diff --git a/cells/nixos/hosts/hakase/default.nix b/cells/nixos/hosts/hakase/default.nix index 9c6c183..dc75289 100644 --- a/cells/nixos/hosts/hakase/default.nix +++ b/cells/nixos/hosts/hakase/default.nix @@ -9,7 +9,6 @@ imports = [ ./configuration.nix ./hardware-configuration.nix - ./homelab.nix inputs.nixos-hardware.nixosModules.common-cpu-intel-cpu-only inputs.nixos-hardware.nixosModules.common-gpu-nvidia-nonprime @@ -21,9 +20,10 @@ inputs.cells.nixos.nixosProfiles.core inputs.cells.nixos.nixosProfiles.desktop + inputs.cells.nixos.nixosProfiles.homelab + inputs.cells.nixos.nixosProfiles.nas inputs.cells.nixos.nixosProfiles.nvidia inputs.cells.nixos.nixosProfiles.proxy - inputs.cells.nixos.nixosProfiles.secrets inputs.cells.nixos.nixosProfiles.server inputs.cells.home.homeProfiles.base diff --git a/cells/nixos/hosts/hakase/hardware-configuration.nix b/cells/nixos/hosts/hakase/hardware-configuration.nix index 7c5c1dc..2decedd 100644 --- a/cells/nixos/hosts/hakase/hardware-configuration.nix +++ b/cells/nixos/hosts/hakase/hardware-configuration.nix @@ -66,16 +66,6 @@ in { options = ["noatime"]; }; - fileSystems."/mnt/nas-yyp-home" = mkCifs "//nas.ybh1998.space/home"; - fileSystems."/mnt/nas-yyp-share" = mkCifs "//nas.ybh1998.space/share"; - fileSystems."/mnt/nas-mck-home" = mkCifs "//nas-changping.ybh1998.space/home"; - fileSystems."/mnt/nas-mck-share" = mkCifs "//nas-changping.ybh1998.space/share"; - - fileSystems."/mnt/nas-satoshi-bangumi" = mkNfs "satoshi.mck.cn.yousiki.top:/share/Bangumi"; - fileSystems."/mnt/nas-satoshi-downloads" = mkNfs "satoshi.mck.cn.yousiki.top:/share/Downloads"; - fileSystems."/mnt/nas-satoshi-movie" = mkNfs "satoshi.mck.cn.yousiki.top:/share/Movie"; - fileSystems."/mnt/nas-satoshi-research" = mkNfs "satoshi.mck.cn.yousiki.top:/share/Research"; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction diff --git a/cells/nixos/hosts/mai/default.nix b/cells/nixos/hosts/mai/default.nix index 0f82282..041aa06 100644 --- a/cells/nixos/hosts/mai/default.nix +++ b/cells/nixos/hosts/mai/default.nix @@ -18,9 +18,9 @@ inputs.cells.nixos.nixosProfiles.core inputs.cells.nixos.nixosProfiles.desktop + inputs.cells.nixos.nixosProfiles.nas inputs.cells.nixos.nixosProfiles.proxy inputs.cells.nixos.nixosProfiles.rime - inputs.cells.nixos.nixosProfiles.secrets inputs.cells.nixos.nixosProfiles.server inputs.cells.home.homeProfiles.base diff --git a/cells/nixos/profiles/core.nix b/cells/nixos/profiles/core.nix index d5fe6d8..3302856 100644 --- a/cells/nixos/profiles/core.nix +++ b/cells/nixos/profiles/core.nix @@ -4,6 +4,7 @@ }: {pkgs, ...