aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.org7
-rw-r--r--machines/nixos/x86_64-linux/argonath.nix6
-rw-r--r--machines/nixos/x86_64-linux/bree.nix1
-rw-r--r--machines/nixos/x86_64-linux/iso.nix16
-rw-r--r--machines/nixos/x86_64-linux/rivendell.nix7
-rw-r--r--profiles/disk/basic-vm.nix1
-rw-r--r--secrets/acme-cloudflare-env.agebin490 -> 380 bytes
-rw-r--r--secrets/argonath/wireguard.agebin367 -> 367 bytes
-rw-r--r--secrets/authelia-jwks.agebin2026 -> 2026 bytes
-rw-r--r--secrets/authelia-jwt-key.agebin409 -> 409 bytes
-rw-r--r--secrets/authelia-storage-key.agebin409 -> 409 bytes
-rw-r--r--secrets/authelia-users.yaml.agebin556 -> 556 bytes
-rw-r--r--secrets/bree/wireguard.age12
-rw-r--r--secrets/miniflux-oidc.agebin395 -> 395 bytes
-rw-r--r--secrets/restic-nas-smb-config.agebin431 -> 431 bytes
-rw-r--r--secrets/restic-pw.agebin453 -> 343 bytes
-rw-r--r--secrets/rivendell/wireguard.agebin367 -> 367 bytes
-rw-r--r--secrets/secrets.nix2
-rw-r--r--secrets/ssh-remote-builder.agebin831 -> 721 bytes
19 files changed, 37 insertions, 15 deletions
diff --git a/README.org b/README.org
index 7a1005c..758eea4 100644
--- a/README.org
+++ b/README.org
@@ -28,7 +28,12 @@ nix run github:nix-community/nixos-anywhere -- --flake .#<host> --target-host ro
#+end_src
Once the host reboots, check that it's converted to NixOS by running =uname -a=.
-
+** Steps for a new VM on the Synology NAS
+- chose VGA for the display (otherwise ~systemd-udevd~ gets stuck)
+- use UEFI for boot
+- use the ISO generated with =nix build .#nixosConfigurations.iso.config.system.build.isoImage=
+- boot to the installer
+- run =nix run github:nix-community/nixos-anywhere -- --flake .#<name> --target-host <ip>
** Create the nixos installer
Run
#+begin_src sh
diff --git a/machines/nixos/x86_64-linux/argonath.nix b/machines/nixos/x86_64-linux/argonath.nix
index a67054a..218df5a 100644
--- a/machines/nixos/x86_64-linux/argonath.nix
+++ b/machines/nixos/x86_64-linux/argonath.nix
@@ -31,6 +31,12 @@
privateKeyFile = config.age.secrets.wireguard.path;
peers = [
{
+ # bree
+ publicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904=";
+ allowedIPs = [ "10.100.0.40/32" ];
+ persistentKeepalive = 25;
+ }
+ {
# rivendell
publicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng=";
allowedIPs = [ "10.100.0.60/32" ];
diff --git a/machines/nixos/x86_64-linux/bree.nix b/machines/nixos/x86_64-linux/bree.nix
index 7c8a661..7296077 100644
--- a/machines/nixos/x86_64-linux/bree.nix
+++ b/machines/nixos/x86_64-linux/bree.nix
@@ -9,6 +9,7 @@
../../../profiles/cgroups.nix
../../../profiles/defaults.nix
../../../profiles/disk/basic-vm.nix
+ ../../../profiles/hardware/synology-vm.nix
../../../profiles/home-manager.nix
../../../profiles/server.nix
];
diff --git a/machines/nixos/x86_64-linux/iso.nix b/machines/nixos/x86_64-linux/iso.nix
index e914571..89acbf7 100644
--- a/machines/nixos/x86_64-linux/iso.nix
+++ b/machines/nixos/x86_64-linux/iso.nix
@@ -4,18 +4,20 @@
imports = [
"${modulesPath}/installer/cd-dvd/channel.nix"
"${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
- {
- home-manager.users.${adminUser.name} = {
- imports = [
- { home.stateVersion = "25.05"; }
- ];
- };
- }
+ ../../../profiles/home-manager.nix
];
boot.loader.grub.efiSupport = true;
boot.loader.grub.efiInstallAsRemovable = true;
boot.loader.grub.device = "nodev";
+ home-manager = {
+ users.${adminUser.name} = {
+ imports = [
+ ../../../home/profiles/minimal.nix
+ ];
+ };
+ };
+
system.stateVersion = "25.05"; # Did you read the comment?
