diff --git a/.sops.yaml b/.sops.yaml index 88688c6..55fbfd4 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -6,6 +6,7 @@ keys: - &server_ns4 age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q - &server_ha1 age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l - &server_nixos-test1 age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju + - &server_inc1 age1g5luz2rtel3surgzuh62rkvtey7lythrvfenyq954vmeyfpxjqkqdj3wt8 creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini) key_groups: @@ -17,6 +18,7 @@ creation_rules: - *server_ns4 - *server_ha1 - *server_nixos-test1 + - *server_inc1 - path_regex: secrets/ns3/[^/]+\.(yaml|json|env|ini) key_groups: - age: diff --git a/flake.nix b/flake.nix index d6e7796..ccdee44 100644 --- a/flake.nix +++ b/flake.nix @@ -76,6 +76,26 @@ backup-helper.nixosModules.backup-helper ]; }; + inc1 = nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { inherit inputs self sops-nix; }; + modules = [ + ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + ./hosts/inc1 + sops-nix.nixosModules.sops + # backup-helper.nixosModules.backup-helper + ]; + }; + inc2 = nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { inherit inputs self sops-nix; }; + modules = [ + ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + ./hosts/inc2 + sops-nix.nixosModules.sops + # backup-helper.nixosModules.backup-helper + ]; + }; template1 = nixpkgs.lib.nixosSystem { inherit system; specialArgs = { inherit inputs self sops-nix; }; diff --git a/hosts/inc1/configuration.nix b/hosts/inc1/configuration.nix new file mode 100644 index 0000000..7fa559a --- /dev/null +++ b/hosts/inc1/configuration.nix @@ -0,0 +1,96 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ../../system + ../../services/incus + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + }; + + networking.hostName = "inc1"; + networking.domain = "home.2rjus.net"; + networking.useNetworkd = true; + networking.useDHCP = false; + networking.nftables.enable = true; + networking.firewall.trustedInterfaces = [ "vlan13" ]; + + services.resolved.enable = true; + networking.nameservers = [ + "10.69.13.5" + "10.69.13.6" + ]; + + systemd.network.enable = true; + # Primary interface + systemd.network.networks."enp2s0" = { + matchConfig.Name = "enp2s0"; + address = [ + "10.69.12.80/24" + ]; + networkConfig = { + VLAN = [ "enp2s0.13" ]; + }; + routes = [ + { routeConfig.Gateway = "10.69.12.1"; } + ]; + linkConfig.RequiredForOnline = "routable"; + }; + + # VLAN 13 netdev + systemd.network.netdevs."enp2s0.13" = { + enable = true; + netdevConfig = { + Kind = "vlan"; + Name = "enp2s0.13"; + }; + vlanConfig = { + Id = 13; + }; + }; + + # # Bridge netdev + # systemd.network.netdevs."br13" = { + # netdevConfig = { + # Name = "br13"; + # Kind = "bridge"; + # }; + # }; + + # # Bridge network + # systemd.network.networks."br13" = { + # matchConfig.Name = "enp2s0.13"; + # networkConfig.Bridge = "br13"; + # }; + + time.timeZone = "Europe/Oslo"; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.tarball-ttl = 0; + environment.systemPackages = with pkgs; [ + tcpdump + vim + wget + git + ]; + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + # services.openssh.settings.PermitRootLogin = "yes"; + + system.stateVersion = "24.05"; # Did you read the comment? +} + diff --git a/hosts/inc1/default.nix b/hosts/inc1/default.nix new file mode 100644 index 0000000..4cd684a --- /dev/null +++ b/hosts/inc1/default.nix @@ -0,0 +1,5 @@ +{ ... }: { + imports = [ + ./configuration.nix + ]; +} diff --git a/hosts/inc1/hardware-configuration.nix b/hosts/inc1/hardware-configuration.nix new file mode 100644 index 0000000..d9a724c --- /dev/null +++ b/hosts/inc1/hardware-configuration.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/faa60038-b3a4-448a-8909-49857818c955"; + fsType = "xfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/7A94-A91C"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/f7a4f85e-0b4b-492d-a611-f50d2b915c2c"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/inc2/configuration.nix b/hosts/inc2/configuration.nix new file mode 100644 index 0000000..80416a6 --- /dev/null +++ b/hosts/inc2/configuration.nix @@ -0,0 +1,96 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ../../system + ../../services/incus + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + }; + + networking.hostName = "inc2"; + networking.domain = "home.2rjus.net"; + networking.useNetworkd = true; + networking.useDHCP = false; + networking.nftables.enable = true; + networking.firewall.trustedInterfaces = [ "vlan13" ]; + + services.resolved.enable = true; + networking.nameservers = [ + "10.69.13.5" + "10.69.13.6" + ]; + + systemd.network.enable = true; + # Primary interface + systemd.network.networks."enp2s0" = { + matchConfig.Name = "enp2s0"; + address = [ + "10.69.12.81/24" + ]; + networkConfig = { + VLAN = [ "enp2s0.13" ]; + }; + routes = [ + { routeConfig.Gateway = "10.69.12.1"; } + ]; + linkConfig.RequiredForOnline = "routable"; + }; + + # VLAN 13 netdev + systemd.network.netdevs."enp2s0.13" = { + enable = true; + netdevConfig = { + Kind = "vlan"; + Name = "enp2s0.13"; + }; + vlanConfig = { + Id = 13; + }; + }; + + # # Bridge netdev + # systemd.network.netdevs."br13" = { + # netdevConfig = { + # Name = "br13"; + # Kind = "bridge"; + # }; + # }; + + # # Bridge network + # systemd.network.networks."br13" = { + # matchConfig.Name = "enp2s0.13"; + # networkConfig.Bridge = "br13"; + # }; + + time.timeZone = "Europe/Oslo"; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.tarball-ttl = 0; + environment.systemPackages = with pkgs; [ + tcpdump + vim + wget + git + ]; + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + # services.openssh.settings.PermitRootLogin = "yes"; + + system.stateVersion = "24.05"; # Did you read the comment? +} + diff --git a/hosts/inc2/default.nix b/hosts/inc2/default.nix new file mode 100644 index 0000000..4cd684a --- /dev/null +++ b/hosts/inc2/default.nix @@ -0,0 +1,5 @@ +{ ... }: { + imports = [ + ./configuration.nix + ]; +} diff --git a/hosts/inc2/hardware-configuration.nix b/hosts/inc2/hardware-configuration.nix new file mode 100644 index 0000000..0d68fb0 --- /dev/null +++ b/hosts/inc2/hardware-configuration.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "rtsx_usb_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/3e7c311c-b1a3-4be7-b8bf-e497cba64302"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/F0D7-E5C1"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [{ device = "/dev/disk/by-uuid/1a06a36f-da61-4d36-b94e-b852836c328a"; }]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} + diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index efb4f7d..2ae0840 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -10,65 +10,74 @@ sops: - recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBubWtoVGhXYXRlSlFRN1R1 - Zk9ER3d6ZExUeW0yV1grQkFzMks3akhuaHlVCk4rRmVTaUd6RG9NRldmNFZ0ZXMr - aUh5QTJLSkpISXRkVXJFWDZkdlVnSHMKLS0tIGRVcXRQRTVDK09JSThidTdsOHBo - NGpxMjFhVmg2cHdNS2dTQitEQWlLYUUKgKAgXN4Bwl2A+MRcLsGFl+BDAj8Jqkg1 - 42aUJbVMVhQLVMSFw23AIsAiSkm0l05JVedUayr6EdL0AsZRmArRrw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5eHNpQ2NkV0Z2QldSVDBW + dTN5dk1KN2tOUUZVREpzdVhPVGlERkI3TjBjCmhCMFU3WElMZGhCek5ocGlRM2hu + YVBPdkcxU0FKNk9QeXA0bDNRYU0xZEUKLS0tIDdtMjNyNkY1d21OZVdacnR0L09B + c3ZRYzBva1ZiV0xucWw3WEcxM01JbFUK3AmQJ3tVbYr8vmNFvssh/TGJcFM2O+hb + BXO2VYZqNmRLKEClgRUPR8lykt1j+P1hXfxlpUEsudyyd1iV6r/7vg== -----END AGE ENCRYPTED FILE----- - recipient: age1hz2lz4k050ru3shrk5j3zk3f8azxmrp54pktw5a7nzjml4saudesx6jsl0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaVFFxK0RMU3pYVkpTeFQ3 - M1VzVkZnR2RWazdUSEo5dGExMDR6RXlTYlZJCk14OVFIQjF1aEh6NGRseEkyUjdG - SUNIK0N2eEVWRW9mM1E4YzExS3g4QU0KLS0tIDJ2by9wYUlEWlh5Y2cxZzZBUW9w - N3BkNlBEVGl1L09nbjZXZm9seTY1NTAKtVmJ9bh/cN/q+FmZ7AhmdledAL3SKWvm - 69+sx3etiIrZ8tx9hB+shULNkBWI4scopFZdoeRu75Q+Mc86s+wf4A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVcGM3UTVhMlV0TTNsMVp4 + RERtRmlObHovUVdONDRWTnB6SWxxU09YKzF3Ck5qVFpiWVFUZVZYT3JwUHRBSXU0 + VkFmVFZ1Nm51YlA4VDR6WVBwRnlBVncKLS0tIE9MVFBzUlpZOXRIalJtSkM0Uk52 + MUJtREo5UlFnTDlicmZUOVB0aTNDNEUK9FHHmJs63JEucmxjlAr5GmkQ/8NUJkay + 