71 lines
1.4 KiB
Nix
71 lines
1.4 KiB
Nix
{
|
|
inputs,
|
|
config,
|
|
...
|
|
}:
|
|
let
|
|
nixosModules = config.flake.modules.nixos;
|
|
in
|
|
{
|
|
flake.modules.nixos.orion =
|
|
{ pkgs, ... }:
|
|
let
|
|
host = {
|
|
isServer = true;
|
|
};
|
|
in
|
|
{
|
|
_module.args.host = host;
|
|
|
|
imports = [
|
|
inputs.home-manager.nixosModules.home-manager
|
|
nixosModules.sopsHost
|
|
nixosModules.caddy
|
|
nixosModules.openssh
|
|
nixosModules.vaultwarden
|
|
nixosModules.radicale
|
|
nixosModules.actual
|
|
nixosModules.gitea
|
|
nixosModules.kiri
|
|
./_hardware.nix
|
|
./_disk.nix
|
|
];
|
|
|
|
system.stateVersion = "24.05";
|
|
|
|
home-manager = {
|
|
useGlobalPkgs = true;
|
|
backupFileExtension = "bak";
|
|
extraSpecialArgs = { inherit inputs; };
|
|
};
|
|
|
|
networking.hostName = "orion";
|
|
|
|
security.sudo.extraConfig = ''
|
|
Defaults env_keep+=SSH_AUTH_SOCK
|
|
'';
|
|
|
|
users.users.kiri = {
|
|
linger = true;
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAU2LydkXRTtNFY7oyX8JQURwXLVhB71DeK8XzrXeFX1 openpgp:0xA490D93A"
|
|
];
|
|
};
|
|
|
|
environment.systemPackages = [
|
|
pkgs.kitty
|
|
];
|
|
|
|
networking = {
|
|
firewall.enable = true;
|
|
firewall.allowPing = false;
|
|
nftables.enable = true;
|
|
};
|
|
|
|
security.pam = {
|
|
sshAgentAuth.enable = true;
|
|
services.sudo.sshAgentAuth = true;
|
|
};
|
|
};
|
|
}
|