all: add peerix capabilities
This commit is contained in:
parent
8a81578425
commit
b35a2966b2
@ -1,7 +1,7 @@
|
||||
{ config, lib, ... }:
|
||||
with lib; {
|
||||
options = {
|
||||
peerix = {
|
||||
tsPeerix = {
|
||||
enable = mkOption {
|
||||
description = "Enable peerix";
|
||||
default = false;
|
||||
@ -17,18 +17,28 @@ with lib; {
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.peerix.enable {
|
||||
config = mkIf config.tsPeerix.enable {
|
||||
users.groups.peerix = {
|
||||
name = "peerix";
|
||||
};
|
||||
users.users.peerix = {
|
||||
name = "peerix";
|
||||
group = "peerix";
|
||||
isSystemUser = true;
|
||||
};
|
||||
services = {
|
||||
peerix = {
|
||||
enable = true;
|
||||
openFirewall = false; # UDP/12304
|
||||
privateKeyFile = "${config.peerix.privateKeyFile}";
|
||||
publicKeyFile = ../../configs/peerix.pubs;
|
||||
openFirewall = false;
|
||||
user = "peerix";
|
||||
privateKeyFile = "${config.tsPeerix.privateKeyFile}";
|
||||
publicKeyFile = ./peerix.pubs;
|
||||
};
|
||||
};
|
||||
networking.firewall.interfaces = {
|
||||
"tailscale0" = {
|
||||
allowedUDPPorts = 12304;
|
||||
allowedUDPPorts = [ 12304 ];
|
||||
allowedTCPPorts = [ 12304 ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -1,2 +1 @@
|
||||
peerix-europa:FpjwUsYBl+I/SEr5JuO676oVhtUvY2zjyIr2VAVbmfs=
|
||||
peerix-stan:3wdu3RBNCIVdgVRFt7bPQuoNH1liYsndLL0pI8mZCbg=
|
||||
peerix-europa:FpjwUsYBl+I/SEr5JuO676oVhtUvY2zjyIr2VAVbmfs= peerix-stan:3wdu3RBNCIVdgVRFt7bPQuoNH1liYsndLL0pI8mZCbg=
|
||||
|
@ -12,6 +12,7 @@ in {
|
||||
./configs/gitmux.nix
|
||||
./configs/git.nix
|
||||
./configs/neovim.nix
|
||||
./configs/peerix.nix
|
||||
./configs/manager.nix
|
||||
./configs/tmux.nix
|
||||
./configs/net-overlay.nix
|
||||
|
43
flake.lock
generated
43
flake.lock
generated
@ -137,6 +137,28 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"peerix": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": [
|
||||
"stable"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1661429880,
|
||||
"narHash": "sha256-7/m468XZW82O7KhDtRdQ7RnPsh83+tA8N4U0FncFo1U=",
|
||||
"owner": "cid-chan",
|
||||
"repo": "peerix",
|
||||
"rev": "32cd1b098b83c90726848bd6726f74e72c557abb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "cid-chan",
|
||||
"repo": "peerix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"darwin": "darwin",
|
||||
@ -145,6 +167,7 @@
|
||||
"mcchunkie": "mcchunkie",
|
||||
"microca": "microca",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"peerix": "peerix",
|
||||
"sshKnownHosts": "sshKnownHosts",
|
||||
"stable": "stable",
|
||||
"unstable": "unstable",
|
||||
@ -192,11 +215,11 @@
|
||||
},
|
||||
"stable": {
|
||||
"locked": {
|
||||
"lastModified": 1661754554,
|
||||
"narHash": "sha256-de5B2kxfNBLYQrAw7jiavjkNTqI7+2ff5etpn7h1OYo=",
|
||||
"lastModified": 1661825248,
|
||||
"narHash": "sha256-3A5W95RnB8aELcapCalM8zJhyIo+iNyN77uRJfkbFig=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8771f639c5539e0285aea854404047af78ed7007",
|
||||
"rev": "f4924a0a1fba98b6721792f2a5b1d71e11664dfa",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -240,11 +263,11 @@
|
||||
},
|
||||
"unstableSmall": {
|
||||
"locked": {
|
||||
"lastModified": 1661757213,
|
||||
"narHash": "sha256-f52E4WkJSUxuollb5YgPG7aw1Qbe6eOEtpWd2TM9MxM=",
|
||||
"lastModified": 1661846789,
|
||||
"narHash": "sha256-gpizELTzMLw/UislEW9rp4B5ZLcgHkQbkqoxCoDZurc=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "767a1251bf27d89868e86a4e2f6a2b37781e546b",
|
||||
"rev": "1cc8a7ba8844f68a646da509a3976b52f406a28c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -260,11 +283,11 @@
|
||||
"stable": "stable_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1661788636,
|
||||
"narHash": "sha256-CaVETfPsIWXw2Rw4jYwR/m85iNVPT+8C9hCYJ9i+rWg=",
|
||||
"lastModified": 1661891289,
|
||||
"narHash": "sha256-GY5MlRoHpnnziRpV/e2h8eWI4yu3e6gCA7Flt6JA31A=",
|
||||
"ref": "main",
|
||||
"rev": "29bbc65eae31d82e8675d21bd337148bdae0cd43",
|
||||
"revCount": 32,
|
||||
"rev": "5777109f8298dcf1d893b2cd743a7e088bba231f",
|
||||
"revCount": 37,
|
||||
"type": "git",
|
||||
"url": "ssh://xin-secrets-ro/qbit/xin-secrets.git"
|
||||
},
|
||||
|
22
flake.nix
22
flake.nix
@ -17,7 +17,7 @@
|
||||
|
||||
emacs-overlay = {
|
||||
url =
|
||||
"github:nix-community/emacs-overlay/0bb59bd04ff65270b34434edde00654f43a0dec8";
|
||||
"github:nix-community/emacs-overlay";
|
||||
inputs.nixpkgs.follows = "stable";
|
||||
};
|
||||
|
||||
@ -45,14 +45,23 @@
|
||||
url = "github:qbit/gqrss";
|
||||
flake = false;
|
||||
};
|
||||
|
||||
peerix = {
|
||||
url = "github:cid-chan/peerix";
|
||||
inputs.nixpkgs.follows = "stable";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = { self, unstable, unstableSmall, stable, nixos-hardware
|
||||
, sshKnownHosts, microca, mcchunkie, gqrss, darwin, xin-secrets, ...
|
||||
, sshKnownHosts, microca, mcchunkie, gqrss, darwin, xin-secrets, peerix, ...
|
||||
}@flakes:
|
||||
let
|
||||
hostBase = {
|
||||
overlays = [ flakes.emacs-overlay.overlay ];
|
||||
overlays = [
|
||||
flakes.emacs-overlay.overlay
|
||||
flakes.peerix.overlay
|
||||
|
||||
];
|
||||
modules = [
|
||||
# Common config stuffs
|
||||
(import (./default.nix))
|
||||
@ -63,7 +72,7 @@
|
||||
];
|
||||
};
|
||||
|
||||
overlays = [ flakes.emacs-overlay.overlay ];
|
||||
overlays = [ flakes.emacs-overlay.overlay flakes.peerix.overlay ];
|
||||
|
||||
buildVer = { system.configurationRevision = self.rev or "DIRTY"; };
|
||||
buildShell = pkgs:
|
||||
@ -116,13 +125,16 @@
|
||||
|
||||
nixosConfigurations = {
|
||||
box = buildSys "x86_64-linux" stable [ ] "box";
|
||||
europa = buildSys "x86_64-linux" unstable [ ] "europa";
|
||||
europa = buildSys "x86_64-linux" unstable [ peerix.nixosModules.peerix ]
|
||||
"europa";
|
||||
faf = buildSys "x86_64-linux" stable [ ] "faf";
|
||||
hass = buildSys "x86_64-linux" stable [ ] "hass";
|
||||
h = buildSys "x86_64-linux" unstableSmall [ ] "h";
|
||||
litr = buildSys "x86_64-linux" unstable [ ] "litr";
|
||||
stan = buildSys "x86_64-linux" stable [
|
||||
nixos-hardware.nixosModules.framework
|
||||
peerix.nixosModules.peerix
|
||||
|
||||
] "stan";
|
||||
weather = buildSys "aarch64-linux" stable
|
||||
[ nixos-hardware.nixosModules.raspberry-pi-4 ] "weather";
|
||||
|
@ -29,6 +29,12 @@ in {
|
||||
group = "wheel";
|
||||
mode = "400";
|
||||
};
|
||||
peerix_private_key = {
|
||||
sopsFile = config.xin-secrets.europa.peerix;
|
||||
owner = "peerix";
|
||||
group = "wheel";
|
||||
mode = "400";
|
||||
};
|
||||
};
|
||||
|
||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
@ -118,6 +124,11 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
tsPeerix = {
|
||||
enable = true;
|
||||
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
|
||||
};
|
||||
|
||||
programs.steam.enable = true;
|
||||
services = {
|
||||
emacs = {
|
||||
|
@ -60,6 +60,12 @@ in {
|
||||
owner = "root";
|
||||
mode = "400";
|
||||
};
|
||||
peerix_private_key = {
|
||||
sopsFile = config.xin-secrets.stan.peerix;
|
||||
owner = "peerix";
|
||||
group = "peerix";
|
||||
mode = "400";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
@ -111,6 +117,11 @@ in {
|
||||
zsh.enable = true;
|
||||
};
|
||||
|
||||
tsPeerix = {
|
||||
enable = true;
|
||||
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
|
||||
};
|
||||
|
||||
services = {
|
||||
emacs = {
|
||||
enable = false;
|
||||
|
Loading…
Reference in New Issue
Block a user