Goodbye VyOS! Good riddance.

Adds my new router host: addams. Named after Jane Addams https://en.wikipedia.org/wiki/Jane_Addams Replaces my VyOS router.
Ramblurr · Feb 4, 2025 · 62629e2 · 62629e2
1 parent fe053a0
commit 62629e2
Show file tree

Hide file tree

Showing 30 changed files with 1,798 additions and 84 deletions.
diff --git a/.sops.yaml b/.sops.yaml
@@ -5,18 +5,11 @@ keys:
       - &disaster-recovery age15j42dspmmwprjau6l48xp05d97s8ml5s3tjxrfwvm37tvuynssuqtsevkj
   - hosts:
       - &quine age1catrh86sctuqvec04nhxwsmm7cpem4mx62smt3upt0480d6fve5q4gtx42
-      - &aquinas age1v0xf0qc66g0gc4pg68wzhswd82vnjw3u9rd2qds77y4s2mu96s2sutzmvy
       - &mali age10w46rzpkfyx7cfx8hy6dq059cw8zy7mrvtu2gc06hngyxspeh9aq45ssty
-      - &ovos-kitchen age1vfgnjj357pa8xq0vpl9cnfxhtczl7dgnafxlqal3pn9v4ud0kees4xua20
-      - &ovos-bedroom age12zdskqd632afljf4nffxafup4mhd0kl53psvqer8zup8qz9gn3qqtp7858
-      - &vpn age1fejrfw2c8z8g02z6j9fv4ddwm7y4valtmstxmpl0yktk7dm49phspxglgf
-      - &ibnsina age1rd4msy9hc7t7703kwypmt20r8qwkuqxyxuk3sd95sw2sc9gvjydqe67dn2
       - &debord age1ns0hnk5n6sw9uqdn7v4rynumjk0zd8zfsjhegka74xw55nnluy4qtju5um
-      - &peirce age18aeezktqhdqyh90zathz7uea2tqhgh52l2m6v6xjy06s008d69cq4glx7c
       - &dewey age1dtwmd5txsdjh3agr7zlqum8h024hasarflnpfavyqsu7g2lvvyksv8zff5
-      - &mill age1gxvdmyxmx4rczdaqaah8ysrwwpcladf9llax5ppleutesrwnxp9qxd4l69
-      - &fairybox age17gsltm4knk7d42nstzl3s07m5g6njvetlmhkmv0p7839afn4f5nqyqkn66
       - &witt age1dzr2v5py0vwj3wujdmfgcfjqc26vz07u7vl0j8la345y97f0au2smk79jd
+      - &addams age1t70vans0qsnru7j06fwtj7wq7hpfj59cxreu9a20rrxuahff9fmqsa2wjd
 creation_rules:
   - path_regex: secrets/secrets.sops.ya?ml$
     key_groups:
@@ -39,36 +32,13 @@ creation_rules:
           - *disaster-recovery
         pgp:
           - *ramblurr
-  - path_regex: hosts/aquinas/secrets.sops.ya?ml$
-    key_groups:
-      - age:
-          - *aquinas
-          - *disaster-recovery
-        pgp:
-          - *ramblurr
   - path_regex: hosts/mali/.*.sops.*$
     key_groups:
       - age:
           - *mali
           - *disaster-recovery
         pgp:
           - *ramblurr
-  - path_regex: hosts/ibnsina/.*.sops.*$
-    key_groups:
-      - age:
-          - *ibnsina
-          - *disaster-recovery
-        pgp:
-          - *ramblurr
-
-  - path_regex: hosts/mill/.*.sops.*$
-    key_groups:
-      - age:
-          - *mill
-          - *disaster-recovery
-        pgp:
-          - *ramblurr
-
   - path_regex: hosts/debord/.*.sops.*$
     key_groups:
       - age:
@@ -85,52 +55,17 @@ creation_rules:
         pgp:
           - *ramblurr
 
-  - path_regex: hosts/peirce/.*.sops.*$
-    key_groups:
-      - age:
-          - *peirce
-          - *disaster-recovery
-        pgp:
-          - *ramblurr
-
-  - path_regex: hosts/vpn/.*.sops.*$
-    key_groups:
-      - age:
-          - *vpn
-          - *disaster-recovery
-        pgp:
-          - *ramblurr
-
-  - path_regex: hosts/ovos-kitchen/.*.sops.*$
-    key_groups:
-      - age:
-          - *ovos-kitchen
-          - *disaster-recovery
-        pgp:
-          - *ramblurr
-
-  - path_regex: hosts/ovos-bedroom/.*.sops.*$
-    key_groups:
-      - age:
-          - *ovos-bedroom
-          - *disaster-recovery
-        pgp:
-          - *ramblurr
-
-  - path_regex: hosts/fairybox/.*.sops.*$
+  - path_regex: hosts/addams/.*.sops.*$
     key_groups:
       - age:
-          - *fairybox
+          - *addams
           - *disaster-recovery
         pgp:
           - *ramblurr
 
   - path_regex: configs/home-ops/.*.sops.*$
     key_groups:
       - age: &all-nodes
-          - *mill
-          - *ibnsina
-          - *peirce
           - *dewey
           - *debord
           - *disaster-recovery

diff --git a/README.md b/README.md
@@ -5,13 +5,14 @@
 
 ## Hosts
 
-| Hostname     | Purpose                                                             | Channel                     | Source                                       |   |
-|--------------|---------------------------------------------------------------------|-----------------------------|----------------------------------------------|---|
-| debord       | [Home Prod Server][home-ops] & Home Assistant                       | ![NixOS Unstable][unstable] | [hosts/debord/](./hosts/debord/)             |   |
-| dewey        | [Home Prod Server][home-ops]                                        | ![NixOS Unstable][unstable] | [hosts/dewey/](./hosts/dewey/)               |   |
-| mali         | [Storage NAS][NAS]                                                  | ![NixOS Stable][stable]     | [hosts/mali/](./hosts/mali/)                 |   |
-| quine        | [Primary workstation][workstation]                                  | ![NixOS Unstable][unstable] | [hosts/quine/](./hosts/quine/)               |   |
-| witt         | Travel laptop (Framework 13)                                        | ![NixOS Unstable][unstable] | [hosts/witt/](./hosts/witt/)                 |   |
+| Hostname | Purpose                                       | Channel                     | Source                           |   |
+|----------|-----------------------------------------------|-----------------------------|----------------------------------|---|
+| debord   | [Home Prod Server][home-ops] & Home Assistant | ![NixOS Unstable][unstable] | [hosts/debord/](./hosts/debord/) |   |
+| dewey    | [Home Prod Server][home-ops]                  | ![NixOS Unstable][unstable] | [hosts/dewey/](./hosts/dewey/)   |   |
+| mali     | [Storage NAS][NAS]                            | ![NixOS Stable][stable]     | [hosts/mali/](./hosts/mali/)     |   |
+| quine    | [Primary workstation][workstation]            | ![NixOS Unstable][unstable] | [hosts/quine/](./hosts/quine/)   |   |
+| witt     | Travel laptop (Framework 13)                  | ![NixOS Unstable][unstable] | [hosts/witt/](./hosts/witt/)     |   |
+| addams   | Router                                        | ![NixOS Unstable][unstable] | [hosts/addams/](./hosts/addams/) |   |
 
 
 Example build commands:

diff --git a/Taskfile.yml b/Taskfile.yml
@@ -108,7 +108,7 @@ tasks:
           FLAKE_URI: .#{{.flake | default "{{.host}}"}}
 
   image:
-    desc: Build the SD Card image for ovos-kitchen
+    desc: Build the SD Card image for a host
     summary: |
       host: the hostname to build (required)
     requires:
@@ -126,3 +126,8 @@ tasks:
       vars: ["host", "pkg"]
     cmds:
       - nix why-depends .\#nixosConfigurations.{{.host}}.config.system.build.toplevel .\#nixosConfigurations.{{.host}}.pkgs.{{.pkg}} --derivation | cat
+
+  new-host:
+    desc: Scaffold out a new host
+    cmds:
+      - python ./scripts/new-host.py
diff --git a/flake.nix b/flake.nix
@@ -136,6 +136,7 @@
       imports = [
         ./nix/hosts.nix
         ./nix/pkgs.nix
+        ./nix/iso-test.nix
       ];
 
       systems = [

diff --git a/hosts/addams/default.nix b/hosts/addams/default.nix
@@ -0,0 +1,108 @@
+{
+  config,
+  pkgs,
+  lib,
+  inputs,
+  ...
+}:
+let
+  hn = "addams";
+  defaultSopsFile = ./secrets.sops.yaml;
+  ramblurr = import ../ramblurr.nix {
+    inherit
+      config
+      lib
+      pkgs
+      inputs
+      ;
+  };
+in
+{
+  imports = [
+    ./hardware.nix
+    ../../config/secrets.nix
+    ./networking.nix
+    ./modules/firewall
+    ./modules/podman.nix
+    ./modules/chrony.nix
+    ./modules/kea
+    ./modules/powerdns.nix
+    #./modules/maddy.nix
+    ./modules/udpbroadcastrelay.nix
+    #./installer.nix
+  ];
+  system.stateVersion = "23.11";
+  environment.etc."machine-id".text = config.repo.secrets.local.machineId;
+  sops.defaultSopsFile = ./secrets.sops.yaml;
+  time.timeZone = "Europe/Berlin";
+  i18n.defaultLocale = "en_US.utf8";
+  boot.loader.systemd-boot.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    tcpdump
+  ];
+
+  ############################
+  ## My Custom Base Modules ##
+  ############################
+  modules = {
+    shell = {
+      htop.enable = true;
+      tmux.enable = true;
+      zsh.enable = true;
+    };
+    services = {
+      sshd.enable = true;
+    };
+    editors = {
+      vim.enable = true;
+    };
+    impermanence.enable = true;
+    boot.zfs = {
+      enable = true;
+      encrypted = true;
+      rootPool = "rpool";
+      scrubPools = [ "rpool" ];
+      extraPools = [ ];
+      autoSnapshot.enable = false;
+    };
+    zfs.datasets.enable = true;
+    security.default.enable = true;
+    # since this is my router, we handle networking and firealling in this host config
+    firewall.enable = false;
+    networking.default.enable = false;
+    users.enable = true;
+
+    users.primaryUser = ramblurr // {
+      defaultSopsFile = defaultSopsFile;
+      shell = pkgs.zsh;
+      extraGroups = [
+        "wheel"
+        "kvm"
+        "libvirtd"
+      ];
+    };
+  };
+
+  ######################
+  # Impermanence Setup #
+  ######################
+  environment.persistence."/persist" = {
+    hideMounts = true;
+    directories = [
+      "/var/lib/nixos"
+      "/var/lib/systemd/coredump"
+    ];
+    files = [ ];
+  };
+
+  systemd.tmpfiles.rules = [
+    "d /persist/home/${ramblurr.username} 700 ${ramblurr.username} ${ramblurr.username}"
+    "d /persist/home/${ramblurr.username}/.config 0775 ${ramblurr.username} ${ramblurr.username}  -"
+    "d /persist/home/${ramblurr.username}/.local 755 ${ramblurr.username} ${ramblurr.username}"
+    "d /persist/home/${ramblurr.username}/.local/state 755 ${ramblurr.username} ${ramblurr.username}"
+    "d /persist/home/${ramblurr.username}/.local/state/zsh 755 ${ramblurr.username} ${ramblurr.username}"
+  ];
+
+  services.smartd.enable = true;
+}