diff --git a/.github/README.md b/.github/README.md index 236919b..a8e9428 100644 --- a/.github/README.md +++ b/.github/README.md @@ -152,13 +152,13 @@ Alternatively, to install this from any NixOS live ISO, run `nix run --experimen |💻 **nbl-imba-2** | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop | |💻 **nbm-imba-166** | MacBook Pro 2016 | MacOS Sandbox | |🖥️ **winters** | ASRock J4105-ITX, 32GB RAM | Main homeserver and data storgae | -|🖥️ **sync** | Oracle Cloud: VM.Standard.E2.1.Micro | Server for lightweight synchronization tasks | +|🖥️ **milkywell** | Oracle Cloud: VM.Standard.E2.1.Micro | Server for lightweight synchronization tasks | |🖥️ **moonside** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services | |📱 **magicant** | Samsung Galaxy Z Flip 6 | Phone | |💿 **drugstore** | - | ISO installer configuration | |❔ **chaotheatre** | - | Demo config for checking out my configurtion | |❔ **toto** | - | Helper configuration for bootstrapping a new system | -|🏠 **home** | - | Reference configuration for a home-manager only host | +|🏠 **Treehouse** | - | Reference configuration for a home-manager only host | ## General Nix tips & useful links diff --git a/.sops.yaml b/.sops.yaml index 32dc4af..e4e01e0 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -10,7 +10,7 @@ keys: - &toto age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl - &surface age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg - &nbl age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy - - &sync age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h + - &milkywell age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h - &moonside age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh creation_rules: - path_regex: secrets/general/[^/]+\.(yaml|json|env|ini)$ @@ -22,7 +22,7 @@ creation_rules: - *toto - *surface - *nbl - - *sync + - *milkywell - *moonside - path_regex: secrets/repo/[^/]+$ key_groups: @@ -33,7 +33,7 @@ creation_rules: - *toto - *surface - *nbl - - *sync + - *milkywell - *moonside - path_regex: secrets/certs/[^/]+\.(yaml|json|env|ini)$ key_groups: @@ -69,12 +69,12 @@ creation_rules: - *swarsel age: - *nbl - - path_regex: secrets/sync/[^/]+\.(yaml|json|env|ini)$ + - path_regex: secrets/milkywell/[^/]+\.(yaml|json|env|ini)$ key_groups: - pgp: - *swarsel age: - - *sync + - *milkywell - path_regex: hosts/nixos/nbl-imba-2/secrets/pii.nix.enc key_groups: - pgp: @@ -87,12 +87,12 @@ creation_rules: - *swarsel age: - *winters - - path_regex: hosts/nixos/sync/secrets/pii.nix.enc + - path_regex: hosts/nixos/milkywell/secrets/pii.nix.enc key_groups: - pgp: - *swarsel age: - - *sync + - *milkywell - path_regex: hosts/nixos/moonside/secrets/pii.nix.enc key_groups: - pgp: diff --git a/SwarselSystems.org b/SwarselSystems.org index 479b343..29cd94b 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -2178,7 +2178,7 @@ My server setup was originally built on Proxmox VE; back when I started, I creat I have removed most of the machines from this section. What remains are some hosts that I have deployed on OCI (mostly sync for medium-important data) and one other machine that I left for now as a reference. -**** Milkywell (OCI) +**** MilkyWell (OCI) :PROPERTIES: :CUSTOM_ID: h:4c5febb0-fdf6-44c5-8d51-7ea0f8930abf :END: @@ -2361,7 +2361,7 @@ This machine mainly acts as an external sync helper. It manages the following th isSecureBoot = false; isCrypted = false; profiles = { - server.milkywell = true; + server.syncserver = true; }; } sharedOptions; @@ -3029,7 +3029,7 @@ This is a slim setup for developing base configuration. I do not track the hardw #+end_src -**** drugstore (ISO installer config) +**** Drugstore (ISO installer config) :PROPERTIES: :CUSTOM_ID: h:8583371d-5d47-468b-84ba-210aad7e2c90 :END: @@ -3204,14 +3204,14 @@ This is a live environment ISO that I use to bootstrap new systems. It only load #+end_src -**** Home-manager only (default non-NixOS) +**** Treehouse (home-manager only example) :PROPERTIES: :CUSTOM_ID: h:7056b9a0-f38b-4bca-b2ba-ab34e2d73493 :END: This is the "reference implementation" of a setup that runs without NixOS, only relying on home-manager. I try to test this every now and then and keep it supported. However, manual steps are needed to get the system to work fully, depending on what distribution you are running on. -#+begin_src nix-ts :tangle hosts/home/default/default.nix +#+begin_src nix-ts :tangle hosts/home/treehouse/default.nix { self, inputs, outputs, ... }: { @@ -16114,8 +16114,8 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/syncserver/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.server.milkywell = lib.mkEnableOption "is this a oci milkywell server"; - config = lib.mkIf config.swarselsystems.profiles.server.milkywell { + options.swarselsystems.profiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server"; + config = lib.mkIf