e6sgES4=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "ab165a8a6cd12781d76fe9cbccb9e975d0fb634f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixos-wsl": { "inputs": { "flake-compat": [ @@ -361,6 +377,7 @@ "flake-utils": "flake-utils", "home-manager": "home-manager", "nix-secrets": "nix-secrets", + "nixos-hardware": "nixos-hardware", "nixos-wsl": "nixos-wsl", "nixpkgs": "nixpkgs", "nixvim": "nixvim", diff --git a/flake.nix b/flake.nix index c6730b3..6c50857 100644 --- a/flake.nix +++ b/flake.nix @@ -48,6 +48,8 @@ flake = false; }; + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + # just for follows statements flake-utils.url = "github:numtide/flake-utils"; flake-compat.url = "github:edolstra/flake-compat"; diff --git a/hosts/remote-pi/default.nix b/hosts/remote-pi/default.nix new file mode 100644 index 0000000..dd97bf9 --- /dev/null +++ b/hosts/remote-pi/default.nix @@ -0,0 +1,103 @@ +{ + inputs, + configLib, + ... +}: +inputs.nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + specialArgs = {inherit inputs configLib;}; + modules = [ + inputs.home-manager.nixosModules.home-manager + inputs.disko.nixosModules.disko + inputs.nixos-hardware.nixosModules.raspberry-pi-3 + ../../configs/nixos/common.nix + ../../configs/nixos/sshd.nix + ../../configs/nixos/secrets.nix + ../../configs/nixos/tailscale.nix + ({ + config, + pkgs, + lib, + configLib, + ... + }: { + boot.initrd.availableKernelModules = [ + "xhci_pci" + "usbhid" + "usb_storage" + ]; + hardware.enableRedistributableFirmware = true; + host = { + user = "gabe"; + fullName = "Gabe Venberg"; + }; + networking.hostName = "remotepi"; # Define your hostname. + networking.hostId = "8efd3e13"; + networking.useNetworkd = true; + systemd.network = { + enable = true; + networks."TODO" = { + name = "TODO"; + address = ["TODO"]; + gateway = ["TODO"]; + dns = ["1.1.1.1"]; + }; + }; + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = ["noatime"]; + }; + }; + + time.timeZone = "America/Chicago"; + + # home-manager.sharedModules = [ + # inputs.sops-nix.homeManagerModules.sops + # ]; + home-manager.users.${config.host.user} = { + inputs, + osConfig, + lib, + ... + }: { + host = osConfig.host; + user = { + git = { + profile = { + name = config.host.fullName; + email = "gabevenberg@gmail.com"; + }; + workProfile.enable = false; + }; + }; + imports = [ + ../../roles/home-manager/minimal-terminal.nix + ../../configs/home-manager/common.nix + inputs.nixvim.homeManagerModules.nixvim + # ../../configs/home-manager/secrets.nix + ]; + + # sops = lib.mkIf (inputs ? nix-secrets) { + # secrets = { + # }; + # }; + }; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.11"; # Did you read the comment? + }) + ]; +} diff --git a/hosts/rockhole64/default.nix b/hosts/rockhole64/default.nix index b2258f3..ccc209b 100644 --- a/hosts/rockhole64/default.nix +++ b/hosts/rockhole64/default.nix @@ -15,9 +15,7 @@ inputs.nixpkgs.lib.nixosSystem { ../../configs/nixos/common.nix ../../configs/nixos/sshd.nix ../../configs/nixos/secrets.nix - ../../configs/nixos/i3 - ../../configs/nixos/sound.nix - ../../configs/nixos/interactive-networking.nix + ../../configs/nixos/tailscale.nix ({ config, pkgs, @@ -40,9 +38,12 @@ inputs.nixpkgs.lib.nixosSystem { fullName = "Gabe Venberg"; }; networking.hostName = "rockhole"; # Define your hostname. + networking.hostId = "e0c31928"; + networking.useNetworkd = true; systemd.network = { enable = true; networks."TODO" = { + name = "TODO"; address = ["10.10.0.2/16"]; gateway = ["10.10.0.1"]; dns = ["10.10.0.2"];