reorg hosts
This commit is contained in:
parent
e3c1278a29
commit
305237c3ea
|
@ -271,11 +271,11 @@
|
|||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1716330097,
|
||||
"narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=",
|
||||
"lastModified": 1716509168,
|
||||
"narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2",
|
||||
"rev": "bfb7a882678e518398ce9a31a881538679f6f092",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -1,10 +1,41 @@
|
|||
{ pkgs, lib, inputs, config, ...}:
|
||||
{ pkgs, lib, inputs, config, outputs, ...}:
|
||||
let
|
||||
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./sops.nix
|
||||
./locale.nix
|
||||
inputs.impermanence.nixosModules.impermanence
|
||||
];
|
||||
|
||||
nixpkgs = {
|
||||
overlays = [
|
||||
outputs.overlays.additions
|
||||
outputs.overlays.modifications
|
||||
outputs.overlays.unstable-packages
|
||||
];
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
};
|
||||
};
|
||||
|
||||
programs.gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
};
|
||||
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
users = {
|
||||
mutableUsers = true;
|
||||
extraUsers = {
|
||||
root = {
|
||||
hashedPasswordFile = sopsHashedPasswordFile;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.rsync
|
||||
pkgs.curl
|
||||
|
|
|
@ -5,4 +5,6 @@
|
|||
keyMap = "uk";
|
||||
useXkbConfig = false;
|
||||
};
|
||||
time.timeZone = "Europe/London";
|
||||
}
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
let
|
||||
secretsDirectory = builtins.toString inputs.nix-secrets;
|
||||
secretsFile = "${secretsDirectory}/secrets.yaml";
|
||||
hasOptinPersistence = environment.persistence ? "/persist";
|
||||
hasOptinPersistence = config.environment.persistence ? "/persist";
|
||||
hostname = config.networking.hostName;
|
||||
|
||||
in
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ lib, config, ... }:
|
||||
let
|
||||
sshPort = 22;
|
||||
hasOptinPersistence = environment.persistence ? "/persist";
|
||||
hasOptinPersistence = config.environment.persistence ? "/persist";
|
||||
|
||||
in
|
||||
|
||||
|
|
|
@ -5,11 +5,11 @@ let
|
|||
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/${user}".path;
|
||||
secretsDirectory = builtins.toString inputs.nix-secrets;
|
||||
secretsFile = "${secretsDirectory}/secrets.yaml";
|
||||
user = "media";
|
||||
username = "media";
|
||||
|
||||
in
|
||||
{
|
||||
users.users.media = {
|
||||
users.users.${username} = {
|
||||
isNormalUser = true;
|
||||
shell = pkgs.zsh; # default shell
|
||||
hashedPasswordFile = sopsHashedPasswordFile;
|
||||
|
@ -32,39 +32,33 @@ in
|
|||
".config/dconf"
|
||||
".config/cinnamon"
|
||||
".config/nemo"
|
||||
".mozilla"
|
||||
".local"
|
||||
".mozilla"
|
||||
".local"
|
||||
];
|
||||
files = [
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
sops.secrets."passwords/${user}" = {
|
||||
sops.secrets."passwords/${username}" = {
|
||||
sopsFile = "${secretsFile}";
|
||||
neededForUsers = true;
|
||||
};
|
||||
|
||||
sops.secrets."ssh_keys/${user}/id_ed25519" = {
|
||||
path = "/home/${user}/.ssh/id_ed25519";
|
||||
sops.secrets."ssh_keys/${username}/id_ed25519" = {
|
||||
path = "/home/${username}/.ssh/id_ed25519";
|
||||
mode = "0600";
|
||||
owner = config.users.users.media.name;
|
||||
owner = config.users.users.${username}.name;
|
||||
};
|
||||
|
||||
sops.secrets."ssh_keys/${user}/id_ed25519.pub" = {
|
||||
path = "/home/${user}/.ssh/id_ed25519.pub";
|
||||
sops.secrets."ssh_keys/${username}/id_ed25519.pub" = {
|
||||
path = "/home/${username}/.ssh/id_ed25519.pub";
|
||||
mode = "0644";
|
||||
owner = config.users.users.media.name;
|
||||
owner = config.users.users.${username}.name;
|
||||
};
|
||||
|
||||
# # Need to change ownership of the secrets as they are created as root
|
||||
# system.activationScripts.sopsSetAgeKeyOwnwership = ''
|
||||
# mkdir -p /home/${user}/.config || true
|
||||
# chown -R ${user}:users /home/${user}/.config
|
||||
# '';
|
||||
|
||||
services.flatpak.enable = true;
|
||||
users.users.media = {
|
||||
users.users.${username} = {
|
||||
packages = with pkgs; [
|
||||
flatpak
|
||||
gnome.gnome-software
|
||||
|
@ -77,7 +71,7 @@ in
|
|||
home-manager = {
|
||||
extraSpecialArgs = { inherit inputs; };
|
||||
users = {
|
||||
${user} = import ../../../../home/${hostname}.nix;
|
||||
${username} = import ../../../../home/${hostname}.nix;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -5,13 +5,12 @@ let
|
|||
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/sam".path;
|
||||
secretsDirectory = builtins.toString inputs.nix-secrets;
|
||||
secretsFile = "${secretsDirectory}/secrets.yaml";
|
||||
username = "sam";
|
||||
in
|
||||
{
|
||||
users.users.sam = {
|
||||
mutableUsers = true;
|
||||
users.users.${username} = {
|
||||
isNormalUser = true;
|
||||
shell = pkgs.zsh; # default shell
|
||||
initialPassword = "nixos";
|
||||
hashedPasswordFile = sopsHashedPasswordFile;
|
||||
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
|
||||
|
||||
|
@ -24,7 +23,7 @@ in
|
|||
|
||||
};
|
||||
|
||||
sops.secrets."passwords/sam" = {
|
||||
sops.secrets."passwords/${username}" = {
|
||||
sopsFile = "${secretsFile}";
|
||||
neededForUsers = true;
|
||||
};
|
||||
|
@ -34,7 +33,7 @@ in
|
|||
home-manager = {
|
||||
extraSpecialArgs = { inherit inputs; };
|
||||
users = {
|
||||
sam = import ../../../../home/${hostname}.nix;
|
||||
${username} = import ../../../../home/${hostname}.nix;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
{ inputs, config, lib, pkgs, outputs,... }:
|
||||
|
||||
let
|
||||
dev = "/dev/vda";
|
||||
in
|
||||
{
|
||||
imports =
|
||||
[
|
||||
|
@ -18,21 +20,8 @@
|
|||
|
||||
];
|
||||
|
||||
nixpkgs = {
|
||||
overlays = [
|
||||
outputs.overlays.additions
|
||||
outputs.overlays.modifications
|
||||
outputs.overlays.unstable-packages
|
||||
];
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
};
|
||||
};
|
||||
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.device = "/dev/vda";
|
||||
boot.loader.grub.device = "${dev}";
|
||||
|
||||
networking = {
|
||||
hostName = "nixdev";
|
||||
|
@ -40,17 +29,8 @@
|
|||
enableIPv6 = false;
|
||||
};
|
||||
|
||||
time.timeZone = "Europe/London";
|
||||
|
||||
services.printing.enable = true;
|
||||
|
||||
services.libinput.enable = true;
|
||||
|
||||
programs.gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
};
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
}
|
||||
|
|
|
@ -1,15 +1,14 @@
|
|||
{ inputs, config, lib, pkgs, outputs,... }:
|
||||
let
|
||||
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
|
||||
dev = "/dev/vda";
|
||||
in
|
||||
{
|
||||
imports =
|
||||
[
|
||||
# Disk configuration
|
||||
inputs.disko.nixosModules.disko
|
||||
(import ../common/disks/std-disk-config.nix { device = "/dev/vda"; })
|
||||
(import ../common/disks/std-disk-config.nix { device = ${dev}; })
|
||||
../common/optional/btrfs-impermanence.nix
|
||||
inputs.impermanence.nixosModules.impermanence
|
||||
|
||||
# Create users for this host
|
||||
../common/users/media
|
||||
|
@ -23,17 +22,6 @@ in
|
|||
|
||||
];
|
||||
|
||||
nixpkgs = {
|
||||
overlays = [
|
||||
outputs.overlays.additions
|
||||
outputs.overlays.modifications
|
||||
outputs.overlays.unstable-packages
|
||||
];
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
};
|
||||
};
|
||||
|
||||
fileSystems."/persist".neededForBoot = true;
|
||||
environment.persistence."/persist" = {
|
||||
hideMounts = true;
|
||||
|
@ -51,15 +39,6 @@ in
|
|||
];
|
||||
};
|
||||
|
||||
users = {
|
||||
mutableUsers = true;
|
||||
extraUsers = {
|
||||
root = {
|
||||
hashedPasswordFile = sopsHashedPasswordFile;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
boot = {
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
|
@ -74,9 +53,6 @@ in
|
|||
enableIPv6 = false;
|
||||
};
|
||||
|
||||
services = {
|
||||
qemuGuest.enable = true;
|
||||
};
|
||||
services.libinput.enable = true;
|
||||
services.displayManager.defaultSession = "cinnamon";
|
||||
|
||||
|
@ -88,6 +64,5 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
system.stateVersion = "23.11";
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue