diff options
| author | Kj Tsanaktsidis <kjtsanaktsidis@groq.com> | 2026-01-09 11:58:31 +1100 |
|---|---|---|
| committer | Kj Tsanaktsidis <kjtsanaktsidis@groq.com> | 2026-01-09 11:58:31 +1100 |
| commit | 98e94297af73c583c9636c99772b2c1c34f98743 (patch) | |
| tree | 1ac244e55b6d544d556b2327308d07708350e824 /labsrv01/configuration.nix | |
| parent | f5686b8e377ce3ecbf617783b4f2398423cb19fd (diff) | |
some refactor
Diffstat (limited to 'labsrv01/configuration.nix')
| -rw-r--r-- | labsrv01/configuration.nix | 108 |
1 files changed, 0 insertions, 108 deletions
diff --git a/labsrv01/configuration.nix b/labsrv01/configuration.nix deleted file mode 100644 index 50c5a0d..0000000 --- a/labsrv01/configuration.nix +++ /dev/null @@ -1,108 +0,0 @@ -{ - inputs, - modulesPath, - lib, - pkgs, - sops, - config, - ... -}@args: -{ - imports = [ - inputs.determinate.nixosModules.default - inputs.disko.nixosModules.disko - ./disk-config.nix - inputs.sops-nix.nixosModules.sops - ./secureboot.nix - ./network.nix - ./alt-arrow-vt.nix - - inputs.home-manager.nixosModules.home-manager - ./homes.nix - - ./cgit.nix - ]; - hardware.facter.reportPath = ./facter.json; - - nix = { - extraOptions = '' - experimental-features = ca-derivations nix-command flakes - ''; - settings = { - trusted-users = [ "root" "kjtsanaktsidis" ]; - substituters = [ - "https://cache.nixos.org" - # the ca-derivations cache seems to be down - # "https://cache.ngi0.nixos.org/" - ]; - trusted-public-keys = [ - "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=" - ]; - }; - }; - - sops = { - defaultSopsFile = ./secrets.yaml; - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - age.generateKey = false; - - secrets = { - luks_passphrase = { }; - kj_hashed_password = { - neededForUsers = true; - }; - ssh_host_key_ed25519 = { }; - ssh_host_key_rsa = { }; - }; - }; - - system.stateVersion = "25.11"; - swapDevices = [ - { - device = "/swap/swapfile"; - size = 32768; - } - ]; - - security.sudo.enable = true; - users.mutableUsers = false; - users.groups.kjtsanaktsidis = { }; - users.users = { - kjtsanaktsidis = { - createHome = true; - isNormalUser = true; - description = "KJ Tsanaktsidis"; - group = "kjtsanaktsidis"; - extraGroups = [ - "wheel" - "networkmanager" - ]; - shell = pkgs.zsh; - hashedPasswordFile = config.sops.secrets.kj_hashed_password.path; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAC/BtvW1c1RbBI8eeGo7oOH2y9byBaxWVDHsErgaE+s kjtsanaktsidis@KJMacbookGroq.local" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHsyhMLrlNiffDrqz0s46hZF8IdR9/qX63TUyllK0LCA kj@KJ-PC" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS77sno1zVa6uO+2wCbBK489snNIp3uvymca2cHX/33 kjtsanaktsidis@labsrv01" - ]; - }; - }; - - services.openssh = { - enable = true; - hostKeys = [ - { - type = "ed25519"; - path = config.sops.secrets.ssh_host_key_ed25519.path; - } - { - type = "rsa"; - path = config.sops.secrets.ssh_host_key_rsa.path; - } - ]; - }; - - services.fwupd.enable = true; - - # Enable zsh system-wide - programs.zsh.enable = true; -} |