dendritic/modules/hosts/soteria.nix

{ inputs, ... }:
let
  username = "john";
  hostname = "soteria";
  caURL = "https://janus.john-stream.com/";
in
{
  flake.nixosConfigurations."${hostname}" = inputs.nixpkgs.lib.nixosSystem {
    modules = with inputs.self.modules; [
      nixos.lxc
      nixos.sops
      nixos.step-ssh-host
      inputs.home-manager.nixosModules.home-manager
      nixos."${username}"
      nixos.zsh
      nixos.login-text
      # nixos.mtls
      # nixos.restic-server
      # nixos.restic-envoy
      {
        networking.hostName = hostname;
        nix.settings.build-dir = "/var/tmp/nix-build";
        systemd.tmpfiles.rules = [
          "d /var/tmp/nix-build 1777 root root -"
        ];
        step-ssh-host = {
          hostname = hostname;
          caURL = caURL;
        };
        # mtls = {
        #   enable = true;
        #   subject = hostname;
        #   caURL = caURL;
        #   san = [
        #     "${hostname}.john-stream.com"
        #     # "192.168.1.244"
        #   ];
        # };

        # restic.envoy = {
        #   enable = true;
        #   port = 10000;
        #   spiffePrefix = "spiffe://john-stream.com";
        #   upstreamHost = "127.0.0.1";
        #   upstreamPort = 8000;
        #   logLevel = "debug";
        #   policies = {
        #     ubuntu-policy = {
        #       pathPrefix = "/john-ubuntu";
        #       principal = "spiffe://john-stream.com/ubuntu";
        #     };
        #     p14-policy = {
        #       pathPrefix = "/john-p14s";
        #       principal = "spiffe://john-stream.com/john-p14s";
        #     };
        #     gitea-policy = {
        #       pathPrefix = "/gitea";
        #       principal = "spiffe://john-stream.com/gitea";
        #     };
        #   };
        # };

        home-manager.users."${username}" = {
          imports = with inputs.self.modules.homeManager; [
            sops
            step-ssh-user
          ];
          shell.program = "zsh";
        };
      }
    ];
  };

  flake.homeConfigurations."${hostname}" = inputs.home-manager.lib.homeManagerConfiguration {
    pkgs = import inputs.nixpkgs { system = "x86_64-linux"; };
    modules = with inputs.self.modules; [
      homeManager."${username}"
      {
        imports = with inputs.self.modules.homeManager; [
          rebuild
          john
          sops
          # step-ssh-user
          # mtls
          restic
        ];
        targets.genericLinux.enable = true;

        shell.program = "zsh";

        home.username = "${username}";
        home.homeDirectory = "/home/${username}";
      }
    ];
  };
}