{ inputs, ... }: let username = "john"; hostname = "soteria"; caURL = "https://janus.john-stream.com/"; in { flake.nixosConfigurations."${hostname}" = inputs.nixpkgs.lib.nixosSystem { modules = with inputs.self.modules; [ nixos.lxc nixos.sops nixos.step-ssh-host inputs.home-manager.nixosModules.home-manager nixos."${username}" nixos.zsh nixos.login-text # nixos.mtls # nixos.restic-server # nixos.restic-envoy { networking.hostName = hostname; nix.settings.build-dir = "/var/tmp/nix-build"; systemd.tmpfiles.rules = [ "d /var/tmp/nix-build 1777 root root -" ]; step-ssh-host = { hostname = hostname; caURL = caURL; }; # mtls = { # enable = true; # subject = hostname; # caURL = caURL; # san = [ # "${hostname}.john-stream.com" # # "192.168.1.244" # ]; # }; # restic.envoy = { # enable = true; # port = 10000; # spiffePrefix = "spiffe://john-stream.com"; # upstreamHost = "127.0.0.1"; # upstreamPort = 8000; # logLevel = "debug"; # policies = { # ubuntu-policy = { # pathPrefix = "/john-ubuntu"; # principal = "spiffe://john-stream.com/ubuntu"; # }; # p14-policy = { # pathPrefix = "/john-p14s"; # principal = "spiffe://john-stream.com/john-p14s"; # }; # gitea-policy = { # pathPrefix = "/gitea"; # principal = "spiffe://john-stream.com/gitea"; # }; # }; # }; home-manager.users."${username}" = { imports = with inputs.self.modules.homeManager; [ sops step-ssh-user ]; shell.program = "zsh"; }; } ]; }; flake.homeConfigurations."${hostname}" = inputs.home-manager.lib.homeManagerConfiguration { pkgs = import inputs.nixpkgs { system = "x86_64-linux"; }; modules = with inputs.self.modules; [ homeManager."${username}" { imports = with inputs.self.modules.homeManager; [ rebuild # sops # step-ssh-user # mtls # restic ]; home.username = "${username}"; home.homeDirectory = "/home/${username}"; shell.program = "zsh"; } ]; }; }