This commit is contained in:
parent
bc753eb285
commit
24aa4b9842
217 changed files with 2213 additions and 1954 deletions
nixosModules/server
30
nixosModules/server/default.nix
Normal file
30
nixosModules/server/default.nix
Normal file
|
@ -0,0 +1,30 @@
|
|||
{lib, ...}: let
|
||||
inherit (lib) mkOption types;
|
||||
in {
|
||||
imports = [
|
||||
./sshd.nix
|
||||
./tailscale.nix
|
||||
];
|
||||
|
||||
options.roles.server = {
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
The name of the machine's main user.
|
||||
'';
|
||||
};
|
||||
|
||||
sshd.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
tailscale.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
|
||||
# For accurate stack trace
|
||||
_file = ./default.nix;
|
||||
}
|
32
nixosModules/server/sshd.nix
Normal file
32
nixosModules/server/sshd.nix
Normal file
|
@ -0,0 +1,32 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
|
||||
cfg = config.roles.server;
|
||||
in {
|
||||
config = mkIf cfg.sshd.enable {
|
||||
services = {
|
||||
openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
PermitRootLogin = "no";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
users.users.${cfg.user} = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPE39uk52+NIDLdHeoSHIEsOUUFRzj06AGn09z4TUOYm matt@OP9"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICr2+CpqXNMLsjgbrYyIwTKhlVSiIYol1ghBPzLmUpKl matt@binto"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJGbLu+Gb7PiyNgNXMHemaQLnKixebx1/4cdJGna9OQp matt@wim"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# For accurate stack trace
|
||||
_file = ./sshd.nix;
|
||||
}
|
49
nixosModules/server/tailscale.nix
Normal file
49
nixosModules/server/tailscale.nix
Normal file
|
@ -0,0 +1,49 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
inherit (config.networking) hostName;
|
||||
|
||||
cfg = config.roles.server;
|
||||
in {
|
||||
config = mkIf cfg.tailscale.enable {
|
||||
services = {
|
||||
tailscale = {
|
||||
enable = true;
|
||||
# TODO: add authKeyFile to get extraUpFlags to work
|
||||
# https://github.com/juanfont/headscale/issues/1550
|
||||
# https://github.com/juanfont/headscale/blob/main/docs/running-headscale-linux-manual.md#register-machine-using-a-pre-authenticated-key
|
||||
# https://www.reddit.com/r/NixOS/comments/18kz1nb/tailscale_extraupflags_not_working/
|
||||
extraUpFlags = [
|
||||
"--login-server https://headscale.nelim.org"
|
||||
"--operator=${cfg.user}"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
home-manager.users.${cfg.user} = {
|
||||
programs.bash.shellAliases = {
|
||||
# Connect to headscale
|
||||
tup = "tailscale up --login-server https://headscale.nelim.org";
|
||||
|
||||
# Desktop
|
||||
pc = "ssh -t matt@binto 'tmux -2u new -At ${hostName}'";
|
||||
|
||||
# NAS
|
||||
nos = "ssh -t matt@nos 'tmux -2u new -At ${hostName}'";
|
||||
|
||||
# Experimenting server
|
||||
servivi = "ssh -t matt@servivi 'tmux -2u new -At ${hostName}'";
|
||||
|
||||
# Cluster nodes
|
||||
thingone = "ssh -t matt@thingone 'tmux -2u new -At ${hostName}'";
|
||||
thingtwo = "ssh -t matt@thingtwo 'tmux -2u new -At ${hostName}'";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# For accurate stack trace
|
||||
_file = ./tailscale.nix;
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue