55 lines
1.2 KiB
Nix
55 lines
1.2 KiB
Nix
{ inputs, ... }:
|
|
let
|
|
username = "john";
|
|
hostname = "janus";
|
|
caURL = "https://janus.john-stream.com/";
|
|
in
|
|
{
|
|
flake.nixosConfigurations."${hostname}" = inputs.nixpkgs.lib.nixosSystem {
|
|
modules = with inputs.self.modules; [
|
|
nixos.lxc
|
|
nixos.sops
|
|
nixos.step-ssh-host
|
|
inputs.home-manager.nixosModules.home-manager
|
|
nixos."${username}"
|
|
nixos.zsh
|
|
nixos.docker
|
|
nixos.login-text
|
|
nixos.mtls
|
|
{
|
|
networking.hostName = hostname;
|
|
step-ssh-host = {
|
|
hostname = hostname;
|
|
caURL = caURL;
|
|
};
|
|
mtls = {
|
|
enable = true;
|
|
subject = hostname;
|
|
caURL = caURL;
|
|
san = [
|
|
"${hostname}.john-stream.com"
|
|
"192.168.1.244"
|
|
];
|
|
};
|
|
|
|
home-manager.users."${username}" = {
|
|
imports = with inputs.self.modules.homeManager; [
|
|
sops
|
|
step-ssh-user
|
|
];
|
|
|
|
shell.program = "zsh";
|
|
docker.enable = true;
|
|
step-ssh-user = {
|
|
enable = true;
|
|
principals = [ "${hostname}" ];
|
|
};
|
|
ssh.matchSets = {
|
|
certs = true;
|
|
homelab = true;
|
|
};
|
|
};
|
|
}
|
|
];
|
|
};
|
|
} |