Make servers headless, modularize the domain grabber

2025-03-23 12:44:03 -04:00 · 2025-03-23 12:44:03 -04:00 · 88da54facd
commit 88da54facd
parent bbc1f4dce1
9 changed files with 15 additions and 15 deletions
--- a/hosts/kitty/boot/default.nix
+++ b/hosts/kitty/boot/default.nix
@ -1,8 +1,7 @@
 { pkgs, ... }:
 {
  boot = {
-    kernelPackages = pkgs.linuxPackages_latest;
+    kernelPackages = pkgs.linuxPackages_hardened;
    lanzaboote.enable = true;
    plymouth.enable = true;
  };
 }
--- a/hosts/kitty/default.nix
+++ b/hosts/kitty/default.nix
@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ modulesPath, ... }:
 {
  imports = [
    ./boot
@ -7,12 +7,14 @@
    ./hardware
    ./users
    ../../modules/system
    (modulesPath + "/profiles/headless.nix")
  ];
  networking = {
    hostName = "kitty";
    hostId = "8745e22e";
    interfaces."eno1".ipv4.addresses = [{
-      address = "10.2.0.101";
+      address = "10.2.0.2";
      prefixLength = 8;
    }];
    defaultGateway = {
@ -22,7 +24,7 @@
  };
  system = {
-    desktop.enable = true;
+    server.enable = true;
    stateVersion = "24.11";
  };
 }
--- a/hosts/kitty/users/corn/default.nix
+++ b/hosts/kitty/users/corn/default.nix
@ -4,7 +4,7 @@
    isNormalUser = true;
    createHome = true;
    openssh.authorizedKeys.keys = [
-      "AAAAC3NzaC1lZDI1NTE5AAAAIKaZsnlyUJDNx2oK4iHsUDb+Ok4vg1jNYEAnoHsjjM2c Chinook"
+      "AAAAC3NzaC1lZDI1NTE5AAAAIBCADciME1/rtWOlR2BxaAkRSgIZt61SYOgjTi6hw+yS Chinook"
      "AAAAC3NzaC1lZDI1NTE5AAAAICtoHVAmq8Ps7EguBsV3VY4snagzkhH6aXqwbKzuGs2H Radiant"
    ];
    uid = 1001;
--- a/hosts/kitty/users/main/default.nix
+++ b/hosts/kitty/users/main/default.nix
@ -1,8 +1,6 @@
 { config, lib, ... }:
 {
  home-manager.users."${config.sysusers.main}".home = {
    desktop.enable = true;
    production.enable = true;
    stateVersion = lib.mkForce config.system.stateVersion;
  };
 }
--- a/hosts/midas/default.nix
+++ b/hosts/midas/default.nix
@ -1,4 +1,4 @@
-{ ... }:
+{ modulesPath, ... }:
 {
  imports = [
    ./boot
@ -9,6 +9,7 @@
    ./services
    ./users
    ../../modules/system
    (modulesPath + "/profiles/headless.nix")
  ];
  networking = {
--- a/hosts/midas/firewall/default.nix
+++ b/hosts/midas/firewall/default.nix
@ -6,7 +6,7 @@
      chain PREROUTING {
        type nat hook prerouting priority dstnat; policy accept;
        tcp dport 2211 dnat ip to 10.2.0.100:22 comment "SSH to Tower"
-        tcp dport 2222 dnat ip to 10.2.0.101:22 comment "SSH to Kitty"
+        tcp dport 2222 dnat ip to 10.2.0.2:22 comment "SSH to Kitty"
        udp dport { 27005, 27015 } dnat ip to 10.2.0.100 comment "PC Hosted Games"
--- a/hosts/midas/services/default.nix
+++ b/hosts/midas/services/default.nix
@ -1,6 +1,7 @@
 { ... }:
 {
  services = {
    cloudflare-dyndns.enable = true;
    forgejo.enable = true;
    icecast.enable = true;
    jellyfin.enable = true;
--- a/hosts/prophet/default.nix
+++ b/hosts/prophet/default.nix
@ -1,4 +1,4 @@
-{ ... }:
+{ modulesPath, ... }:
 {
  imports = [
    ./boot
@ -7,6 +7,7 @@
    ./hardware
    ./users
    ../../modules/system
    (modulesPath + "/profiles/headless.nix")
  ];
  networking = {
@ -21,6 +22,7 @@
  };
  services = {
    cloudflare-dyndns.enable = true;
    mailserver.enable = true;
    nginx.enable = true;
    wireguard.client.enable = true;
--- a/modules/system/services/server/cfdyndns/default.nix
+++ b/modules/system/services/server/cfdyndns/default.nix
@ -1,7 +1,4 @@
 { config, pkgs, ... }:
 {
-  services.cloudflare-dyndns = {
+  services.cloudflare-dyndns.apiTokenFile = "${pkgs.writeText "cloudflareapikey" config.secrets.flareApiKey}";
    enable = config.system.server.enable;
    apiTokenFile = "${pkgs.writeText "cloudflareapikey" config.secrets.flareApiKey}";
  };
 }