started soteria homeconfiguration

modules/hosts/john-pc-ubuntu.nix

@@ -2,7 +2,8 @@
 let
   username = "john";
   hostname = "john-pc-ubuntu";
-  testTarget = "fded:fb16:653e:25da:be24:11ff:fea0:753f";
+  # testTarget = "fded:fb16:653e:25da:be24:11ff:fea0:753f";
+  testTarget = "fded:fb16:653e:25da:be24:11ff:fe89:1cc3";
 in
 {
   flake.modules.homeManager."${hostname}" = { pkgs, config, ... }:
@@ -34,28 +35,14 @@ in
     home.packages = with pkgs; [
       nixos-rebuild
       (writeShellScriptBin "test-push" ''
-        nixos-rebuild switch --flake ${flakeDir}#soteria --target-host root@${testTarget}
+        mkdir -p /var/tmp/nix-build
+        chmod 1777 /var/tmp/nix-build
+        nixos-rebuild switch \
+          --flake ${flakeDir}#john-pc-ubuntu \
+          --target-host root@${testTarget}
       '')
     ];
 
-    mtls = {
-      enable = true;
-      caURL = "https://janus.john-stream.com/";
-      provisioner = "admin";
-      subject = hostname;
-      san = [
-        "${hostname}"
-        "192.168.1.85"
-        "spiffe://john-stream.com/ubuntu"
-      ];
-      lifetime = "1h";
-      renew.onCalendar = "*:1/10";
-    };
-
-    # TODO: Add host-specific settings here:
-    # - sops secret for `restic_password/john_ubuntu`
-    # - zsh RESTIC* session variables
-
     # TODO: make this more restrictive, rather than allowing all unfree packages
     nixpkgs.config.allowUnfree = true;
     nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];
@@ -93,6 +80,19 @@ in
         "/home/john/john-nas"
       ];
     };
+    mtls = {
+      enable = true;
+      caURL = "https://janus.john-stream.com/";
+      provisioner = "admin";
+      subject = hostname;
+      san = [
+        "${hostname}"
+        "192.168.1.85"
+        "spiffe://john-stream.com/ubuntu"
+      ];
+      lifetime = "1h";
+      renew.onCalendar = "*:1/10";
+    };
   };
 
   flake.homeConfigurations."${hostname}" = inputs.home-manager.lib.homeManagerConfiguration {