reorg hosts

This commit is contained in:
Sam 2024-05-25 18:34:37 +01:00
parent e3c1278a29
commit 305237c3ea
9 changed files with 63 additions and 82 deletions

View File

@ -271,11 +271,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1716330097,
"narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=",
"lastModified": 1716509168,
"narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2",
"rev": "bfb7a882678e518398ce9a31a881538679f6f092",
"type": "github"
},
"original": {

View File

@ -1,10 +1,41 @@
{ pkgs, lib, inputs, config, ...}:
{ pkgs, lib, inputs, config, outputs, ...}:
let
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
in
{
imports = [
./sops.nix
./locale.nix
inputs.impermanence.nixosModules.impermanence
];
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
];
config = {
allowUnfree = true;
};
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
users = {
mutableUsers = true;
extraUsers = {
root = {
hashedPasswordFile = sopsHashedPasswordFile;
};
};
};
environment.systemPackages = [
pkgs.rsync
pkgs.curl

View File

@ -5,4 +5,6 @@
keyMap = "uk";
useXkbConfig = false;
};
time.timeZone = "Europe/London";
}

View File

@ -3,7 +3,7 @@
let
secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml";
hasOptinPersistence = environment.persistence ? "/persist";
hasOptinPersistence = config.environment.persistence ? "/persist";
hostname = config.networking.hostName;
in

View File

@ -1,7 +1,7 @@
{ lib, config, ... }:
let
sshPort = 22;
hasOptinPersistence = environment.persistence ? "/persist";
hasOptinPersistence = config.environment.persistence ? "/persist";
in

View File

@ -5,11 +5,11 @@ let
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/${user}".path;
secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml";
user = "media";
username = "media";
in
{
users.users.media = {
users.users.${username} = {
isNormalUser = true;
shell = pkgs.zsh; # default shell
hashedPasswordFile = sopsHashedPasswordFile;
@ -40,31 +40,25 @@ in
};
};
sops.secrets."passwords/${user}" = {
sops.secrets."passwords/${username}" = {
sopsFile = "${secretsFile}";
neededForUsers = true;
};
sops.secrets."ssh_keys/${user}/id_ed25519" = {
path = "/home/${user}/.ssh/id_ed25519";
sops.secrets."ssh_keys/${username}/id_ed25519" = {
path = "/home/${username}/.ssh/id_ed25519";
mode = "0600";
owner = config.users.users.media.name;
owner = config.users.users.${username}.name;
};
sops.secrets."ssh_keys/${user}/id_ed25519.pub" = {
path = "/home/${user}/.ssh/id_ed25519.pub";
sops.secrets."ssh_keys/${username}/id_ed25519.pub" = {
path = "/home/${username}/.ssh/id_ed25519.pub";
mode = "0644";
owner = config.users.users.media.name;
owner = config.users.users.${username}.name;
};
# # Need to change ownership of the secrets as they are created as root
# system.activationScripts.sopsSetAgeKeyOwnwership = ''
# mkdir -p /home/${user}/.config || true
# chown -R ${user}:users /home/${user}/.config
# '';
services.flatpak.enable = true;
users.users.media = {
users.users.${username} = {
packages = with pkgs; [
flatpak
gnome.gnome-software
@ -77,7 +71,7 @@ in
home-manager = {
extraSpecialArgs = { inherit inputs; };
users = {
${user} = import ../../../../home/${hostname}.nix;
${username} = import ../../../../home/${hostname}.nix;
};
};
}

View File

@ -5,13 +5,12 @@ let
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/sam".path;
secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml";
username = "sam";
in
{
users.users.sam = {
mutableUsers = true;
users.users.${username} = {
isNormalUser = true;
shell = pkgs.zsh; # default shell
initialPassword = "nixos";
hashedPasswordFile = sopsHashedPasswordFile;
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
@ -24,7 +23,7 @@ in
};
sops.secrets."passwords/sam" = {
sops.secrets."passwords/${username}" = {
sopsFile = "${secretsFile}";
neededForUsers = true;
};
@ -34,7 +33,7 @@ in
home-manager = {
extraSpecialArgs = { inherit inputs; };
users = {
sam = import ../../../../home/${hostname}.nix;
${username} = import ../../../../home/${hostname}.nix;
};
};

View File

@ -1,5 +1,7 @@
{ inputs, config, lib, pkgs, outputs,... }:
let
dev = "/dev/vda";
in
{
imports =
[
@ -18,21 +20,8 @@
];
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
];
config = {
allowUnfree = true;
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/vda";
boot.loader.grub.device = "${dev}";
networking = {
hostName = "nixdev";
@ -40,17 +29,8 @@
enableIPv6 = false;
};
time.timeZone = "Europe/London";
services.printing.enable = true;
services.libinput.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
system.stateVersion = "23.11";
}

View File

@ -1,15 +1,14 @@
{ inputs, config, lib, pkgs, outputs,... }:
let
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
dev = "/dev/vda";
in
{
imports =
[
# Disk configuration
inputs.disko.nixosModules.disko
(import ../common/disks/std-disk-config.nix { device = "/dev/vda"; })
(import ../common/disks/std-disk-config.nix { device = ${dev}; })
../common/optional/btrfs-impermanence.nix
inputs.impermanence.nixosModules.impermanence
# Create users for this host
../common/users/media
@ -23,17 +22,6 @@ in
];
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
];
config = {
allowUnfree = true;
};
};
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
@ -51,15 +39,6 @@ in
];
};
users = {
mutableUsers = true;
extraUsers = {
root = {
hashedPasswordFile = sopsHashedPasswordFile;
};
};
};
boot = {
loader = {
systemd-boot.enable = true;
@ -74,9 +53,6 @@ in
enableIPv6 = false;
};
services = {
qemuGuest.enable = true;
};
services.libinput.enable = true;
services.displayManager.defaultSession = "cinnamon";
@ -88,6 +64,5 @@ in
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
system.stateVersion = "23.11";
}