{ self, inputs, lib, ... }: let username = "john"; hostname = "soteria"; in { flake.nixosConfigurations."${hostname}" = inputs.nixpkgs.lib.nixosSystem { modules = with inputs.self.modules; [ nixos.lxc nixos."${username}" nixos.mysops nixos.step-ssh-host nixos.login-text nixos.docker nixos.mtls nixos.janus-ca nixos.forgejo # nixos.restic-server # nixos.restic-envoy ({ pkgs, ... }: { networking.hostName = hostname; mtls = { enable = true; subject = hostname; san = [ "${hostname}.john-stream.com" "192.168.1.142" ]; lifetime = "1h"; renew.onCalendar = "*:3/15"; renew.postCommands = [ "${lib.getExe pkgs.docker} restart envoy" ]; }; # Removes password for sudo security.sudo-rs.extraRules = lib.mkAfter [ { users = [ username ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; } ]; # nix.settings.build-dir = "/var/tmp/nix-build"; # systemd.tmpfiles.rules = [ # "d /var/tmp/nix-build 1777 root root -" # ]; step-ssh-host = { hostname = hostname; }; # This provides the secrets at install time sops.defaultSopsFile = ./secrets.yaml; programs.zsh.enable = true; home-manager.users."${username}" = { imports = with inputs.self.modules; [ homeManager."${hostname}" ]; }; environment.systemPackages = [ inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.janus-ca inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.my-neovim ]; forgejo.enable = true; }) ]; }; flake.modules.homeManager."${hostname}" = { config, pkgs, lib, ... }: { imports = with inputs.self.modules; [ homeManager.rebuild homeManager.mysops ]; homeManagerFlakeDir = "${config.xdg.configHome}/home-manager"; shell.program = "zsh"; docker.enable = true; # This will provide the edit-secrets script targeting this file mysops.hostSecretFile = "${config.homeManagerFlakeDir}/modules/hosts/soteria/secrets.yaml"; }; flake.homeConfigurations."${hostname}" = inputs.home-manager.lib.homeManagerConfiguration { pkgs = import inputs.nixpkgs { system = "x86_64-linux"; }; modules = with inputs.self.modules; [ homeManager."${username}" homeManager."${hostname}" ]; }; }