44 lines
826 B
Nix
44 lines
826 B
Nix
{ den, lib, lux, ... }:
|
|
let
|
|
lingerForUsers = den.lib.perHost (
|
|
{ host, ... }:
|
|
{
|
|
nixos.users.users = lib.mapAttrs (_: _: {
|
|
linger = true;
|
|
}) host.users;
|
|
}
|
|
);
|
|
in
|
|
{
|
|
den.aspects.orion = {
|
|
includes = (with lux.services._; [
|
|
caddy
|
|
openssh
|
|
vaultwarden
|
|
radicale
|
|
actual
|
|
gitea
|
|
]) ++ [ lingerForUsers ];
|
|
|
|
nixos =
|
|
{ pkgs, ... }:
|
|
{
|
|
environment.systemPackages = [
|
|
pkgs.kitty
|
|
];
|
|
|
|
networking = {
|
|
firewall.enable = true;
|
|
firewall.allowPing = false;
|
|
nftables.enable = true;
|
|
};
|
|
|
|
# Use ssh authorization for sudo instead of password
|
|
security.pam = {
|
|
sshAgentAuth.enable = true;
|
|
services.sudo.sshAgentAuth = true;
|
|
};
|
|
};
|
|
};
|
|
}
|