diff --git a/nix/default.nix b/configuration.nix similarity index 100% rename from nix/default.nix rename to configuration.nix diff --git a/nix/flake/checks.nix b/flake-parts/checks.nix similarity index 100% rename from nix/flake/checks.nix rename to flake-parts/checks.nix diff --git a/nix/flake/deploy.nix b/flake-parts/deploy.nix similarity index 100% rename from nix/flake/deploy.nix rename to flake-parts/deploy.nix diff --git a/nix/flake/kubenix/base.nix b/flake-parts/kubenix/base.nix similarity index 100% rename from nix/flake/kubenix/base.nix rename to flake-parts/kubenix/base.nix diff --git a/nix/flake/kubenix/bind9.nix b/flake-parts/kubenix/bind9.nix similarity index 100% rename from nix/flake/kubenix/bind9.nix rename to flake-parts/kubenix/bind9.nix diff --git a/nix/flake/kubenix/certificate.yaml b/flake-parts/kubenix/certificate.yaml similarity index 100% rename from nix/flake/kubenix/certificate.yaml rename to flake-parts/kubenix/certificate.yaml diff --git a/nix/flake/kubenix/certificaterequest.yaml b/flake-parts/kubenix/certificaterequest.yaml similarity index 100% rename from nix/flake/kubenix/certificaterequest.yaml rename to flake-parts/kubenix/certificaterequest.yaml diff --git a/nix/flake/kubenix/challenge.yaml b/flake-parts/kubenix/challenge.yaml similarity index 100% rename from nix/flake/kubenix/challenge.yaml rename to flake-parts/kubenix/challenge.yaml diff --git a/nix/flake/kubenix/clusterissuer.yaml b/flake-parts/kubenix/clusterissuer.yaml similarity index 100% rename from nix/flake/kubenix/clusterissuer.yaml rename to flake-parts/kubenix/clusterissuer.yaml diff --git a/nix/flake/kubenix/cyberchef.nix b/flake-parts/kubenix/cyberchef.nix similarity index 100% rename from nix/flake/kubenix/cyberchef.nix rename to flake-parts/kubenix/cyberchef.nix diff --git a/nix/flake/kubenix/default.nix b/flake-parts/kubenix/default.nix similarity index 100% rename from nix/flake/kubenix/default.nix rename to flake-parts/kubenix/default.nix diff --git a/nix/flake/kubenix/dnsmasq.nix b/flake-parts/kubenix/dnsmasq.nix similarity index 100% rename from nix/flake/kubenix/dnsmasq.nix rename to flake-parts/kubenix/dnsmasq.nix diff --git a/nix/flake/kubenix/forgejo.nix b/flake-parts/kubenix/forgejo.nix similarity index 100% rename from nix/flake/kubenix/forgejo.nix rename to flake-parts/kubenix/forgejo.nix diff --git a/nix/flake/kubenix/freshrss.nix b/flake-parts/kubenix/freshrss.nix similarity index 100% rename from nix/flake/kubenix/freshrss.nix rename to flake-parts/kubenix/freshrss.nix diff --git a/nix/flake/kubenix/hedgedoc.nix b/flake-parts/kubenix/hedgedoc.nix similarity index 100% rename from nix/flake/kubenix/hedgedoc.nix rename to flake-parts/kubenix/hedgedoc.nix diff --git a/nix/flake/kubenix/inbucket.nix b/flake-parts/kubenix/inbucket.nix similarity index 100% rename from nix/flake/kubenix/inbucket.nix rename to flake-parts/kubenix/inbucket.nix diff --git a/nix/flake/kubenix/issuer.yaml b/flake-parts/kubenix/issuer.yaml similarity index 100% rename from nix/flake/kubenix/issuer.yaml rename to flake-parts/kubenix/issuer.yaml diff --git a/nix/flake/kubenix/kitchenowl.nix b/flake-parts/kubenix/kitchenowl.nix similarity index 100% rename from nix/flake/kubenix/kitchenowl.nix rename to flake-parts/kubenix/kitchenowl.nix diff --git a/nix/flake/kubenix/kms.nix b/flake-parts/kubenix/kms.nix similarity index 100% rename from nix/flake/kubenix/kms.nix rename to flake-parts/kubenix/kms.nix diff --git a/nix/flake/kubenix/media.nix b/flake-parts/kubenix/media.nix similarity index 100% rename from nix/flake/kubenix/media.nix rename to flake-parts/kubenix/media.nix diff --git a/nix/flake/kubenix/nextcloud.nix b/flake-parts/kubenix/nextcloud.nix similarity index 100% rename from nix/flake/kubenix/nextcloud.nix rename to flake-parts/kubenix/nextcloud.nix diff --git a/nix/flake/kubenix/order.yaml b/flake-parts/kubenix/order.yaml similarity index 100% rename from nix/flake/kubenix/order.yaml rename to flake-parts/kubenix/order.yaml diff --git a/nix/flake/kubenix/paperless-ngx.nix b/flake-parts/kubenix/paperless-ngx.nix similarity index 100% rename from nix/flake/kubenix/paperless-ngx.nix rename to flake-parts/kubenix/paperless-ngx.nix diff --git a/nix/flake/kubenix/pihole.nix b/flake-parts/kubenix/pihole.nix similarity index 100% rename from nix/flake/kubenix/pihole.nix rename to flake-parts/kubenix/pihole.nix diff --git a/nix/flake/kubenix/radicale.nix b/flake-parts/kubenix/radicale.nix similarity index 100% rename from nix/flake/kubenix/radicale.nix rename to flake-parts/kubenix/radicale.nix diff --git a/nix/flake/kubenix/syncthing.nix b/flake-parts/kubenix/syncthing.nix similarity index 100% rename from nix/flake/kubenix/syncthing.nix rename to flake-parts/kubenix/syncthing.nix diff --git a/nix/flake/nixos.nix b/flake-parts/nixos.nix similarity index 96% rename from nix/flake/nixos.nix rename to flake-parts/nixos.nix index 6e1fbec..396e789 100644 --- a/nix/flake/nixos.nix +++ b/flake-parts/nixos.nix @@ -13,7 +13,7 @@ in specialArgs = { inherit nixpkgs-unstable machines machine dns agenix nixos-hardware kubenix disko; }; modules = [ - ../. + ../configuration.nix { networking.hostName = name; } { nixpkgs.overlays = [ diff --git a/nix/flake/scripts/bootstrap.sh b/flake-parts/scripts/bootstrap.sh similarity index 100% rename from nix/flake/scripts/bootstrap.sh rename to flake-parts/scripts/bootstrap.sh diff --git a/nix/flake/scripts/default.nix b/flake-parts/scripts/default.nix similarity index 100% rename from nix/flake/scripts/default.nix rename to flake-parts/scripts/default.nix diff --git a/nix/flake/scripts/gen-k3s-cert.sh b/flake-parts/scripts/gen-k3s-cert.sh similarity index 100% rename from nix/flake/scripts/gen-k3s-cert.sh rename to flake-parts/scripts/gen-k3s-cert.sh diff --git a/flake.nix b/flake.nix index 6c31cf0..7d90175 100644 --- a/flake.nix +++ b/flake.nix @@ -39,14 +39,14 @@ let hostSystem = "x86_64-linux"; hostPkgs = import nixpkgs { system = hostSystem; }; - machines = (hostPkgs.lib.modules.evalModules { modules = [ (import ./nix/machines) ]; }).config.machines; + machines = (hostPkgs.lib.modules.evalModules { modules = [ (import ./machines) ]; }).config.machines; in flake-utils.lib.meld (inputs // { inherit hostPkgs machines; }) [ - ./nix/flake/scripts - ./nix/flake/checks.nix - ./nix/flake/deploy.nix - ./nix/flake/nixos.nix - ./nix/flake/kubenix + ./flake-parts/scripts + ./flake-parts/checks.nix + ./flake-parts/deploy.nix + ./flake-parts/nixos.nix + ./flake-parts/kubenix ] // (flake-utils.lib.eachDefaultSystem (system: { formatter = nixpkgs.legacyPackages.${system}.nixfmt; })); diff --git a/nix/globals.nix b/globals.nix similarity index 100% rename from nix/globals.nix rename to globals.nix diff --git a/nix/machines/atlas.nix b/machines/atlas.nix similarity index 100% rename from nix/machines/atlas.nix rename to machines/atlas.nix diff --git a/nix/machines/default.nix b/machines/default.nix similarity index 100% rename from nix/machines/default.nix rename to machines/default.nix diff --git a/nix/machines/jefke.nix b/machines/jefke.nix similarity index 100% rename from nix/machines/jefke.nix rename to machines/jefke.nix diff --git a/nix/machines/lewis.nix b/machines/lewis.nix similarity index 84% rename from nix/machines/lewis.nix rename to machines/lewis.nix index 9e1314c..8787843 100644 --- a/nix/machines/lewis.nix +++ b/machines/lewis.nix @@ -5,7 +5,6 @@ nixosModule.lab = { backups.enable = true; data-sharing.enable = true; - networking.dmz.allowConnectivity = true; storage = { osDisk = "/dev/sda"; diff --git a/nix/machines/warwick.nix b/machines/warwick.nix similarity index 100% rename from nix/machines/warwick.nix rename to machines/warwick.nix diff --git a/nix/modules/backups.nix b/modules/backups.nix similarity index 96% rename from nix/modules/backups.nix rename to modules/backups.nix index 47e3128..1288d2e 100644 --- a/nix/modules/backups.nix +++ b/modules/backups.nix @@ -18,10 +18,10 @@ let - path: ${cfg.repoLocation} label: nfs - path: ssh://s6969ym3@s6969ym3.repo.borgbase.com/./repo - label: ec2 + label: borgbase exclude_patterns: - ${cfg.snapshotLocation}/media - ssh_command: "${pkgs.openssh}/bin/ssh -i ${config.age.secrets."ec2_borg_server.pem".path} -o StrictHostKeychecking=no" + ssh_command: "${pkgs.openssh}/bin/ssh -i ${config.age.secrets."borgbase.pem".path} -o StrictHostKeychecking=no" keep_daily: 7 keep_weekly: 4 keep_monthly: 6 @@ -123,7 +123,7 @@ in age.secrets = { "database_passwords.env".file = ../secrets/database_passwords.env.age; "borg_passphrase".file = ../secrets/borg_passphrase.age; - "ec2_borg_server.pem".file = ../secrets/ec2_borg_server.pem.age; + "borgbase.pem".file = ../secrets/borgbase.pem.age; }; }; } diff --git a/nix/modules/data-sharing.nix b/modules/data-sharing.nix similarity index 100% rename from nix/modules/data-sharing.nix rename to modules/data-sharing.nix diff --git a/nix/modules/default.nix b/modules/default.nix similarity index 100% rename from nix/modules/default.nix rename to modules/default.nix diff --git a/nix/modules/globals.nix b/modules/globals.nix similarity index 100% rename from nix/modules/globals.nix rename to modules/globals.nix diff --git a/nix/modules/k3s/bootstrap.nix b/modules/k3s/bootstrap.nix similarity index 100% rename from nix/modules/k3s/bootstrap.nix rename to modules/k3s/bootstrap.nix diff --git a/nix/modules/k3s/default.nix b/modules/k3s/default.nix similarity index 100% rename from nix/modules/k3s/default.nix rename to modules/k3s/default.nix diff --git a/nix/modules/monitoring/default.nix b/modules/monitoring/default.nix similarity index 100% rename from nix/modules/monitoring/default.nix rename to modules/monitoring/default.nix diff --git a/nix/modules/monitoring/gatus-endpoints.nix b/modules/monitoring/gatus-endpoints.nix similarity index 100% rename from nix/modules/monitoring/gatus-endpoints.nix rename to modules/monitoring/gatus-endpoints.nix diff --git a/modules/networking/default.nix b/modules/networking/default.nix new file mode 100644 index 0000000..e07f8c5 --- /dev/null +++ b/modules/networking/default.nix @@ -0,0 +1,38 @@ +{ lib, machine, ... }: { + config = { + networking = { + domain = "dmz"; + nftables.enable = true; + useDHCP = false; + + firewall = { + enable = true; + }; + }; + + systemd.network = { + enable = true; + + networks = lib.attrsets.mergeAttrsList [ + (lib.optionalAttrs (! machine.isRaspberryPi) { + "30-main-nic" = { + matchConfig.Name = "en*"; + + networkConfig = { + DHCP = "yes"; + }; + }; + }) + (lib.optionalAttrs machine.isRaspberryPi { + "30-main-nic" = { + matchConfig.Name = "end*"; + networkConfig = { + IPv6AcceptRA = true; + DHCP = "yes"; + }; + }; + }) + ]; + }; + }; +} diff --git a/nix/modules/storage.nix b/modules/storage.nix similarity index 100% rename from nix/modules/storage.nix rename to modules/storage.nix diff --git a/nix/net.nix b/net.nix similarity index 100% rename from nix/net.nix rename to net.nix diff --git a/nix/modules/networking/default.nix b/nix/modules/networking/default.nix deleted file mode 100644 index bf8e0c8..0000000 --- a/nix/modules/networking/default.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ lib, config, machine, ... }: -let cfg = config.lab.networking; -in { - options.lab.networking = { - dmz = { - allowConnectivity = lib.mkOption { - default = false; - type = lib.types.bool; - description = '' - Whether to allow networking on the DMZ bridge interface. - ''; - }; - - bridgeName = lib.mkOption { - default = "bridgedmz"; - type = lib.types.str; - description = '' - The name of the DMZ bridge. - ''; - }; - }; - - staticNetworking = lib.mkOption { - default = false; - type = lib.types.bool; - description = '' - Whether this machine has static networking configuration applied. - Routing is prepopulated, but IP addresses have to be set. - ''; - }; - - staticIPv4 = lib.mkOption { - type = lib.types.str; - description = '' - Static IPv4 address for the machine. - ''; - }; - - staticIPv6 = lib.mkOption { - type = lib.types.str; - description = '' - Static IPv6 address for the machine. - ''; - }; - }; - - config = { - networking = { - domain = "dmz"; - nftables.enable = true; - useDHCP = false; - - firewall = { - enable = true; - checkReversePath = false; - }; - }; - - systemd.network = { - enable = true; - - networks = lib.attrsets.mergeAttrsList [ - (lib.optionalAttrs (! machine.isRaspberryPi) { - "30-main-nic" = { - matchConfig.Name = "en*"; - - networkConfig = { - DHCP = "yes"; - }; - }; - }) - (lib.optionalAttrs machine.isRaspberryPi { - "30-main-nic" = { - matchConfig.Name = "end*"; - networkConfig = { - IPv6AcceptRA = true; - DHCP = "yes"; - }; - }; - }) - ]; - }; - }; -} diff --git a/nix/secrets/README.md b/secrets/README.md similarity index 100% rename from nix/secrets/README.md rename to secrets/README.md diff --git a/nix/secrets/borg_passphrase.age b/secrets/borg_passphrase.age similarity index 100% rename from nix/secrets/borg_passphrase.age rename to secrets/borg_passphrase.age diff --git a/nix/secrets/ec2_borg_server.pem.age b/secrets/borgbase.pem.age similarity index 100% rename from nix/secrets/ec2_borg_server.pem.age rename to secrets/borgbase.pem.age diff --git a/nix/secrets/database_passwords.env.age b/secrets/database_passwords.env.age similarity index 100% rename from nix/secrets/database_passwords.env.age rename to secrets/database_passwords.env.age diff --git a/nix/secrets/secrets.nix b/secrets/secrets.nix similarity index 97% rename from nix/secrets/secrets.nix rename to secrets/secrets.nix index db177ab..7c5045c 100644 --- a/nix/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -10,7 +10,7 @@ let encryptedFileNames = [ "database_passwords.env.age" "borg_passphrase.age" - "ec2_borg_server.pem.age" + "borgbase.pem.age" ]; machinePublicKeys = [