reorg hosts
This commit is contained in:
parent
e3c1278a29
commit
305237c3ea
|
@ -271,11 +271,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716330097,
|
"lastModified": 1716509168,
|
||||||
"narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=",
|
"narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2",
|
"rev": "bfb7a882678e518398ce9a31a881538679f6f092",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -1,10 +1,41 @@
|
||||||
{ pkgs, lib, inputs, config, ...}:
|
{ pkgs, lib, inputs, config, outputs, ...}:
|
||||||
|
let
|
||||||
|
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
|
||||||
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./sops.nix
|
./sops.nix
|
||||||
./locale.nix
|
./locale.nix
|
||||||
|
inputs.impermanence.nixosModules.impermanence
|
||||||
];
|
];
|
||||||
|
|
||||||
|
nixpkgs = {
|
||||||
|
overlays = [
|
||||||
|
outputs.overlays.additions
|
||||||
|
outputs.overlays.modifications
|
||||||
|
outputs.overlays.unstable-packages
|
||||||
|
];
|
||||||
|
config = {
|
||||||
|
allowUnfree = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.gnupg.agent = {
|
||||||
|
enable = true;
|
||||||
|
enableSSHSupport = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||||
|
|
||||||
|
users = {
|
||||||
|
mutableUsers = true;
|
||||||
|
extraUsers = {
|
||||||
|
root = {
|
||||||
|
hashedPasswordFile = sopsHashedPasswordFile;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
pkgs.rsync
|
pkgs.rsync
|
||||||
pkgs.curl
|
pkgs.curl
|
||||||
|
|
|
@ -5,4 +5,6 @@
|
||||||
keyMap = "uk";
|
keyMap = "uk";
|
||||||
useXkbConfig = false;
|
useXkbConfig = false;
|
||||||
};
|
};
|
||||||
|
time.timeZone = "Europe/London";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
let
|
let
|
||||||
secretsDirectory = builtins.toString inputs.nix-secrets;
|
secretsDirectory = builtins.toString inputs.nix-secrets;
|
||||||
secretsFile = "${secretsDirectory}/secrets.yaml";
|
secretsFile = "${secretsDirectory}/secrets.yaml";
|
||||||
hasOptinPersistence = environment.persistence ? "/persist";
|
hasOptinPersistence = config.environment.persistence ? "/persist";
|
||||||
hostname = config.networking.hostName;
|
hostname = config.networking.hostName;
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ lib, config, ... }:
|
{ lib, config, ... }:
|
||||||
let
|
let
|
||||||
sshPort = 22;
|
sshPort = 22;
|
||||||
hasOptinPersistence = environment.persistence ? "/persist";
|
hasOptinPersistence = config.environment.persistence ? "/persist";
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
||||||
|
|
|
@ -5,11 +5,11 @@ let
|
||||||
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/${user}".path;
|
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/${user}".path;
|
||||||
secretsDirectory = builtins.toString inputs.nix-secrets;
|
secretsDirectory = builtins.toString inputs.nix-secrets;
|
||||||
secretsFile = "${secretsDirectory}/secrets.yaml";
|
secretsFile = "${secretsDirectory}/secrets.yaml";
|
||||||
user = "media";
|
username = "media";
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
users.users.media = {
|
users.users.${username} = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
shell = pkgs.zsh; # default shell
|
shell = pkgs.zsh; # default shell
|
||||||
hashedPasswordFile = sopsHashedPasswordFile;
|
hashedPasswordFile = sopsHashedPasswordFile;
|
||||||
|
@ -40,31 +40,25 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.secrets."passwords/${user}" = {
|
sops.secrets."passwords/${username}" = {
|
||||||
sopsFile = "${secretsFile}";
|
sopsFile = "${secretsFile}";
|
||||||
neededForUsers = true;
|
neededForUsers = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.secrets."ssh_keys/${user}/id_ed25519" = {
|
sops.secrets."ssh_keys/${username}/id_ed25519" = {
|
||||||
path = "/home/${user}/.ssh/id_ed25519";
|
path = "/home/${username}/.ssh/id_ed25519";
|
||||||
mode = "0600";
|
mode = "0600";
|
||||||
owner = config.users.users.media.name;
|
owner = config.users.users.${username}.name;
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.secrets."ssh_keys/${user}/id_ed25519.pub" = {
|
sops.secrets."ssh_keys/${username}/id_ed25519.pub" = {
|
||||||
path = "/home/${user}/.ssh/id_ed25519.pub";
|
path = "/home/${username}/.ssh/id_ed25519.pub";
|
||||||
mode = "0644";
|
mode = "0644";
|
||||||
owner = config.users.users.media.name;
|
owner = config.users.users.${username}.name;
|
||||||
};
|
};
|
||||||
|
|
||||||
# # Need to change ownership of the secrets as they are created as root
|
|
||||||
# system.activationScripts.sopsSetAgeKeyOwnwership = ''
|
|
||||||
# mkdir -p /home/${user}/.config || true
|
|
||||||
# chown -R ${user}:users /home/${user}/.config
|
|
||||||
# '';
|
|
||||||
|
|
||||||
services.flatpak.enable = true;
|
services.flatpak.enable = true;
|
||||||
users.users.media = {
|
users.users.${username} = {
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
flatpak
|
flatpak
|
||||||
gnome.gnome-software
|
gnome.gnome-software
|
||||||
|
@ -77,7 +71,7 @@ in
|
||||||
home-manager = {
|
home-manager = {
|
||||||
extraSpecialArgs = { inherit inputs; };
|
extraSpecialArgs = { inherit inputs; };
|
||||||
users = {
|
users = {
|
||||||
${user} = import ../../../../home/${hostname}.nix;
|
${username} = import ../../../../home/${hostname}.nix;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,13 +5,12 @@ let
