John Lancaster
96 lines
2.6 KiB
Nix
96 lines
2.6 KiB
Nix
{ self, inputs, lib, ... }:
|
|
let
|
|
username = "john";
|
|
hostname = "soteria";
|
|
in
|
|
{
|
|
flake.nixosConfigurations."${hostname}" = inputs.nixpkgs.lib.nixosSystem {
|
|
modules = with inputs.self.modules; [
|
|
nixos.lxc
|
|
nixos."${username}"
|
|
nixos.mysops
|
|
nixos.step-ssh-host
|
|
nixos.login-text
|
|
nixos.docker
|
|
nixos.mtls
|
|
nixos.janus-ca
|
|
nixos.forgejo
|
|
# nixos.restic-server
|
|
# nixos.restic-envoy
|
|
({ pkgs, ... }: {
|
|
networking.hostName = hostname;
|
|
mtls = {
|
|
enable = true;
|
|
subject = hostname;
|
|
san = [
|
|
"${hostname}.john-stream.com"
|
|
"192.168.1.142"
|
|
];
|
|
lifetime = "1h";
|
|
renew.onCalendar = "*:3/15";
|
|
renew.postCommands = [
|
|
"${lib.getExe pkgs.docker} restart envoy"
|
|
];
|
|
};
|
|
|
|
# Removes password for sudo
|
|
security.sudo-rs.extraRules = lib.mkAfter [
|
|
{
|
|
users = [ username ];
|
|
commands = [
|
|
{
|
|
command = "ALL";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
];
|
|
}
|
|
];
|
|
# nix.settings.build-dir = "/var/tmp/nix-build";
|
|
# systemd.tmpfiles.rules = [
|
|
# "d /var/tmp/nix-build 1777 root root -"
|
|
# ];
|
|
step-ssh-host = {
|
|
hostname = hostname;
|
|
};
|
|
# This provides the secrets at install time
|
|
sops.defaultSopsFile = ./secrets.yaml;
|
|
|
|
programs.zsh.enable = true;
|
|
home-manager.users."${username}" = {
|
|
imports = with inputs.self.modules; [
|
|
homeManager."${hostname}"
|
|
];
|
|
};
|
|
|
|
environment.systemPackages = [
|
|
inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.janus-ca
|
|
inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.my-neovim
|
|
];
|
|
|
|
forgejo.enable = true;
|
|
})
|
|
];
|
|
};
|
|
|
|
flake.modules.homeManager."${hostname}" = { config, pkgs, lib, ... }: {
|
|
imports = with inputs.self.modules; [
|
|
homeManager.rebuild
|
|
homeManager.mysops
|
|
];
|
|
|
|
homeManagerFlakeDir = "${config.xdg.configHome}/home-manager";
|
|
shell.program = "zsh";
|
|
docker.enable = true;
|
|
|
|
# This will provide the edit-secrets script targeting this file
|
|
mysops.hostSecretFile = "${config.homeManagerFlakeDir}/modules/hosts/soteria/secrets.yaml";
|
|
};
|
|
|
|
flake.homeConfigurations."${hostname}" = inputs.home-manager.lib.homeManagerConfiguration {
|
|
pkgs = import inputs.nixpkgs { system = "x86_64-linux"; };
|
|
modules = with inputs.self.modules; [
|
|
homeManager."${username}"
|
|
homeManager."${hostname}"
|
|
];
|
|
};
|
|
} |