reorg hosts

This commit is contained in:
Sam 2024-05-25 18:34:37 +01:00
parent e3c1278a29
commit 305237c3ea
9 changed files with 63 additions and 82 deletions

View File

@ -271,11 +271,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1716330097, "lastModified": 1716509168,
"narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=", "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2", "rev": "bfb7a882678e518398ce9a31a881538679f6f092",
"type": "github" "type": "github"
}, },
"original": { "original": {

View File

@ -1,10 +1,41 @@
{ pkgs, lib, inputs, config, ...}: { pkgs, lib, inputs, config, outputs, ...}:
let
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
in
{ {
imports = [ imports = [
./sops.nix ./sops.nix
./locale.nix ./locale.nix
inputs.impermanence.nixosModules.impermanence
]; ];
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
];
config = {
allowUnfree = true;
};
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
users = {
mutableUsers = true;
extraUsers = {
root = {
hashedPasswordFile = sopsHashedPasswordFile;
};
};
};
environment.systemPackages = [ environment.systemPackages = [
pkgs.rsync pkgs.rsync
pkgs.curl pkgs.curl

View File

@ -5,4 +5,6 @@
keyMap = "uk"; keyMap = "uk";
useXkbConfig = false; useXkbConfig = false;
}; };
time.timeZone = "Europe/London";
} }

View File

@ -3,7 +3,7 @@
let let
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml"; secretsFile = "${secretsDirectory}/secrets.yaml";
hasOptinPersistence = environment.persistence ? "/persist"; hasOptinPersistence = config.environment.persistence ? "/persist";
hostname = config.networking.hostName; hostname = config.networking.hostName;
in in

View File

@ -1,7 +1,7 @@
{ lib, config, ... }: { lib, config, ... }:
let let
sshPort = 22; sshPort = 22;
hasOptinPersistence = environment.persistence ? "/persist"; hasOptinPersistence = config.environment.persistence ? "/persist";
in in

View File

@ -5,11 +5,11 @@ let
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/${user}".path; sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/${user}".path;
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml"; secretsFile = "${secretsDirectory}/secrets.yaml";
user = "media"; username = "media";
in in
{ {
users.users.media = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.zsh; # default shell shell = pkgs.zsh; # default shell
hashedPasswordFile = sopsHashedPasswordFile; hashedPasswordFile = sopsHashedPasswordFile;
@ -40,31 +40,25 @@ in
}; };
}; };
sops.secrets."passwords/${user}" = { sops.secrets."passwords/${username}" = {
sopsFile = "${secretsFile}"; sopsFile = "${secretsFile}";
neededForUsers = true; neededForUsers = true;
}; };
sops.secrets."ssh_keys/${user}/id_ed25519" = { sops.secrets."ssh_keys/${username}/id_ed25519" = {
path = "/home/${user}/.ssh/id_ed25519"; path = "/home/${username}/.ssh/id_ed25519";
mode = "0600"; mode = "0600";
owner = config.users.users.media.name; owner = config.users.users.${username}.name;
}; };
sops.secrets."ssh_keys/${user}/id_ed25519.pub" = { sops.secrets."ssh_keys/${username}/id_ed25519.pub" = {
path = "/home/${user}/.ssh/id_ed25519.pub"; path = "/home/${username}/.ssh/id_ed25519.pub";
mode = "0644"; mode = "0644";
owner = config.users.users.media.name; owner = config.users.users.${username}.name;
}; };
# # Need to change ownership of the secrets as they are created as root
# system.activationScripts.sopsSetAgeKeyOwnwership = ''
# mkdir -p /home/${user}/.config || true
# chown -R ${user}:users /home/${user}/.config
# '';
services.flatpak.enable = true; services.flatpak.enable = true;
users.users.media = { users.users.${username} = {
packages = with pkgs; [ packages = with pkgs; [
flatpak flatpak
gnome.gnome-software gnome.gnome-software
@ -77,7 +71,7 @@ in
home-manager = { home-manager = {
extraSpecialArgs = { inherit inputs; }; extraSpecialArgs = { inherit inputs; };
users = { users = {
${user} = import ../../../../home/${hostname}.nix; ${username} = import ../../../../home/${hostname}.nix;
}; };
}; };
} }

View File

@ -5,13 +5,12 @@ let
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/sam".path; sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/sam".path;
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml"; secretsFile = "${secretsDirectory}/secrets.yaml";
username = "sam";
in in
{ {
users.users.sam = { users.users.${username} = {
mutableUsers = true;
isNormalUser = true; isNormalUser = true;
shell = pkgs.zsh; # default shell shell = pkgs.zsh; # default shell
initialPassword = "nixos";
hashedPasswordFile = sopsHashedPasswordFile; hashedPasswordFile = sopsHashedPasswordFile;
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
@ -24,7 +23,7 @@ in
}; };
sops.secrets."passwords/sam" = { sops.secrets."passwords/${username}" = {
sopsFile = "${secretsFile}"; sopsFile = "${secretsFile}";
neededForUsers = true; neededForUsers = true;
}; };
@ -34,7 +33,7 @@ in
home-manager = { home-manager = {
extraSpecialArgs = { inherit inputs; }; extraSpecialArgs = { inherit inputs; };
users = { users = {
sam = import ../../../../home/${hostname}.nix; ${username} = import ../../../../home/${hostname}.nix;
}; };
}; };

View File

@ -1,5 +1,7 @@
{ inputs, config, lib, pkgs, outputs,... }: { inputs, config, lib, pkgs, outputs,... }:
let
dev = "/dev/vda";
in
{ {
imports = imports =
[ [
@ -18,21 +20,8 @@
]; ];
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
];
config = {
allowUnfree = true;
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/vda"; boot.loader.grub.device = "${dev}";
networking = { networking = {
hostName = "nixdev"; hostName = "nixdev";
@ -40,17 +29,8 @@
enableIPv6 = false; enableIPv6 = false;
}; };
time.timeZone = "Europe/London";
services.printing.enable = true;
services.libinput.enable = true; services.libinput.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

View File

@ -1,15 +1,14 @@
{ inputs, config, lib, pkgs, outputs,... }: { inputs, config, lib, pkgs, outputs,... }:
let let
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path; dev = "/dev/vda";
in in
{ {
imports = imports =
[ [
# Disk configuration # Disk configuration
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
(import ../common/disks/std-disk-config.nix { device = "/dev/vda"; }) (import ../common/disks/std-disk-config.nix { device = ${dev}; })
../common/optional/btrfs-impermanence.nix ../common/optional/btrfs-impermanence.nix
inputs.impermanence.nixosModules.impermanence
# Create users for this host # Create users for this host
../common/users/media ../common/users/media
@ -23,17 +22,6 @@ in
]; ];
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
];
config = {
allowUnfree = true;
};
};
fileSystems."/persist".neededForBoot = true; fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = { environment.persistence."/persist" = {
hideMounts = true; hideMounts = true;
@ -51,15 +39,6 @@ in
]; ];
}; };
users = {
mutableUsers = true;
extraUsers = {
root = {
hashedPasswordFile = sopsHashedPasswordFile;
};
};
};
boot = { boot = {
loader = { loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
@ -74,9 +53,6 @@ in
enableIPv6 = false; enableIPv6 = false;
}; };
services = {
qemuGuest.enable = true;
};
services.libinput.enable = true; services.libinput.enable = true;
services.displayManager.defaultSession = "cinnamon"; services.displayManager.defaultSession = "cinnamon";
@ -88,6 +64,5 @@ in
}; };
}; };
nix.settings.experimental-features = [ "nix-command" "flakes" ];
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }