all: add peerix capabilities

This commit is contained in:
Aaron Bieber 2022-08-30 15:56:37 -06:00
parent 8a81578425
commit b35a2966b2
No known key found for this signature in database
7 changed files with 90 additions and 23 deletions

View File

@ -1,7 +1,7 @@
{ config, lib, ... }: { config, lib, ... }:
with lib; { with lib; {
options = { options = {
peerix = { tsPeerix = {
enable = mkOption { enable = mkOption {
description = "Enable peerix"; description = "Enable peerix";
default = false; default = false;
@ -17,18 +17,28 @@ with lib; {
}; };
}; };
config = mkIf config.peerix.enable { config = mkIf config.tsPeerix.enable {
users.groups.peerix = {
name = "peerix";
};
users.users.peerix = {
name = "peerix";
group = "peerix";
isSystemUser = true;
};
services = { services = {
peerix = { peerix = {
enable = true; enable = true;
openFirewall = false; # UDP/12304 openFirewall = false;
privateKeyFile = "${config.peerix.privateKeyFile}"; user = "peerix";
publicKeyFile = ../../configs/peerix.pubs; privateKeyFile = "${config.tsPeerix.privateKeyFile}";
publicKeyFile = ./peerix.pubs;
}; };
}; };
networking.firewall.interfaces = { networking.firewall.interfaces = {
"tailscale0" = { "tailscale0" = {
allowedUDPPorts = 12304; allowedUDPPorts = [ 12304 ];
allowedTCPPorts = [ 12304 ];
}; };
}; };
}; };

View File

@ -1,2 +1 @@
peerix-europa:FpjwUsYBl+I/SEr5JuO676oVhtUvY2zjyIr2VAVbmfs= peerix-europa:FpjwUsYBl+I/SEr5JuO676oVhtUvY2zjyIr2VAVbmfs= peerix-stan:3wdu3RBNCIVdgVRFt7bPQuoNH1liYsndLL0pI8mZCbg=
peerix-stan:3wdu3RBNCIVdgVRFt7bPQuoNH1liYsndLL0pI8mZCbg=

View File

@ -12,6 +12,7 @@ in {
./configs/gitmux.nix ./configs/gitmux.nix
./configs/git.nix ./configs/git.nix
./configs/neovim.nix ./configs/neovim.nix
./configs/peerix.nix
./configs/manager.nix ./configs/manager.nix
./configs/tmux.nix ./configs/tmux.nix
./configs/net-overlay.nix ./configs/net-overlay.nix

View File

@ -137,6 +137,28 @@
"type": "github" "type": "github"
} }
}, },
"peerix": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"stable"
]
},
"locked": {
"lastModified": 1661429880,
"narHash": "sha256-7/m468XZW82O7KhDtRdQ7RnPsh83+tA8N4U0FncFo1U=",
"owner": "cid-chan",
"repo": "peerix",
"rev": "32cd1b098b83c90726848bd6726f74e72c557abb",
"type": "github"
},
"original": {
"owner": "cid-chan",
"repo": "peerix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"darwin": "darwin", "darwin": "darwin",
@ -145,6 +167,7 @@
"mcchunkie": "mcchunkie", "mcchunkie": "mcchunkie",
"microca": "microca", "microca": "microca",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"peerix": "peerix",
"sshKnownHosts": "sshKnownHosts", "sshKnownHosts": "sshKnownHosts",
"stable": "stable", "stable": "stable",
"unstable": "unstable", "unstable": "unstable",
@ -192,11 +215,11 @@
}, },
"stable": { "stable": {
"locked": { "locked": {
"lastModified": 1661754554, "lastModified": 1661825248,
"narHash": "sha256-de5B2kxfNBLYQrAw7jiavjkNTqI7+2ff5etpn7h1OYo=", "narHash": "sha256-3A5W95RnB8aELcapCalM8zJhyIo+iNyN77uRJfkbFig=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8771f639c5539e0285aea854404047af78ed7007", "rev": "f4924a0a1fba98b6721792f2a5b1d71e11664dfa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -240,11 +263,11 @@
}, },
"unstableSmall": { "unstableSmall": {
"locked": { "locked": {
"lastModified": 1661757213, "lastModified": 1661846789,
"narHash": "sha256-f52E4WkJSUxuollb5YgPG7aw1Qbe6eOEtpWd2TM9MxM=", "narHash": "sha256-gpizELTzMLw/UislEW9rp4B5ZLcgHkQbkqoxCoDZurc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "767a1251bf27d89868e86a4e2f6a2b37781e546b", "rev": "1cc8a7ba8844f68a646da509a3976b52f406a28c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -260,11 +283,11 @@
"stable": "stable_2" "stable": "stable_2"
}, },
"locked": { "locked": {
"lastModified": 1661788636, "lastModified": 1661891289,
"narHash": "sha256-CaVETfPsIWXw2Rw4jYwR/m85iNVPT+8C9hCYJ9i+rWg=", "narHash": "sha256-GY5MlRoHpnnziRpV/e2h8eWI4yu3e6gCA7Flt6JA31A=",
"ref": "main", "ref": "main",
"rev": "29bbc65eae31d82e8675d21bd337148bdae0cd43", "rev": "5777109f8298dcf1d893b2cd743a7e088bba231f",
"revCount": 32, "revCount": 37,
"type": "git", "type": "git",
"url": "ssh://xin-secrets-ro/qbit/xin-secrets.git" "url": "ssh://xin-secrets-ro/qbit/xin-secrets.git"
}, },

View File

@ -17,7 +17,7 @@
emacs-overlay = { emacs-overlay = {
url = url =
"github:nix-community/emacs-overlay/0bb59bd04ff65270b34434edde00654f43a0dec8"; "github:nix-community/emacs-overlay";
inputs.nixpkgs.follows = "stable"; inputs.nixpkgs.follows = "stable";
}; };
@ -45,14 +45,23 @@
url = "github:qbit/gqrss"; url = "github:qbit/gqrss";
flake = false; flake = false;
}; };
peerix = {
url = "github:cid-chan/peerix";
inputs.nixpkgs.follows = "stable";
};
}; };
outputs = { self, unstable, unstableSmall, stable, nixos-hardware outputs = { self, unstable, unstableSmall, stable, nixos-hardware
, sshKnownHosts, microca, mcchunkie, gqrss, darwin, xin-secrets, ... , sshKnownHosts, microca, mcchunkie, gqrss, darwin, xin-secrets, peerix, ...
}@flakes: }@flakes:
let let
hostBase = { hostBase = {
overlays = [ flakes.emacs-overlay.overlay ]; overlays = [
flakes.emacs-overlay.overlay
flakes.peerix.overlay
];
modules = [ modules = [
# Common config stuffs # Common config stuffs
(import (./default.nix)) (import (./default.nix))
@ -63,7 +72,7 @@
]; ];
}; };
overlays = [ flakes.emacs-overlay.overlay ]; overlays = [ flakes.emacs-overlay.overlay flakes.peerix.overlay ];
buildVer = { system.configurationRevision = self.rev or "DIRTY"; }; buildVer = { system.configurationRevision = self.rev or "DIRTY"; };
buildShell = pkgs: buildShell = pkgs:
@ -116,13 +125,16 @@
nixosConfigurations = { nixosConfigurations = {
box = buildSys "x86_64-linux" stable [ ] "box"; box = buildSys "x86_64-linux" stable [ ] "box";
europa = buildSys "x86_64-linux" unstable [ ] "europa"; europa = buildSys "x86_64-linux" unstable [ peerix.nixosModules.peerix ]
"europa";
faf = buildSys "x86_64-linux" stable [ ] "faf"; faf = buildSys "x86_64-linux" stable [ ] "faf";
hass = buildSys "x86_64-linux" stable [ ] "hass"; hass = buildSys "x86_64-linux" stable [ ] "hass";
h = buildSys "x86_64-linux" unstableSmall [ ] "h"; h = buildSys "x86_64-linux" unstableSmall [ ] "h";
litr = buildSys "x86_64-linux" unstable [ ] "litr"; litr = buildSys "x86_64-linux" unstable [ ] "litr";
stan = buildSys "x86_64-linux" stable [ stan = buildSys "x86_64-linux" stable [
nixos-hardware.nixosModules.framework nixos-hardware.nixosModules.framework
peerix.nixosModules.peerix
] "stan"; ] "stan";
weather = buildSys "aarch64-linux" stable weather = buildSys "aarch64-linux" stable
[ nixos-hardware.nixosModules.raspberry-pi-4 ] "weather"; [ nixos-hardware.nixosModules.raspberry-pi-4 ] "weather";

View File

@ -29,6 +29,12 @@ in {
group = "wheel"; group = "wheel";
mode = "400"; mode = "400";
}; };
peerix_private_key = {
sopsFile = config.xin-secrets.europa.peerix;
owner = "peerix";
group = "wheel";
mode = "400";
};
}; };
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
@ -118,6 +124,11 @@ in {
}; };
}; };
tsPeerix = {
enable = true;
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
};
programs.steam.enable = true; programs.steam.enable = true;
services = { services = {
emacs = { emacs = {

View File

@ -60,6 +60,12 @@ in {
owner = "root"; owner = "root";
mode = "400"; mode = "400";
}; };
peerix_private_key = {
sopsFile = config.xin-secrets.stan.peerix;
owner = "peerix";
group = "peerix";
mode = "400";
};
}; };
systemd.services = { systemd.services = {
@ -111,6 +117,11 @@ in {
zsh.enable = true; zsh.enable = true;
}; };
tsPeerix = {
enable = true;
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
};
services = { services = {
emacs = { emacs = {
enable = false; enable = false;