From 3701b8631a5c3e9c7992415f9e3fe1a3af77bbce Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sat, 24 Jan 2026 17:54:51 -0800 Subject: rebuild framebox with impermanence --- machines/framebox.nix | 94 ++++++++++++++++++++++++++++++++++++++++++++++++++ machines/rivendell.nix | 94 -------------------------------------------------- 2 files changed, 94 insertions(+), 94 deletions(-) create mode 100644 machines/framebox.nix delete mode 100644 machines/rivendell.nix (limited to 'machines') diff --git a/machines/framebox.nix b/machines/framebox.nix new file mode 100644 index 0000000..15a82bd --- /dev/null +++ b/machines/framebox.nix @@ -0,0 +1,94 @@ +{ + adminUser, + lib, + config, + pkgs, + ... +}: +{ + wgPublicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng="; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID76U5kt8DfBbuP16rMzfBTVTpjjPFKWnnheMALaCQEd"; + ephemeralRoot = true; + + age.secrets = { + wireguard.file = ../secrets/framebox/wireguard.age; + restic-local-pw.file = ../secrets/restic-pw.age; + restic-nas-smb-config.file = ../secrets/restic-nas-smb-config.age; + grafana-oidc.file = ../secrets/grafana-oidc.age; + miniflux-oidc.file = ../secrets/miniflux-oidc.age; + rsync-ssh-key.file = ../secrets/rsync-ssh-nas.age; + authelia-storage-key = { + file = ../secrets/authelia-storage-key.age; + owner = "authelia-main"; + }; + authelia-jwt-key = { + file = ../secrets/authelia-jwt-key.age; + owner = "authelia-main"; + }; + authelia-users = { + file = ../secrets/authelia-users.yaml.age; + owner = "authelia-main"; + }; + authelia-jwks = { + file = ../secrets/authelia-jwks.age; + owner = "authelia-main"; + }; + }; + + imports = [ + ../profiles/authelia.nix + ../profiles/core-metrics.nix + ../profiles/defaults.nix + ../profiles/disk/btrfs-on-luks.nix + ../profiles/git-server.nix + ../profiles/hardware/framework-desktop.nix + ../profiles/home-manager.nix + ../profiles/miniflux.nix + ../profiles/monitoring.nix + ../profiles/postgresql.nix + ../profiles/remote-unlock.nix + ../profiles/restic-backup.nix + ../profiles/server.nix + ../profiles/state.nix + ../profiles/users/admin-user.nix + ../profiles/users/builder.nix + ../profiles/users/home-manager.nix + ../profiles/wireguard.nix + ]; + + boot.kernelModules = [ "sg" ]; + + networking.hostName = "framebox"; + networking.useDHCP = lib.mkDefault true; + systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; + + services = { + website = { + enable = true; + openFirewall = true; + }; + restic.backups.local.paths = [ "/persist/save" ]; + restic.backups.synology.paths = [ + "/data/archives" + "/data/media/music" + "/persist/save" + ]; + }; + + users.users.${adminUser.name}.extraGroups = [ "cdrom" ]; + + system.stateVersion = "23.11"; + + home-manager.users.${adminUser.name} = { + home.homeDirectory = "/home/${adminUser.name}"; + imports = [ + ../home/profiles/minimal.nix + ]; + home.packages = with pkgs; [ + ffmpeg + imagemagick + makemkv + mkvtoolnix-cli + ]; + }; +} diff --git a/machines/rivendell.nix b/machines/rivendell.nix deleted file mode 100644 index 90d501d..0000000 --- a/machines/rivendell.nix +++ /dev/null @@ -1,94 +0,0 @@ -{ - adminUser, - lib, - config, - pkgs, - ... -}: -{ - wgPublicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng="; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID76U5kt8DfBbuP16rMzfBTVTpjjPFKWnnheMALaCQEd"; - ephemeralRoot = true; - - age.secrets = { - wireguard.file = ../secrets/rivendell/wireguard.age; - restic-local-pw.file = ../secrets/restic-pw.age; - restic-nas-smb-config.file = ../secrets/restic-nas-smb-config.age; - grafana-oidc.file = ../secrets/grafana-oidc.age; - miniflux-oidc.file = ../secrets/miniflux-oidc.age; - rsync-ssh-key.file = ../secrets/rsync-ssh-nas.age; - authelia-storage-key = { - file = ../secrets/authelia-storage-key.age; - owner = "authelia-main"; - }; - authelia-jwt-key = { - file = ../secrets/authelia-jwt-key.age; - owner = "authelia-main"; - }; - authelia-users = { - file = ../secrets/authelia-users.yaml.age; - owner = "authelia-main"; - }; - authelia-jwks = { - file = ../secrets/authelia-jwks.age; - owner = "authelia-main"; - }; - }; - - imports = [ - ../profiles/authelia.nix - ../profiles/core-metrics.nix - ../profiles/defaults.nix - ../profiles/disk/btrfs-on-luks.nix - ../profiles/git-server.nix - ../profiles/hardware/framework-desktop.nix - ../profiles/home-manager.nix - ../profiles/miniflux.nix - ../profiles/monitoring.nix - ../profiles/postgresql.nix - ../profiles/remote-unlock.nix - ../profiles/restic-backup.nix - ../profiles/server.nix - ../profiles/state.nix - ../profiles/users/admin-user.nix - ../profiles/users/builder.nix - ../profiles/users/home-manager.nix - ../profiles/wireguard.nix - ]; - - boot.kernelModules = [ "sg" ]; - - networking.hostName = "rivendell"; - networking.useDHCP = lib.mkDefault true; - systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; - - services = { - website = { - enable = true; - openFirewall = true; - }; - restic.backups.local.paths = [ "/persist/save" ]; - restic.backups.synology.paths = [ - "/data/archives" - "/data/media/music" - "/persist/save" - ]; - }; - - users.users.${adminUser.name}.extraGroups = [ "cdrom" ]; - - system.stateVersion = "23.11"; - - home-manager.users.${adminUser.name} = { - home.homeDirectory = "/home/${adminUser.name}"; - imports = [ - ../home/profiles/minimal.nix - ]; - home.packages = with pkgs; [ - ffmpeg - imagemagick - makemkv - mkvtoolnix-cli - ]; - }; -} -- cgit v1.2.3