Commit

modules/hosts/orion/default.nix

@@ -0,0 +1,44 @@
+{ lib, lux, ... }:
+{
+  den.hosts.x86_64-linux.orion = {
+    domain = "jelles.net";
+  };
+
+  den.aspects.orion = {
+    includes = with lux.services._; [
+      caddy
+      openssh
+      vaultwarden
+      radicale
+      actual
+      gitea
+
+      (
+        { user, ... }:
+        {
+          nixos.users.users."${user.name}".linger = true;
+        }
+      )
+    ];
+
+    nixos =
+      { pkgs, ... }:
+      {
+        environment.systemPackages = [
+          pkgs.kitty
+        ];
+
+        networking = {
+          firewall.enable = true;
+          firewall.allowPing = false;
+          nftables.enable = true;
+        };
+
+        # Use ssh authorization for sudo instead of password
+        security.pam = {
+          sshAgentAuth.enable = true;
+          services.sudo.sshAgentAuth = true;
+        };
+      };
+  };
+}