Rebase to flake parts #1

2026-05-01 15:00:10 -03:00
commit 37a394265b
176 changed files with 30782 additions and 0 deletions
@@ -0,0 +1,82 @@
+{ self, inputs, ... }: {
+  flake.nixosModules.nix-serverConfiguration =
+    {
+      self,
+      config,
+      lib,
+      pkgs,
+      ...
+    }:
+    {
+      imports = [
+        self.nixosModules.nix-serverHardware
+        inputs.sops-nix.nixosModules.sops
+        self.nixosModules.system
+        self.nixosModules.users
+        ./_services/attic-cache-server.nix
+        ./_services/portainer.nix
+        ./_services/swiftshare.nix
+        ./_services/immich.nix
+      ];
+
+      boot.loader.grub = {
+        enable = true;
+        efiSupport = false;
+        device = "/dev/sda";
+      };
+
+      services.qemuGuest.enable = true;
+
+      services.openssh = {
+        enable = true;
+        settings = {
+          PasswordAuthentication = true;
+          KbdInteractiveAuthentication = false;
+          PermitRootLogin = "no";
+          UseDns = false;
+        };
+      };
+
+      sops = {
+        defaultSopsFile = ../../../secrets/secrets.yaml;
+        defaultSopsFormat = "yaml";
+        age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+      };
+
+      sops.secrets."users/server/hashedPassword".neededForUsers = true;
+
+      security.sudo.wheelNeedsPassword = true;
+
+      nix.settings = {
+        experimental-features = [ "nix-command" "flakes" ];
+        trusted-users = [ "root" "@wheel" ];
+        allowed-users = [ "root" "@wheel" ];
+      };
+
+      chiasson.system = {
+        networking = {
+          hostName = "nix-server";
+          networkManager.enable = true;
+        };
+
+        caching.attic = {
+          enable = true;
+          cacheName = "nixos-new";
+          endpoint = "http://127.0.0.1:8080";
+          publicKey = "nixos-new:8NySIcT0HP7KvGQKgBRWoWESxxRA8BVYo8S85UNpNX0=";
+        };
+        extraPackages = with pkgs; [ btop ];
+      };
+
+      chiasson.users = {
+        enabled = [ "server" ];
+        hostOverrides.server = {
+          hashedPasswordFile = config.sops.secrets."users/server/hashedPassword".path;
+        };
+      };
+
+      services.xserver.enable = lib.mkDefault false;
+
+      system.stateVersion = "25.11";
+    };
+}