{ inputs, ... }: let username = "john"; hostname = "soteria"; in { flake.nixosConfigurations."${hostname}" = inputs.nixpkgs.lib.nixosSystem { modules = with inputs.self.modules; [ nixos.lxc nixos.mysops nixos.step-ssh-host inputs.home-manager.nixosModules.home-manager nixos."${username}" nixos.zsh nixos.login-text # nixos.mtls # nixos.restic-server # nixos.restic-envoy { networking.hostName = hostname; nix.settings.build-dir = "/var/tmp/nix-build"; systemd.tmpfiles.rules = [ "d /var/tmp/nix-build 1777 root root -" ]; step-ssh-host = { hostname = hostname; }; home-manager.users."${username}" = { imports = with inputs.self.modules; [ homeManager"${hostname}" ]; }; } ]; }; flake.modules.homeManager."${hostname}" = { config, lib, pkgs, ... }: { imports = with inputs.self.modules; [ homeManager.rebuild homeManager.mysops homeManager.janus-ca homeManager.mtls homeManager.docker ]; homeManagerFlakeDir = "${config.xdg.configHome}/home-manager"; home.username = "${username}"; home.homeDirectory = "/home/${username}"; shell.program = "zsh"; docker.enable = true; # This will provide the edit-secrets script targeting this file mysops.hostSecretFile = "${config.xdg.configHome}/home-manager/modules/hosts/soteria/secrets.yaml"; mtls = { enable = true; subject = hostname; san = [ "${hostname}.john-stream.com" "192.168.1.142" ]; lifetime = "1h"; renew.onCalendar = "*:3/15"; renew.postCommands = [ "${lib.getExe pkgs.docker} restart envoy" ]; }; }; flake.homeConfigurations."${hostname}" = inputs.home-manager.lib.homeManagerConfiguration { pkgs = import inputs.nixpkgs { system = "x86_64-linux"; }; modules = with inputs.self.modules; [ homeManager."${username}" homeManager."${hostname}" ]; }; }