}
diff --git a/machines/nixos/x86_64-linux/rivendell.nix b/machines/nixos/x86_64-linux/rivendell.nix
index 8e8ab20..bd7d01b 100644
--- a/machines/nixos/x86_64-linux/rivendell.nix
+++ b/machines/nixos/x86_64-linux/rivendell.nix
@@ -54,6 +54,13 @@
privateKeyFile = config.age.secrets.wireguard.path;
peers = [
{
+ # bree
+ publicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904=";
+ allowedIPs = [ "10.100.0.40/32" ];
+ persistentKeepalive = 25;
+ endpoint = "192.168.1.50:51871";
+ }
+ {
# argonath
publicKey = "vTItDh9YPnA+8hL1kIK+7EHv0ol3qvhfAfz790miw1w=";
allowedIPs = [ "10.100.0.51/32" ];
diff --git a/profiles/disk/basic-vm.nix b/profiles/disk/basic-vm.nix
index f3d9f33..88db04f 100644
--- a/profiles/disk/basic-vm.nix
+++ b/profiles/disk/basic-vm.nix
@@ -3,6 +3,7 @@
disko.devices = {
disk.disk1 = {
type = "disk";
+ device = "/dev/sda";
content = {
type = "gpt";
partitions = {
diff --git a/secrets/acme-cloudflare-env.age b/secrets/acme-cloudflare-env.age
index ead4006..db0a29e 100644
--- a/secrets/acme-cloudflare-env.age
+++ b/secrets/acme-cloudflare-env.age
Binary files differ
diff --git a/secrets/argonath/wireguard.age b/secrets/argonath/wireguard.age
index 7177521..5ae3a5b 100644
--- a/secrets/argonath/wireguard.age
+++ b/secrets/argonath/wireguard.age
Binary files differ
diff --git a/secrets/authelia-jwks.age b/secrets/authelia-jwks.age
index 59ac430..4f4d52b 100644
--- a/secrets/authelia-jwks.age
+++ b/secrets/authelia-jwks.age
Binary files differ
diff --git a/secrets/authelia-jwt-key.age b/secrets/authelia-jwt-key.age
index ec41112..ac2058f 100644
--- a/secrets/authelia-jwt-key.age
+++ b/secrets/authelia-jwt-key.age
Binary files differ
diff --git a/secrets/authelia-storage-key.age b/secrets/authelia-storage-key.age
index ee1d6b1..f315afe 100644
--- a/secrets/authelia-storage-key.age
+++ b/secrets/authelia-storage-key.age
Binary files differ
diff --git a/secrets/authelia-users.yaml.age b/secrets/authelia-users.yaml.age
index 4a0f38d..dc8fe62 100644
--- a/secrets/authelia-users.yaml.age
+++ b/secrets/authelia-users.yaml.age
Binary files differ
diff --git a/secrets/bree/wireguard.age b/secrets/bree/wireguard.age
index b12c816..de570fa 100644
--- a/secrets/bree/wireguard.age
+++ b/secrets/bree/wireguard.age
@@ -1,7 +1,7 @@
age-encryption.org/v1
--> ssh-ed25519 pFjJaA zk/q9O4FfhQKjzVrL1zK0h97Vu2vPgrfhlFSJyvrClA
-txm5lizEGN7VH+wWI2+6TjpGRPK3g5UnsSNrDPIshQ4
--> ssh-ed25519 qRUWSw 0pqNpcBK9h8JCh906PB5zN4kuJs6yV3q1/75Gibg+T4
-FLYhwYz72hazErOZBVqUaLNW7M+zHXWCWZo5zQ7jQFk
---- jqpYy1uh4q4KN7BaiBRFdTRssZ429m1FL4lrLHl1xmM
-qRp[ x}A.aB<qEB@^Qs?Fbs[Z`R4% d֌ X5 \ No newline at end of file
+-> ssh-ed25519 pFjJaA 0gvJUmVKqpTedh5fWA1vMslSIUXGfVFS9bArPGEiZko
+NuKvkX+sCZE59zqkbF+ecDsqqvGxJd7Fjyc/wZfTtMM
+-> ssh-ed25519 OxmK1A 1NL6Ai4P/bB9un6eQqDacBcs7gbUI2wEaXLqO5EujQk
+xdpVqWKmAi2pofuDnp3U4y8gUnib8/LK4LsD9ATTdy4
+--- cq7KLv/+tx4zisjpe+cny29DcmKhOhee1SWxaR80KlU
+x6Q42ftDdеQQGd Lz=3 d1PfUM9~OcP*yP \ No newline at end of file
diff --git a/secrets/miniflux-oidc.age b/secrets/miniflux-oidc.age
index d6447df..ba2457f 100644
--- a/secrets/miniflux-oidc.age
+++ b/secrets/miniflux-oidc.age
Binary files differ
diff --git a/secrets/restic-nas-smb-config.age b/secrets/restic-nas-smb-config.age
index d90033e..74047f0 100644
--- a/secrets/restic-nas-smb-config.age
+++ b/secrets/restic-nas-smb-config.age
Binary files differ
diff --git a/secrets/restic-pw.age b/secrets/restic-pw.age
index 467e611..e31115e 100644
--- a/secrets/restic-pw.age
+++ b/secrets/restic-pw.age
Binary files differ
diff --git a/secrets/rivendell/wireguard.age b/secrets/rivendell/wireguard.age
index 3ba9a11..edc808d 100644
--- a/secrets/rivendell/wireguard.age
+++ b/secrets/rivendell/wireguard.age
Binary files differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 13f098d..a8f01cf 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,6 +1,6 @@
let
hosts = {
- bree = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHKZAKlqOU6bSuMaaZAsYJdZnmNASWuIbbrrOjB6yGb8";
+ bree = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFM4wZaYwz8kuu6lNrdrN6QOyouGQ0v1ye+Iwh1jawNi";
mba = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLQTIPZraE+jpMqGkh8yUhNFzRJbMarX5Mky3nETw6c";
rivendell = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID76U5kt8DfBbuP16rMzfBTVTpjjPFKWnnheMALaCQEd";
argonath = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHi9jHqRjpMzXlznTXi4nEtlRlFfyIzB6Ur9A+HDfFoq";
diff --git a/secrets/ssh-remote-builder.age b/secrets/ssh-remote-builder.age
index d83bb7d..374b72e 100644
--- a/secrets/ssh-remote-builder.age
+++ b/secrets/ssh-remote-builder.age
Binary files differ
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 06:53:48 +0000