|
||||||
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/sam".path;
|
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/sam".path;
|
||||||
secretsDirectory = builtins.toString inputs.nix-secrets;
|
secretsDirectory = builtins.toString inputs.nix-secrets;
|
||||||
secretsFile = "${secretsDirectory}/secrets.yaml";
|
secretsFile = "${secretsDirectory}/secrets.yaml";
|
||||||
|
username = "sam";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
users.users.sam = {
|
users.users.${username} = {
|
||||||
mutableUsers = true;
|
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
shell = pkgs.zsh; # default shell
|
shell = pkgs.zsh; # default shell
|
||||||
initialPassword = "nixos";
|
|
||||||
hashedPasswordFile = sopsHashedPasswordFile;
|
hashedPasswordFile = sopsHashedPasswordFile;
|
||||||
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
|
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
|
||||||
|
|
||||||
|
@ -24,7 +23,7 @@ in
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.secrets."passwords/sam" = {
|
sops.secrets."passwords/${username}" = {
|
||||||
sopsFile = "${secretsFile}";
|
sopsFile = "${secretsFile}";
|
||||||
neededForUsers = true;
|
neededForUsers = true;
|
||||||
};
|
};
|
||||||
|
@ -34,7 +33,7 @@ in
|
||||||
home-manager = {
|
home-manager = {
|
||||||
extraSpecialArgs = { inherit inputs; };
|
extraSpecialArgs = { inherit inputs; };
|
||||||
users = {
|
users = {
|
||||||
sam = import ../../../../home/${hostname}.nix;
|
${username} = import ../../../../home/${hostname}.nix;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
{ inputs, config, lib, pkgs, outputs,... }:
|
{ inputs, config, lib, pkgs, outputs,... }:
|
||||||
|
let
|
||||||
|
dev = "/dev/vda";
|
||||||
|
in
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
|
@ -18,21 +20,8 @@
|
||||||
|
|
||||||
];
|
];
|
||||||
|
|
||||||
nixpkgs = {
|
|
||||||
overlays = [
|
|
||||||
outputs.overlays.additions
|
|
||||||
outputs.overlays.modifications
|
|
||||||
outputs.overlays.unstable-packages
|
|
||||||
];
|
|
||||||
config = {
|
|
||||||
allowUnfree = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
||||||
|
|
||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.device = "/dev/vda";
|
boot.loader.grub.device = "${dev}";
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "nixdev";
|
hostName = "nixdev";
|
||||||
|
@ -40,17 +29,8 @@
|
||||||
enableIPv6 = false;
|
enableIPv6 = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
time.timeZone = "Europe/London";
|
|
||||||
|
|
||||||
services.printing.enable = true;
|
|
||||||
|
|
||||||
services.libinput.enable = true;
|
services.libinput.enable = true;
|
||||||
|
|
||||||
programs.gnupg.agent = {
|
|
||||||
enable = true;
|
|
||||||
enableSSHSupport = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = "23.11";
|
system.stateVersion = "23.11";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,15 +1,14 @@
|
||||||
{ inputs, config, lib, pkgs, outputs,... }:
|
{ inputs, config, lib, pkgs, outputs,... }:
|
||||||
let
|
let
|
||||||
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
|
dev = "/dev/vda";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
# Disk configuration
|
# Disk configuration
|
||||||
inputs.disko.nixosModules.disko
|
inputs.disko.nixosModules.disko
|
||||||
(import ../common/disks/std-disk-config.nix { device = "/dev/vda"; })
|
(import ../common/disks/std-disk-config.nix { device = ${dev}; })
|
||||||
../common/optional/btrfs-impermanence.nix
|
../common/optional/btrfs-impermanence.nix
|
||||||
inputs.impermanence.nixosModules.impermanence
|
|
||||||
|
|
||||||
# Create users for this host
|
# Create users for this host
|
||||||
../common/users/media
|
../common/users/media
|
||||||
|
@ -23,17 +22,6 @@ in
|
||||||
|
|
||||||
];
|
];
|
||||||
|
|
||||||
nixpkgs = {
|
|
||||||
overlays = [
|
|
||||||
outputs.overlays.additions
|
|
||||||
outputs.overlays.modifications
|
|
||||||
outputs.overlays.unstable-packages
|
|
||||||
];
|
|
||||||
config = {
|
|
||||||
allowUnfree = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/persist".neededForBoot = true;
|
fileSystems."/persist".neededForBoot = true;
|
||||||
environment.persistence."/persist" = {
|
environment.persistence."/persist" = {
|
||||||
hideMounts = true;
|
hideMounts = true;
|
||||||
|
@ -51,15 +39,6 @@ in
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
users = {
|
|
||||||
mutableUsers = true;
|
|
||||||
extraUsers = {
|
|
||||||
root = {
|
|
||||||
hashedPasswordFile = sopsHashedPasswordFile;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
loader = {
|
loader = {
|
||||||
systemd-boot.enable = true;
|
systemd-boot.enable = true;
|
||||||
|
@ -74,9 +53,6 @@ in
|
||||||
enableIPv6 = false;
|
enableIPv6 = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
|
||||||
qemuGuest.enable = true;
|
|
||||||
};
|
|
||||||
services.libinput.enable = true;
|
services.libinput.enable = true;
|
||||||
services.displayManager.defaultSession = "cinnamon";
|
services.displayManager.defaultSession = "cinnamon";
|
||||||
|
|
||||||
|
@ -88,6 +64,5 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
||||||
system.stateVersion = "23.11";
|
system.stateVersion = "23.11";
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue