refactor: move ark into dentritic pattern

2026-05-21 22:50:15 -04:00
parent 8043068885
commit f3b32776f6
48 changed files with 586 additions and 1562 deletions
--- a/modules/koon/host/ark/configuration.nix
+++ b/modules/koon/host/ark/configuration.nix
@@ -0,0 +1,77 @@
+{ self, ... }: {
+  flake.nixosModules.koonArkConfiguration = { config, ... }: {
+    imports = [
+      ./_hardware-configuration.nix
+      self.nixosModules.koonArkUser
+      self.nixosModules.koonArkSops
+
+      self.nixosModules.koonArkServiceAudio
+      self.nixosModules.koonArkServiceAuth
+      self.nixosModules.koonArkServiceGit
+      self.nixosModules.koonArkServiceHome
+      self.nixosModules.koonArkServicePhotos
+      self.nixosModules.koonArkServiceRadicale
+      self.nixosModules.koonArkServiceWakapi
+    ];
+
+    # Use the systemd-boot EFI boot loader.
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.efi.canTouchEfiVariables = true;
+
+    networking.hostName = "ark";
+    networking.nameservers = [ "8.8.8.8" "1.1.1.1" ];
+
+    services.tailscale = {
+      enable = true;
+      useRoutingFeatures = "both";
+      extraUpFlags = [ "--accept-dns=false" ];
+    };
+
+    # oauth.name = "KoonFamily";
+    # oauth.secrets = import ./oauth-secrets.nix;
+
+    security.sudo.wheelNeedsPassword = false;
+
+    services.cloudflared = {
+      enable = true;
+      tunnels = {
+        "91d31395-fbc7-45a1-ae13-148957b32ecd" = {
+          credentialsFile = config.sops.secrets.tunnel-credentials.path;
+          ingress = {
+            "auth.koon.us" = "http://localhost:1411";
+            "photos.koon.us" = "http://localhost:2283";
+            "home.koon.us" = "http://localhost:8123";
+            "docs.koon.us" = "http://localhost:3004";
+            "git.koon.us" = "http://localhost:3000";
+            "ssh.koon.us" = "ssh://localhost:2222";
+            "audio.koon.us" = "http://localhost:8021";
+            "radicale.koon.us" = "http://localhost:5232";
+            "waka.koon.us" = "http://localhost:3006";
+            # "ride.koon.us" = "http://localhost:3007";
+            # "ride-api.koon.us" = "http://localhost:8080";
+
+            "money.koon.us" = "http://localhost:3160";
+            "zero.koon.us" = "http://localhost:4848";
+            "money-api.koon.us" = "http://localhost:3161";
+
+          };
+          default = "http_status:404";
+        };
+      };
+    };
+
+    fileSystems."/mnt/hdd" = {
+      device = "/dev/sdb";
+      fsType = "ext4";
+    };
+
+    services.openssh.enable = true;
+
+    networking.firewall.allowedTCPPorts = [ 8123 22 ];
+
+    time.timeZone = "America/New_York";
+    nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+    system.stateVersion = "25.05"; # Did you read the comment?
+  };
+}