reorg

nixosModules/default.nix

@@ -1,9 +1,8 @@
 {
   pkgs,
   config,
-  lib,
-  inputs,
-  outputs,
+  systemSettings,
+  userSettings,
   ...
 }: {
   imports =
@@ -13,7 +12,34 @@
 
   config = {
     nix.settings.experimental-features = ["nix-command" "flakes"];
-    programs.nix-ld.enable = true;
     nixpkgs.config.allowUnfree = true;
+    system.stateVersion = "${systemSettings.stateVersion}";
+    # programs.nix-ld.enable = true;
+    services.openssh.enable = true;
+    services.avahi = { enable = true; nssmdns4 = true; };
+
+    time.timeZone = "${systemSettings.timeZone}";
+    networking.hostName = systemSettings.hostName;
+
+    environment.systemPackages = with pkgs; [
+      home-manager
+      bash
+      busybox
+      git
+      eza
+    ];
+
+    security.sudo-rs = {
+      enable = true;
+      execWheelOnly = false;
+      wheelNeedsPassword = false; # allows sudo without password for those in the wheel group
+    };
+
+    users.users.${userSettings.username} = {
+      isNormalUser = true;
+      uid = 1000;
+      extraGroups = [ "wheel" ];
+      openssh.authorizedKeys.keyFiles = [ /root/.ssh/authorized_keys ];
+    };
   };
 }

nixosModules/services/loki.nix

@@ -1,12 +1,13 @@
 { pkgs, config, ... }:
+let
+  lokiPort = config.services.loki.configuration.server.http_listen_port;
+in
 {
-  networking.firewall.allowedTCPPorts = [
-    config.services.loki.configuration.server.http_listen_port
-  ];
+  networking.firewall.allowedTCPPorts = [ lokiPort ];
 
   environment.systemPackages = with pkgs; [
     (pkgs.writeShellScriptBin "loki-check" ''
-      curl http://localhost:${config.services.loki.configuration.server.http_listen_port}/ready
+      curl http://localhost:${builtins.toString lokiPort}/ready
     '')
     (pkgs.writeShellScriptBin "loki-logs" "journalctl -b -u loki.service -n 10")
   ];