config.swarselsystems.profiles.server.syncserver { swarselsystems = { modules = { general = lib.mkDefault true; diff --git a/files/scripts/swarsel-rebuild.sh b/files/scripts/swarsel-rebuild.sh index 6ba75a1..7cfac1f 100644 --- a/files/scripts/swarsel-rebuild.sh +++ b/files/scripts/swarsel-rebuild.sh @@ -83,7 +83,7 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then rm modules/home/common/mail.nix rm modules/home/common/yubikey.nix rm modules/nixos/server/restic.nix - rm hosts/nixos/sync/default.nix + rm hosts/nixos/milkywell/default.nix rm -rf modules/nixos/server rm -rf modules/home/server nix flake update vbc-nix diff --git a/hosts/home/default/default.nix b/hosts/home/treehouse/default.nix similarity index 100% rename from hosts/home/default/default.nix rename to hosts/home/treehouse/default.nix diff --git a/hosts/nixos/sync/default.nix b/hosts/nixos/milkywell/default.nix similarity index 97% rename from hosts/nixos/sync/default.nix rename to hosts/nixos/milkywell/default.nix index 050e70a..5b18239 100644 --- a/hosts/nixos/sync/default.nix +++ b/hosts/nixos/milkywell/default.nix @@ -15,7 +15,7 @@ in ]; sops = { - defaultSopsFile = lib.mkForce "/root/.dotfiles/secrets/sync/secrets.yaml"; + defaultSopsFile = lib.mkForce "/root/.dotfiles/secrets/milkywell/secrets.yaml"; }; boot = { @@ -26,7 +26,7 @@ in networking = { nftables.enable = lib.mkForce false; - hostName = "sync"; + hostName = "milkywell"; enableIPv6 = false; domain = "subnet03112148.vcn03112148.oraclevcn.com"; firewall = { @@ -161,7 +161,7 @@ in isSecureBoot = false; isCrypted = false; profiles = { - server.sync = true; + server.syncserver = true; }; } sharedOptions; diff --git a/hosts/nixos/sync/hardware-configuration.nix b/hosts/nixos/milkywell/hardware-configuration.nix similarity index 100% rename from hosts/nixos/sync/hardware-configuration.nix rename to hosts/nixos/milkywell/hardware-configuration.nix diff --git a/hosts/nixos/sync/secrets/pii.nix.enc b/hosts/nixos/milkywell/secrets/pii.nix.enc similarity index 100% rename from hosts/nixos/sync/secrets/pii.nix.enc rename to hosts/nixos/milkywell/secrets/pii.nix.enc diff --git a/modules/home/common/ssh.nix b/modules/home/common/ssh.nix index b29a8d5..2e61fb9 100644 --- a/modules/home/common/ssh.nix +++ b/modules/home/common/ssh.nix @@ -22,7 +22,7 @@ hostname = "130.61.119.129"; user = "opc"; }; - "sync" = { + "milkywell" = { hostname = "193.122.53.173"; user = "root"; }; diff --git a/modules/nixos/server/syncthing.nix b/modules/nixos/server/syncthing.nix index 3da42e5..ef32693 100644 --- a/modules/nixos/server/syncthing.nix +++ b/modules/nixos/server/syncthing.nix @@ -41,7 +41,7 @@ in "magicant" = { id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; }; - "sync@oracle" = { + "milkywell@oracle" = { id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; }; "${workHostName}" = { @@ -56,7 +56,7 @@ in path = "${cfg.dataDir}/Sync"; type = "receiveonly"; versioning = null; - devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; id = "default"; }; "Obsidian" = { @@ -66,7 +66,7 @@ in type = "simple"; params.keep = "5"; }; - devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; id = "yjvni-9eaa7"; }; "Org" = { @@ -76,7 +76,7 @@ in type = "simple"; params.keep = "5"; }; - devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; id = "a7xnl-zjj3d"; }; "Vpn" = { @@ -86,7 +86,7 @@ in type = "simple"; params.keep = "5"; }; - devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; id = "hgp9s-fyq3p"; }; # "Documents" = { diff --git a/nix/topology.nix b/nix/topology.nix index 469e6ba..dd9ed27 100644 --- a/nix/topology.nix +++ b/nix/topology.nix @@ -34,7 +34,7 @@ connections = [ (mkConnection "moonside" "wan") (mkConnection "pfsense" "wan") - (mkConnection "sync" "wan") + (mkConnection "milkywell" "wan") (mkConnection "toto" "bootstrapper") (mkConnection "chaostheatre" "demo host") ]; @@ -42,7 +42,7 @@ chaostheatre.interfaces."demo host" = { }; toto.interfaces."bootstrapper" = { }; - sync.interfaces.wan = { }; + milkywell.interfaces.wan = { }; moonside.interfaces.wan = { }; pfsense = mkRouter "pfSense" { diff --git a/profiles/nixos/syncserver/default.nix b/profiles/nixos/syncserver/default.nix index 2235043..b1ce625 100644 --- a/profiles/nixos/syncserver/default.nix +++ b/profiles/nixos/syncserver/default.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.profiles.server.sync = lib.mkEnableOption "is this a oci sync server"; - config = lib.mkIf config.swarselsystems.profiles.server.sync { + options.swarselsystems.profiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server"; + config = lib.mkIf config.swarselsystems.profiles.server.syncserver { swarselsystems = { modules = { general = lib.mkDefault true; diff --git a/secrets/sync/secrets.yaml b/secrets/milkywell/secrets.yaml similarity index 100% rename from secrets/sync/secrets.yaml rename to secrets/milkywell/secrets.yaml