9+8V+BxGtqIYAn+U++GOa0hjJYQb8FrHL1SpKB8qOwkWYM7mbENH2g== -----END AGE ENCRYPTED FILE----- - recipient: age1w2q4gm2lrcgdzscq8du3ssyvk6qtzm4fcszc92z9ftclq23yyydqdga5um enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRGtVZk9nL2EwaVlDcUlM - VUZuUHNXNnZEajdzL1RkeFFvNVFEaXVpWVRZCmpQMGoyOGNqemN4VHRzV2QxdWMv - c2V0T1FiMWw1ZzR2bFZmSzVsbFphWjAKLS0tIFF3TE9OcXUzUVI1UC9LU1FJVjhM - NzRoTGt6V3gyQStVbWxITUUrU0k0M1UKTGQ+9FFpFkzYYhvu4SoBYhQNh3IfErVT - orD+RecwMaZqkCh0gjs6pPG675fiWaESo/SUqG5+w38Jh/Q3fHiBnQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoRVdzemZ4UVBySytWeHZw + ekU1emdUU1FlZGFWK2NjUHdDS3B0ZGF5a0dvClVhVjZvZVE1dFlPak1QY0pYUU1Q + V2ttcFBLalNWQWlMVnZDOTE0YWpSUDQKLS0tIENvSGVZZ2hJS1hQZWpzT1hZWXFI + SXhkM2pFVmE5djRlMGhaSU9rRlcwaXMKg65Sop34XWfYiQvZGquB2U2Oh0/afz2i + PRAozkriSM+vY4n3WJlqK/rCmlOniARaci6mzfqRLhazEbmKBOYM7g== -----END AGE ENCRYPTED FILE----- - recipient: age1snmhmpavqy7xddmw4nuny0u4xusqmnqxqarjmghkm5zaluff84eq5xatrd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Q2tBYUVuNzNONk5Kbzho - SHhVUWs0MFNyblVGNDRUTStLa0NpYXdXeWxRCm0zcTlaMUZqQ0dNVXZpak1YSUZZ - VmNvelJiQXJlZXJIa0dncE91TU5sNTAKLS0tIFQ2Z1lSSFhiK3dZSVlxeEt2VXlU - bk0rNjMrbWx4WVdnd0VLSWRUNGI5cVkKUIf+ilyc8N/T8jXk9X643DiASH0Yc8MU - eWw6vttNrIHu69s1jku59JiGGzxaSJOvRwHqu2toIpR0aFm9X87PPQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwUllOVVVyTVEyYkVvYXhL + RUx4RE5ZaENxY1FRT1lhN1Nva3orb2RGMzIwCndZSkcyTGYxaTZnMzJCMWt5NWRK + YTVHcEtndm5KbXJDNjBTdDlkTDlVODQKLS0tIEFGU3JPT295KzUwRTk2QVJ6eTNv + MmJRaTM1WWdwVjRrNk16dzU0ZFdBL1kK8Dp3M942e+6sLIYhV8MlkIbLh9se7IbC + iN+1N/6N5JUvg3FFz+V1tFlT7R0y3BJFBmemaMLJWsRelshjj26NcA== -----END AGE ENCRYPTED FILE----- - recipient: age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ZmJiek14ZUdnRkJUNDR1 - dkN2blJ6Ykx0TlEvVlA2UGlaT0N5WHp4eGdNCldRL0gwVmlSQ3JBaXhDZ0RHWTVZ - K3BVZmczYis1cHNFbmRLK0t3MlVhQ0kKLS0tIFFMRUFXMWJIRjRWeHFsUEpDTjI0 - czhoVlg3NVBGK2hkK1F1cElwK3ZpZDQKVYL7UmZpDwUUCELJ85dkh4aQgiFuiP4b - ljk7WwMCr2KPOwlqDNSSOZgoh8RmFlKaMsNB5EQMd4loNWgMra7URA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZi9UaGM3L1BsQTRpbFZi + OUdwam5JWXNDa1VWcEhCdkx4YXppV1NRem13CjBBTk9PRDVkNjBaY1dOU2txNkpK + ZXVUVTZVRUtmWjlvUEd3UDA0LzdhTlEKLS0tIEtwTUlESXdwQ1ZkTUVtWVJzK1p0 + ZnlHNGk4bGVndUJZb1VrUWpxUHJucWsKULgyNAkFMRFgOQYIG/NC6jQxCvCrAVqS + WYS54btyjqiUYYx/nv6Ce6EZwMYEvKGRl1IVrFlNXVfjoE14GhuL7g== -----END AGE ENCRYPTED FILE----- - recipient: age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MVEwVy94VXd2U1pCd3cv - TFpwNDYrU01Md3pQZXlwbWFNd2xocnMrN3pJCi94alVKajk5eExhbWkwd1ZFNEQ0 - VnN0VExzTEdQNGplS05nVWsxZnNYdW8KLS0tIFVTdWYzbDA0R3FpbjhjVTU3ZnRw - ZHJTUXJQOUFmWEVjQ0ZHellVS2swVmsK4vyeriPn+OcSFQoaIjtErQBwDdOOBxdc - sgYKQOuqjcbDC6T8AgeR1fKz6XY2aBf4NwRje4iqFLDEW/L3WQEiYQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ZFpFNjJIeXRxandtY24z + WXBjMmhTRmdFVzFJU3MwT3BCSnBBUDJnTHdRCjluT3B2Y1pBNjBtODlRUXVvZlZu + dnZleUJQRHIvYkVlVjlFNDRwM1FCWXMKLS0tIGRUdzlrL1Q4d3NhMFlaVlF5alFx + T0RKZ0JRUzRQMUJ0bDFKVEhNV1cvSEkKEorAEa2nQqp1BtVfa4bj3dsKuhHAMPif + RsI8t6f3UhBrC59DklJbhqD4zmxzCNtqhwHxklh3ofRThqsAs8fuSg== -----END AGE ENCRYPTED FILE----- - recipient: age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsalA0a0tNQWNHVUlNVTVP - b1JONEpVSzhkK25qRE4zeFlnQmlCdzBPaFVJCnVHNklyNlVNc3lnN04yKzVWdHNy - OG51Y2pEelVjN0pYSEg0Sk9iM3RtaVUKLS0tIGlXNnZBdGxCcGZDVGNJMGJiOXBB - V1FQQ0o4UVhEbWtFMEtFcWpQR0c2aDQKduenww5ggqovBUmU1u3xGNABx4MevBk7 - 939Mp8UtDPblCDBFi2SmxrrsFiQDOWVkz7llHTmLHYDPEejkVc8/sQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZejZxUUNPVnFJeWpoWU1Q + RVgySXoxTmtRQnhKRUh6K1E0dnhteTdxTlVBClBxOFlUby9pWG1vdWpjeUxYaUhn + VXdCTnl2Smt4K2VQOUlRYjhLcTlsVEEKLS0tIGZZb29iNlVmaStrdDVrelhsUDJK + R1dJcjF3TWM0R0NCVGhYN2ZNVWR1Uk0KGKPtGaT6MomJav2gyU7VbvFMxvVfEqJZ + B8DhVtjfm3DpL/KjdljuGh74PBdiX7xPUTiD6e0KnboGU96/OzESgg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1g5luz2rtel3surgzuh62rkvtey7lythrvfenyq954vmeyfpxjqkqdj3wt8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQSWs2TTV1RWR0Q0pVYW5X + ZGwxUVZqOVd5R1NnWlY3ODFyUWtGVE5jN1NFCmNMMUhUTXp1Z1dheHNFRExQbzQw + cW50MWFZay9RYkVSTytDeUgzMi9KSEEKLS0tIG9oZDdFM0EyaVd5RmZTenY3N1Ax + dlM4L0tCZWh5Ti9EUHNFWGJ0SVhodVEKfwBmqlondg8oulzrEg+AkgeDQ6CvkoS3 + L+GWzo98ccpt/uE95vIuiywdTmpt7hjkJNrDh2euOvJXBdwexFW3tA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-06-02T22:09:06Z" mac: ENC[AES256_GCM,data:cxJq4EMEMVEw0IUXNwtyQj4MaYIJ/Xo4OaY+3VLgIhYw6oBO9CmJxgLuXcSnGnr23oNE5OQF6ALv+vxF46D1pI0V1zhqKL6zMIs0DzPBwo7Arg166w5kGAT274jK7YWymeJ7fafWXYubLlGUthyVJS1BkvlqIhoe2BlTZ3bPyBs=,iv:Z2Uh9Oo4q/ce6DDLShs7JAX3XFNAVOGBmBPvRbGxaaU=,tag:6qZhZ4+tgtXl60b0Lx7Taw==,type:str] diff --git a/services/incus/default.nix b/services/incus/default.nix new file mode 100644 index 0000000..8b2b860 --- /dev/null +++ b/services/incus/default.nix @@ -0,0 +1,7 @@ +{ pkgs, config, ... }: +{ + virtualisation.incus = { + enable = true; + }; + networking.firewall.allowedTCPPorts = [ 8443 ]; +} diff --git a/services/ns/zones-home-2rjus-net.conf b/services/ns/zones-home-2rjus-net.conf index e1871ee..7bfeec1 100644 --- a/services/ns/zones-home-2rjus-net.conf +++ b/services/ns/zones-home-2rjus-net.conf @@ -1,7 +1,7 @@ $ORIGIN home.2rjus.net. $TTL 1800 @ IN SOA ns1.home.2rjus.net. admin.test.2rjus.net. ( - 2035 ; serial number + 2037 ; serial number 3600 ; refresh 900 ; retry 1209600 ; expire @@ -45,6 +45,8 @@ sonarr IN A 10.69.12.54 bazarr IN A 10.69.12.55 mpnzb IN A 10.69.12.57 pve1 IN A 10.69.12.75 +inc1 IN A 10.69.12.80 +inc2 IN A 10.69.12.81 ; 13_SVC ns1 IN A 10.69.13.5