diff options
Diffstat (limited to 'machines')
| -rw-r--r-- | machines/nixos/x86_64-linux/digitalocean.nix | 110 | ||||
| -rw-r--r-- | machines/nixos/x86_64-linux/vm-synology.nix | 19 |
2 files changed, 115 insertions, 14 deletions
diff --git a/machines/nixos/x86_64-linux/digitalocean.nix b/machines/nixos/x86_64-linux/digitalocean.nix new file mode 100644 index 0000000..5e6f069 --- /dev/null +++ b/machines/nixos/x86_64-linux/digitalocean.nix @@ -0,0 +1,110 @@ +{ + adminUser, + config, + lib, + modulesPath, + self, + ... +}: +{ + age = { + secrets = { + wireguard = { + file = "${self}/secrets/do/wireguard.age"; + }; + }; + }; + + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + (modulesPath + "/virtualisation/digital-ocean-config.nix") + "${self}/profiles/home-manager.nix" + "${self}/profiles/admin-user/user.nix" + "${self}/profiles/admin-user/home-manager.nix" + "${self}/profiles/disk/vm.nix" + "${self}/profiles/server.nix" + ]; + + disko.devices.disk.disk1.device = "/dev/vda"; + + # do not use DHCP, as DigitalOcean provisions IPs using cloud-init + networking.useDHCP = lib.mkForce false; + + networking.hostName = "do-jump"; + + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; + + home-manager.users.${adminUser.name} = { + imports = [ + "${self}/users/profiles/minimal.nix" + ]; + }; + + # this one seems to always be broken + systemd.services.growpart.enable = false; + + # in order to get networking setup we need to enable it in cloud-init + # Disables all modules that do not work with NixOS + # Based on https://github.com/nix-community/nixos-anywhere-examples/blob/7f945ff0ae676c0eb77360b892add91328dd1f17/digitalocean.nix + services.cloud-init = { + enable = true; + network.enable = true; + settings = { + datasource_list = [ + "ConfigDrive" + "Digitalocean" + ]; + datasource.ConfigDrive = { }; + datasource.Digitalocean = { }; + # Based on https://github.com/canonical/cloud-init/blob/main/config/cloud.cfg.tmpl + cloud_init_modules = [ + "seed_random" + "bootcmd" + "write_files" + "growpart" + "resizefs" + "set_hostname" + "update_hostname" + "set_password" + ]; + cloud_config_modules = [ + "ssh-import-id" + "keyboard" + "runcmd" + "disable_ec2_metadata" + ]; + cloud_final_modules = [ + "write_files_deferred" + "puppet" + "chef" + "ansible" + "mcollective" + "salt_minion" + "reset_rmc" + "scripts_per_once" + "scripts_per_boot" + "scripts_user" + "ssh_authkey_fingerprints" + "keys_to_console" + "install_hotplug" + "phone_home" + "final_message" + ]; + }; + }; + + networking.wireguard = { + enable = true; + interfaces.wg0 = { + ips = [ "10.100.0.50/32" ]; + listenPort = 51871; + privateKeyFile = config.age.secrets.wireguard.path; + }; + }; + + networking.firewall.allowedUDPPorts = [ 51871 ]; + system.stateVersion = "25.05"; # Did you read the comment? +} diff --git a/machines/nixos/x86_64-linux/vm-synology.nix b/machines/nixos/x86_64-linux/vm-synology.nix index 309c3a6..468d0dd 100644 --- a/machines/nixos/x86_64-linux/vm-synology.nix +++ b/machines/nixos/x86_64-linux/vm-synology.nix @@ -1,4 +1,5 @@ { + lib, adminUser, config, self, @@ -37,7 +38,11 @@ # Use the systemd-boot EFI boot loader. boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.enable = true; + networking.hostName = "vm-synology"; + networking.useDHCP = lib.mkDefault true; + systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; home-manager.users.${adminUser.name} = { imports = [ @@ -45,20 +50,6 @@ ]; }; - services.cloudflared = { - enable = true; - certificateFile = config.age.secrets.cloudflared-cert.path; - tunnels = { - "cragmont" = { - credentialsFile = config.age.secrets.cloudflared-tunnel.path; - default = "http_status:404"; - ingress = { - "git.fcuny.net".service = "ssh://127.0.0.1:22"; - }; - }; - }; - }; - my.modules.nas-client = { enable = true; volumes = { |