mirror of
https://github.com/sstent/vmimages.git
synced 2026-01-25 14:41:44 +00:00
addin ssh key
This commit is contained in:
@@ -1,9 +1,14 @@
|
||||
{ lib, pkgs, config, inputs, ... }: {
|
||||
|
||||
{
|
||||
lib,
|
||||
pkgs,
|
||||
config,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
../common.nix
|
||||
../user-sstent.nix
|
||||
inputs.nixos-wsl.nixosModules.wsl
|
||||
inputs.nixos-wsl.nixosModules.wsl
|
||||
];
|
||||
|
||||
# system.stateVersion = "22.11";
|
||||
@@ -15,6 +20,4 @@
|
||||
syncthing.enable = true;
|
||||
wsl.enable = true;
|
||||
};
|
||||
|
||||
|
||||
}
|
||||
|
||||
165
hosts/common.nix
165
hosts/common.nix
@@ -1,81 +1,84 @@
|
||||
# This file (and the global directory) holds config that i use on all hosts
|
||||
{ lib, inputs, outputs, pkgs, config, ... }:
|
||||
{
|
||||
imports = [
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
]++ (builtins.attrValues outputs.nixosModules);
|
||||
|
||||
###dotfiles path variable
|
||||
options._dotfiles = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "${inputs.self}/home-manager/dotfiles";
|
||||
description = "Path to the dotfiles in this repository";
|
||||
};
|
||||
|
||||
###secrets path variable
|
||||
options._secrets = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "/run/user/1000/secrets";
|
||||
description = "Path to the Secrets runtime";
|
||||
};
|
||||
|
||||
|
||||
###secretstore path variable
|
||||
options._secretstore = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "${inputs.self}/secrets";
|
||||
description = "Path to the Secrets storage";
|
||||
};
|
||||
|
||||
config = {
|
||||
system.stateVersion = "23.05";
|
||||
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = "${config._secretstore}/host-secrets.yaml";
|
||||
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
};
|
||||
|
||||
|
||||
home-manager = {
|
||||
useUserPackages = true;
|
||||
extraSpecialArgs = { inherit inputs outputs; };
|
||||
sharedModules = [
|
||||
inputs.sops-nix.homeManagerModules.sops
|
||||
];
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
programs.fuse.userAllowOther = true;
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
# nixpkgs.overlays = overlays;
|
||||
# Enable nix flakes
|
||||
nix.package = pkgs.nixFlakes;
|
||||
nix.extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
'';
|
||||
nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
|
||||
# nix.nixPath = [ "nixpkgs=pkgs.outPath" ];
|
||||
networking.search = ["node.dc1.consul" "service.dc1.consul"];
|
||||
|
||||
|
||||
#services.envfs.enable = true;
|
||||
environment.systemPackages = [
|
||||
pkgs.git
|
||||
pkgs.home-manager
|
||||
pkgs.sops
|
||||
pkgs.ssh-to-age
|
||||
pkgs.age
|
||||
pkgs.bitwarden-cli
|
||||
];
|
||||
|
||||
nix.gc = {
|
||||
automatic = true; # Enable the automatic garbage collector
|
||||
dates = "03:15"; # When to run the garbage collector
|
||||
options = "-d"; # Arguments to pass to nix-collect-garbage
|
||||
};
|
||||
|
||||
};
|
||||
}
|
||||
# This file (and the global directory) holds config that i use on all hosts
|
||||
{
|
||||
lib,
|
||||
inputs,
|
||||
outputs,
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
imports =
|
||||
[
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
]
|
||||
++ (builtins.attrValues outputs.nixosModules);
|
||||
|
||||
###dotfiles path variable
|
||||
options._dotfiles = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "${inputs.self}/home-manager/dotfiles";
|
||||
description = "Path to the dotfiles in this repository";
|
||||
};
|
||||
|
||||
###secrets path variable
|
||||
options._secrets = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "/run/user/1000/secrets";
|
||||
description = "Path to the Secrets runtime";
|
||||
};
|
||||
|
||||
###secretstore path variable
|
||||
options._secretstore = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "${inputs.self}/secrets";
|
||||
description = "Path to the Secrets storage";
|
||||
};
|
||||
|
||||
config = {
|
||||
system.stateVersion = "23.05";
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = "${config._secretstore}/host-secrets.yaml";
|
||||
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
|
||||
};
|
||||
|
||||
home-manager = {
|
||||
useUserPackages = true;
|
||||
extraSpecialArgs = {inherit inputs outputs;};
|
||||
sharedModules = [
|
||||
inputs.sops-nix.homeManagerModules.sops
|
||||
];
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
programs.fuse.userAllowOther = true;
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
# nixpkgs.overlays = overlays;
|
||||
# Enable nix flakes
|
||||
nix.package = pkgs.nixFlakes;
|
||||
nix.extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
'';
|
||||
nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"];
|
||||
# nix.nixPath = [ "nixpkgs=pkgs.outPath" ];
|
||||
networking.search = ["node.dc1.consul" "service.dc1.consul"];
|
||||
|
||||
#services.envfs.enable = true;
|
||||
environment.systemPackages = [
|
||||
pkgs.git
|
||||
pkgs.home-manager
|
||||
pkgs.sops
|
||||
pkgs.ssh-to-age
|
||||
pkgs.age
|
||||
pkgs.bitwarden-cli
|
||||
];
|
||||
|
||||
nix.gc = {
|
||||
automatic = true; # Enable the automatic garbage collector
|
||||
dates = "03:15"; # When to run the garbage collector
|
||||
options = "-d"; # Arguments to pass to nix-collect-garbage
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,9 +1,14 @@
|
||||
{ lib, pkgs, config, inputs, ... }: {
|
||||
|
||||
{
|
||||
lib,
|
||||
pkgs,
|
||||
config,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
../common.nix
|
||||
../user-sstent.nix
|
||||
inputs.nixos-wsl.nixosModules.wsl
|
||||
inputs.nixos-wsl.nixosModules.wsl
|
||||
];
|
||||
|
||||
# system.stateVersion = "22.11";
|
||||
@@ -16,5 +21,4 @@
|
||||
syncthing.enable = true;
|
||||
wsl.enable = true;
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
@@ -1,25 +1,26 @@
|
||||
{ inputs, lib, config, ... }:
|
||||
{
|
||||
|
||||
sops.secrets.sstent_password = {
|
||||
#sopsFile = ./secrets.yaml;
|
||||
neededForUsers = true;
|
||||
};
|
||||
|
||||
users.users = {
|
||||
sstent = {
|
||||
# initialPassword = "farscape5";
|
||||
uid = 1000;
|
||||
passwordFile = config.sops.secrets.sstent_password.path;
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC"
|
||||
];
|
||||
extraGroups = [ "wheel" "video" ];
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
# home-manager.users.misterio = import home/${config.networking.hostName}.nix;
|
||||
|
||||
}
|
||||
{
|
||||
inputs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
sops.secrets.sstent_password = {
|
||||
#sopsFile = ./secrets.yaml;
|
||||
neededForUsers = true;
|
||||
};
|
||||
|
||||
users.users = {
|
||||
sstent = {
|
||||
# initialPassword = "farscape5";
|
||||
uid = 1000;
|
||||
passwordFile = config.sops.secrets.sstent_password.path;
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC"
|
||||
];
|
||||
extraGroups = ["wheel" "video"];
|
||||
};
|
||||
};
|
||||
|
||||
# home-manager.users.misterio = import home/${config.networking.hostName}.nix;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user