john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mtls working on soteria

Browse Source
This commit is contained in:
John Lancaster
2026-03-30 15:23:52 -05:00
parent fef4ff71bb
commit 89a4d5a228
5 changed files with 49 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/hosts/soteria/soteria.nix
+20 -21
View File
@@ -1,4 +1,4 @@
{ inputs, lib, ... }:
{ self, inputs, lib, ... }:
let
username = "john";
hostname = "soteria";
@@ -11,11 +11,26 @@ in
nixos.mysops
nixos.step-ssh-host
nixos.login-text
# nixos.mtls
nixos.docker
nixos.mtls
nixos.janus-ca
# nixos.restic-server
# nixos.restic-envoy
{
({ pkgs, ... }: {
networking.hostName = hostname;
mtls = {
enable = true;
subject = hostname;
san = [
"${hostname}.john-stream.com"
"192.168.1.142"
];
lifetime = "1h";
renew.onCalendar = "*:3/15";
renew.postCommands = [
"${lib.getExe pkgs.docker} restart envoy"
];
};
# Removes password for sudo
security.sudo-rs.extraRules = lib.mkAfter [
@@ -39,12 +54,13 @@ in
# This provides the secrets at install time
sops.defaultSopsFile = ./secrets.yaml;
programs.zsh.enable = true;
home-manager.users."${username}" = {
imports = with inputs.self.modules; [
homeManager."${hostname}"
];
};
}
})
];
};
@@ -52,9 +68,6 @@ in
imports = with inputs.self.modules; [
homeManager.rebuild
homeManager.mysops
homeManager.janus-ca
homeManager.mtls
homeManager.docker
];
homeManagerFlakeDir = "${config.xdg.configHome}/home-manager";
@@ -63,20 +76,6 @@ in
# This will provide the edit-secrets script targeting this file
mysops.hostSecretFile = "${config.homeManagerFlakeDir}/modules/hosts/soteria/secrets.yaml";
mtls = {
enable = true;
subject = hostname;
san = [
"${hostname}.john-stream.com"
"192.168.1.142"
];
lifetime = "1h";
renew.onCalendar = "*:3/15";
renew.postCommands = [
"${lib.getExe pkgs.docker} restart envoy"
];
};
};
flake.homeConfigurations."${hostname}" = inputs.home-manager.lib.homeManagerConfiguration {