John Lancaster
117 lines
3.3 KiB
Nix
117 lines
3.3 KiB
Nix
{ withSystem, self, inputs, ... }:
|
|
let
|
|
username = "john";
|
|
hostname = "john-pc-ubuntu";
|
|
|
|
# testTarget = "fded:fb16:653e:25da:be24:11ff:fe89:1cc3"; # soteria
|
|
# testTarget = "fded:fb16:653e:25da:be24:11ff:fea0:753f"; # test-nix
|
|
testHost = "soteria"; # which host to test build
|
|
testTarget = "test-nix";
|
|
|
|
in
|
|
{
|
|
flake.modules.homeManager."${hostname}" = { config, pkgs, lib, ... }:
|
|
let
|
|
selfPkgs = inputs.self.packages.${pkgs.stdenv.hostPlatform.system};
|
|
resticPasswordFile = "${config.xdg.configHome}/restic/password.txt";
|
|
flakeDir = "${config.xdg.configHome}/home-manager/jsl-dendritic";
|
|
in
|
|
{
|
|
imports = with inputs.self.modules.homeManager; [
|
|
rebuild
|
|
john
|
|
mtls
|
|
restic
|
|
docker
|
|
desktop
|
|
step-client
|
|
mysops
|
|
# myPackage
|
|
# myStepClient
|
|
];
|
|
# TODO: make this more restrictive, rather than allowing all unfree packages
|
|
nixpkgs.config.allowUnfree = true;
|
|
nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];
|
|
|
|
targets.genericLinux.enable = true;
|
|
|
|
home.username = "${username}";
|
|
home.homeDirectory = "/home/${username}";
|
|
home.packages = with pkgs; [
|
|
selfPkgs.jsl-zsh
|
|
selfPkgs.my-neovim
|
|
selfPkgs.ssh-certs
|
|
# selfPkgs.step-bootstrap
|
|
# selfPkgs.wg-platform
|
|
# self'.packages.myWrappedPackage
|
|
(inputs.self.wrappers.test-push.apply {
|
|
inherit pkgs flakeDir;
|
|
host = testHost;
|
|
target = testTarget;
|
|
}).wrapper
|
|
];
|
|
|
|
homeManagerFlakeDir = flakeDir;
|
|
docker.enable = true;
|
|
|
|
ssh = {
|
|
certificates.enable = true;
|
|
knownHosts = [
|
|
"fded:fb16:653e:25da:be24:11ff:fea0:753f ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9ZqiWPrCwHjxFCiu0lT4rlQs7KyMapxKJQQ5PJP1eh"
|
|
];
|
|
matchSets = {
|
|
certs = true;
|
|
appdaemon = true;
|
|
homelab = true;
|
|
dev = true;
|
|
tailscale = true;
|
|
};
|
|
};
|
|
|
|
# This provides the keys at build time and will be included in the nix store
|
|
sops.defaultSopsFile = ../../../keys/secrets.yaml;
|
|
|
|
# This will provide the edit-secrets script targeting this file
|
|
mysops.hostSecretFile = "${config.xdg.configHome}/home-manager/jsl-dendritic/keys/secrets.yaml";
|
|
|
|
sops.secrets."restic_password" = {
|
|
path = resticPasswordFile;
|
|
mode = "0400";
|
|
sopsFile = ./secrets.yaml;
|
|
};
|
|
restic = {
|
|
passwordFile = resticPasswordFile;
|
|
OnCalendar = "*:0/15";
|
|
paths = [ "${config.xdg.userDirs.documents}" "/conf" ];
|
|
exclude = [
|
|
"/home/*/Pictures"
|
|
"/home/*/Videos"
|
|
"/home/*/go"
|
|
"/home/*/snap"
|
|
"/home/john/john-nas"
|
|
];
|
|
};
|
|
mtls = {
|
|
enable = true;
|
|
subject = hostname;
|
|
san = [
|
|
"${hostname}"
|
|
"192.168.1.85"
|
|
"spiffe://john-stream.com/ubuntu"
|
|
];
|
|
lifetime = "1h";
|
|
renew.onCalendar = "*:1/10";
|
|
};
|
|
};
|
|
|
|
flake.homeConfigurations."john@john-pc-ubuntu" = withSystem "x86_64-linux" (ctx@{ system, inputs', ... }:
|
|
inputs.home-manager.lib.homeManagerConfiguration {
|
|
# pkgs = import inputs.nixpkgs {
|
|
# inherit system;
|
|
# overlays = [ inputs.self.overlays.default ];
|
|
# };
|
|
pkgs = inputs'.nixpkgs.legacyPackages;
|
|
modules = [ inputs.self.modules.homeManager."${hostname}" ];
|
|
});
|
|
}
|