Add machine-specific service configuration for WireGuard and related templates

Introduced a comprehensive guide for adding machine-specific services in the DEPLOYMENT-GUIDE.md, including steps to configure WireGuard for specific machines. Added example configuration files for boot settings, machine-specific configurations, and an example service for WireGuard. This enhances the modularity and flexibility of the NixOS deployment process, allowing for tailored configurations per machine.
2025-10-10 00:49:22 +02:00 · 2025-10-10 00:49:22 +02:00 · d27bdd3005
commit d27bdd3005
parent c2b9eac973
4 changed files with 199 additions and 0 deletions
--- a/DEPLOYMENT-GUIDE.md
+++ b/DEPLOYMENT-GUIDE.md
@ -102,3 +102,94 @@ Edit files in `web-app/`, then rebuild locally

 After any changes: rebuild locally, then redeploy.

+## Adding Machine-Specific Services
+
+Sometimes you need services that only run on certain machines (e.g., WireGuard on machine1 but not machine2).
+
+### Using the Example Template
+
+A complete example machine configuration is provided in `config/example-machine/`:
+
+```
+config/example-machine/
+  ├── configuration.nix      # Template with domain parameter
+  ├── boot.nix              # Bootloader configuration examples
+  └── example-service.nix   # WireGuard and other service examples
+```
+
+**To use the template:**
+1. Copy the `example-machine` directory to your new machine name:
+   ```bash
+   cp -r config/example-machine config/my-new-machine
+   ```
+2. Edit `configuration.nix` to set your domain
+3. Copy your `hardware-configuration.nix` from `nixos-generate-config`
+4. Customize `boot.nix` for your bootloader (UEFI or BIOS)
+5. Modify or remove `example-service.nix` as needed
+6. Add the machine to `build-local.nix` and `krops.nix`
+
+### Example: Machine1 has WireGuard
+
+**Structure:**
+```
+config/
+  ├── shared.nix                    # Shared config for all machines
+  ├── machine1/
+  │   ├── configuration.nix         # Imports shared.nix + machine-specific modules
+  │   ├── wireguard.nix            # Machine1-specific service
+  │   ├── hardware-configuration.nix
+  │   └── boot.nix
+  └── machine2/
+      ├── configuration.nix         # Only imports shared.nix
+      ├── hardware-configuration.nix
+      └── boot.nix
+```
+
+### Steps to Add a Machine-Specific Service
+
+1. **Create a service configuration file** in the machine's directory:
+   ```bash
+   # Example: config/machine1/wireguard.nix
+   { config, lib, pkgs, ... }:
+   {
+     networking.wireguard.interfaces = {
+       wg0 = {
+         privateKeyFile = "/etc/wireguard/privatekey";
+         ips = [ "10.0.0.2/24" ];
+         peers = [ ... ];
+       };
+     };
+   }
+   ```
+
+2. **Import it in the machine's configuration.nix**:
+   ```nix
+   # config/machine1/configuration.nix
+   { config, pkgs, ... }:
+   {
+     imports = [
+       (import /var/src/config-shared {
+         inherit config pkgs;
+         domain = "4lpaca.io";
+       })
+       ./hardware-configuration.nix
+       ./boot.nix
+       ./wireguard.nix        # ← Add your service here
+     ];
+   }
+   ```
+
+3. **Deploy** - the service will only be deployed to that specific machine:
+   ```bash
+   nix-build ./krops.nix -A machine1 && ./result
+   ```
+
+### Common Machine-Specific Services
+
+- **WireGuard VPN** - Only on machines that need VPN access
+- **Backup services** - Different backup targets per machine
+- **Development tools** - Extra packages for staging vs production
+- **Custom hardware drivers** - GPU drivers, specific hardware support
+
+The key is that each machine's `configuration.nix` can import different modules while still sharing common configuration through `shared.nix`.
+