From 5f9a852d73029c75614e3fbd13403cde621c9921 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sat, 11 Sep 2021 12:30:24 -0400 Subject: [PATCH] provision facade --- flake.nix | 38 ++++++++++++++++++-------------------- hosts/facade.nix | 36 ++++++++++++++++++++++++++++++++++++ hosts/p71.nix | 2 +- 3 files changed, 55 insertions(+), 21 deletions(-) create mode 100644 hosts/facade.nix diff --git a/flake.nix b/flake.nix index b4b083b..6f860b6 100644 --- a/flake.nix +++ b/flake.nix @@ -21,6 +21,19 @@ outputs = inputs@{ self, home-manager, nixpkgs, ... }: let system = "x86_64-linux"; + # Features common to all of my machines + commonModules = [ + ./features/self-ide.nix + ./features/caches + ./features/current-location.nix + ./features/passwordstore.nix + ./features/syncthing.nix + ./features/protonvpn.nix + ./features/server/harden.nix + ]; + graphicsCommonModules = [ + ./features/monitor-brightness.nix + ]; # Make configuration for any computer I use in my home office. mkHomeMachine = configurationNix: extraModules: nixpkgs.lib.nixosSystem { inherit system; @@ -31,16 +44,6 @@ # System configuration configurationNix - # Features common to all of my machines - ./features/self-ide.nix - ./features/caches - ./features/current-location.nix - ./features/passwordstore.nix - ./features/syncthing.nix - ./features/protonvpn.nix - ./features/docker.nix - ./features/monitor-brightness.nix - # home-manager configuration home-manager.nixosModules.home-manager { @@ -51,7 +54,7 @@ pkgs = import nixpkgs { inherit system; }; }; } - ] ++ extraModules + ] ++ commonModules ++ extraModules ); }; in @@ -60,7 +63,7 @@ # nixosConfigurations.p71 = mkHomeMachine ./hosts/p71.nix - [ + (graphicsCommonModules ++ [ inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p53 ./features/desktopish #./features/gnome.nix @@ -72,8 +75,7 @@ #./features/server-mode.nix # ./features/postgrest.nix ./features/server/devserver.nix - ./features/server/harden.nix - ]; + ]); nixosConfigurations.x1c7 = mkHomeMachine ./hosts/x1c7.nix [ @@ -82,13 +84,9 @@ ./features/gnome.nix ./features/desktopish/guiapps.nix ]; - nixosConfigurations.ryzen9 = mkHomeMachine - ./hosts/ryzen9.nix + nixosConfigurations.facade = mkHomeMachine + ./hosts/facade.nix [ - ./features/server/harden.nix - ./features/server/devserver.nix - ./features/ema/emanote.nix - ./features/lxd.nix ]; }; diff --git a/hosts/facade.nix b/hosts/facade.nix new file mode 100644 index 0000000..1d126fe --- /dev/null +++ b/hosts/facade.nix @@ -0,0 +1,36 @@ +{ config, pkgs, lib, modulesPath, ... }: + +{ + + imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [ + (modulesPath + "/virtualisation/digital-ocean-config.nix") + ]; + + nixpkgs.config.allowUnfree = true; + nix = { + package = pkgs.nixUnstable; + extraOptions = '' + experimental-features = nix-command flakes + ''; + trustedUsers = [ "root" "srid" ]; + }; + + environment.systemPackages = with pkgs; [ + cryptsetup + ]; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.srid = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.11"; # Did you read the comment? + +} diff --git a/hosts/p71.nix b/hosts/p71.nix index 9341466..7edb96a 100644 --- a/hosts/p71.nix +++ b/hosts/p71.nix @@ -73,7 +73,7 @@ isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "audio" ]; }; - users.users.srid.openssh.authorizedKeys.keys = import ./sshkeys.nix; + users.users.srid.openssh.authorizedKeys.keys = [ (builtins.readFile ../id_rsa.pub) ]; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];