stuff
This commit is contained in:
parent
b8af0e9761
commit
8164e92af6
84 changed files with 674 additions and 567 deletions
62
README.md
62
README.md
|
|
@ -2,25 +2,51 @@
|
|||
|
||||
This is my cobbled together NixOS configuration. There are many like it, but this one is mine. Copy at your own risk.
|
||||
|
||||
## Structure
|
||||
|
||||
* common: Sane defaults that make sense to use for every host.
|
||||
* modules: Regular NixOS modules.
|
||||
* profiles: Higher-level NixOS modules that conform to different roles that a host may have.
|
||||
* packages: Packages that I couldn't fit anywhere else.
|
||||
* secrets: Agenix secrets.
|
||||
* hosts: Hosts exposed in `nixosConfigurations`.
|
||||
* pubkeys.nix: Nix expression with all my SSH public keys, used for OpenSSH, Agenix and Restic.
|
||||
* lib.nix: Nixpkgs' lib with some extra functionality.
|
||||
|
||||
## Ports
|
||||
|
||||
* 80X0: Public HTTP services that are proxied through nginx
|
||||
* 40X0: Syncthing instances (4000 being the system instance, subsequent ones are for individual users)
|
||||
|
||||
## Installation
|
||||
|
||||
```bash
|
||||
nix run git+https://codeberg.org/helvetica/puter.git#disk /path/to/disk
|
||||
# TODO: Configure additional disks
|
||||
mkdir -p /mnt/etc/ssh
|
||||
cat > /mnt/etc/ssh/ssh_host_ed25519_key
|
||||
chmod 600 /mnt/etc/ssh/ssh_host_ed25519_key
|
||||
ssh-keygen -f /mnt/etc/ssh/ssh_host_ed25519_key -y > /mnt/etc/ssh/ssh_host_ed25519_key.pub
|
||||
nixos-install --no-root-password --flake git+https://codeberg.org/helvetica/puter.git#hostname
|
||||
```
|
||||
|
||||
## systemd-cryptenroll
|
||||
|
||||
```bash
|
||||
systemd-cryptenroll /dev/sdX --tpm2-device=auto
|
||||
```
|
||||
|
||||
## Create tar for sbctl
|
||||
|
||||
```bash
|
||||
sudo sbctl create-keys
|
||||
sudo tar --create --directory /var/lib/sbctl . | agenix -e secure-boot/hostname.tar.age
|
||||
```
|
||||
|
||||
## TODO
|
||||
|
||||
- [ ] lanzaboote
|
||||
- [ ] monitoring (prometheus)
|
||||
- [ ] logging (loki)
|
||||
- [ ] kiosk
|
||||
- [ ] tailscale and headscale
|
||||
- [ ] game rom sync insomniac
|
||||
- [ ] Lanzaboote
|
||||
- [ ] Monitoring
|
||||
- [ ] Rom sync
|
||||
- [ ] insomniac backups
|
||||
- [ ] nginx websites
|
||||
|
||||
## port allocation
|
||||
|
||||
* 80X0: public HTTP services that are proxied through nginx
|
||||
* 40X0: syncthing instances (4000 being the system instance, subsequent ones are for individual users)
|
||||
* 60X0: private HTTP services that are accessible via tailscale
|
||||
* 20XX: Administrative stuff, like prometheus etc.
|
||||
|
||||
* 8000: vaultwarden
|
||||
* 8010: headscale
|
||||
|
||||
* 4000: syncthing
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue