Add Colmena to manage systems, use better pathing for smallfetch, use better mountpoints and hostnames from Colema

2025-06-01 06:17:48 -04:00 · 2025-06-01 06:17:48 -04:00 · 1f7d01bb4d
commit 1f7d01bb4d
parent 215ad6b1a7
53 changed files with 254 additions and 166 deletions
--- a/modules/system/services/general/ssh/default.nix
+++ b/modules/system/services/general/ssh/default.nix
@ -12,6 +12,8 @@
    };
  };

+  programs.ssh.startAgent = true;
+
  security.pam.services.sshd.allowNullPassword = true;

  environment.persistence."/persist".files = [
--- a/modules/system/services/server/nfs/default.nix
+++ b/modules/system/services/server/nfs/default.nix
@ -1,11 +1,13 @@
-{ config, lib, ... }:
+{ config, lib, nodes, ... }:
 {
  imports = [ ./user ];

  config = lib.mkIf config.services.nfs.server.enable {
    services.nfs.server.exports = "/storage *(rw)";
-    networking.firewall.extraInputRules = with lib; ''
-      ip6 saddr { ${concatStringsSep ", " (attrValues config.services.mycelium.ips)} } tcp dport 2049 accept
+    networking.firewall.extraInputRules = let
+      targetHosts = lib.attrValues (lib.mapAttrs (_: node: node.config.deployment.targetHost) nodes);
+    in ''
+      ip6 saddr { ${lib.concatStringsSep ", " targetHosts} } tcp dport 2049 accept
    '';
  };
 }
--- a/modules/system/services/server/nginx/rtmp/default.nix
+++ b/modules/system/services/server/nginx/rtmp/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, nodes, ... }:
 {
  config = lib.mkIf config.services.webserver.enable {
    services.nginx = {
@ -23,8 +23,10 @@
        }
      '';
    };
-    networking.firewall.extraInputRules = with config.services.mycelium.ips; ''
-      ip6 saddr { ${tower}, ${intuos}, ${jupiter} } tcp dport 1935 accept
+    networking.firewall.extraInputRules = let
+      targetHosts = lib.attrValues (lib.mapAttrs (_: node: node.config.deployment.targetHost) nodes);
+    in ''
+      ip6 saddr { ${lib.concatStringsSep ", " targetHosts} } tcp dport 1935 accept
      ip saddr { ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport 1935 accept
    '';
    systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/landing-page/streams/hls/" ];
--- a/modules/system/services/server/owncast/default.nix
+++ b/modules/system/services/server/owncast/default.nix
@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, nodes, ... }:
 {
  imports = [ ./nginx ];

@ -7,8 +7,10 @@
      port = 8060;
      rtmp-port = 1945;
    };
-    networking.firewall.extraInputRules = with config.services.mycelium.ips; ''
-      ip6 saddr { ${tower}, ${intuos}, ${jupiter} } tcp dport 1935 accept
+    networking.firewall.extraInputRules = let
+      targetHosts = lib.attrValues (lib.mapAttrs (_: node: node.config.deployment.targetHost) nodes);
+    in ''
+      ip6 saddr { ${lib.concatStringsSep ", " targetHosts} } tcp dport ${toString config.services.owncast.rtmp-port} accept
    '';
    environment.persistence."/persist".directories = [ "/var/lib/owncast" ];
  };