}: { imports = [ inputs.cells.common.commonProfiles.core + inputs.agenix.nixosModules.default ]; time.timeZone = "Asia/Shanghai"; diff --git a/cells/nixos/hosts/hakase/homelab.nix b/cells/nixos/profiles/homelab.nix similarity index 84% rename from cells/nixos/hosts/hakase/homelab.nix rename to cells/nixos/profiles/homelab.nix index aa61cdf..015ad7d 100644 --- a/cells/nixos/hosts/hakase/homelab.nix +++ b/cells/nixos/profiles/homelab.nix @@ -1,9 +1,18 @@ { + inputs, + cell, +}: { config, lib, pkgs, ... }: { + age.secrets.hakase-tunnel-cert = { + file = "${inputs.self}/secrets/hakase-tunnel-cert.age"; + owner = "cloudflared"; + group = "cloudflared"; + }; + services.cloudflared = { enable = true; tunnels = { diff --git a/cells/nixos/profiles/nas.nix b/cells/nixos/profiles/nas.nix new file mode 100644 index 0000000..0284959 --- /dev/null +++ b/cells/nixos/profiles/nas.nix @@ -0,0 +1,48 @@ +{ + inputs, + cell, +}: { + pkgs, + config, + ... +}: let + credentials = config.age.secrets.nas-credentials.path; + + mkCifs = device: { + device = device; + fsType = "cifs"; + options = [ + "noauto" + "x-systemd.automount" + "x-systemd.idle-timeout=60" + "x-systemd.device-timeout=5s" + "x-systemd.mount-timeout=5s" + "noperm" + "credentials=${credentials}" + ]; + }; + + mkNfs = device: { + device = device; + fsType = "nfs"; + options = [ + "noauto" + "x-systemd.automount" + "x-systemd.idle-timeout=600" + "x-systemd.device-timeout=5s" + "x-systemd.mount-timeout=5s" + ]; + }; +in { + age.secrets.nas-credentials.file = "${inputs.self}/secrets/nas-credentials.age"; + + fileSystems."/mnt/nas-yyp-home" = mkCifs "//nas.ybh1998.space/home"; + fileSystems."/mnt/nas-yyp-share" = mkCifs "//nas.ybh1998.space/share"; + fileSystems."/mnt/nas-mck-home" = mkCifs "//nas-changping.ybh1998.space/home"; + fileSystems."/mnt/nas-mck-share" = mkCifs "//nas-changping.ybh1998.space/share"; + + fileSystems."/mnt/nas-satoshi-bangumi" = mkNfs "satoshi.mck.cn.yousiki.top:/share/Bangumi"; + fileSystems."/mnt/nas-satoshi-downloads" = mkNfs "satoshi.mck.cn.yousiki.top:/share/Downloads"; + fileSystems."/mnt/nas-satoshi-movie" = mkNfs "satoshi.mck.cn.yousiki.top:/share/Movie"; + fileSystems."/mnt/nas-satoshi-research" = mkNfs "satoshi.mck.cn.yousiki.top:/share/Research"; +} diff --git a/cells/nixos/profiles/proxy.nix b/cells/nixos/profiles/proxy.nix index f0c88fe..0afc755 100644 --- a/cells/nixos/profiles/proxy.nix +++ b/cells/nixos/profiles/proxy.nix @@ -20,4 +20,6 @@ services.clash-meta.enable = true; services.clash-meta.configPath = config.age.secrets.clash-config.path; services.clash-meta.openFirewall = true; + + age.secrets.clash-config.file = "${inputs.self}/secrets/clash-config.age"; } diff --git a/cells/nixos/profiles/secrets.nix b/cells/nixos/profiles/secrets.nix deleted file mode 100644 index 111141c..0000000 --- a/cells/nixos/profiles/secrets.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - inputs, - cell, -}: {...}: { - imports = [ - inputs.agenix.nixosModules.default - ]; - - age.secrets = { - clash-config.file = "${inputs.self}/secrets/clash-config.age"; - nas-credentials.file = "${inputs.self}/secrets/nas-credentials.age"; - hakase-tunnel-cert = { - file = "${inputs.self}/secrets/hakase-tunnel-cert.age"; - owner = "cloudflared"; - group = "cloudflared"; - }; - }; -}