Rebase to flake parts #13

2026-05-30 21:26:13 -03:00
parent 9a4ed1b04b
commit dcdd2c2d90
9 changed files with 245 additions and 46 deletions
@@ -0,0 +1,69 @@
+{ self, inputs, ... }: {
+  flake.nixosModules.r5500Configuration =
+    {
+      self,
+      config,
+      lib,
+      pkgs,
+      ...
+    }:
+    {
+      imports = [
+        self.nixosModules.r5500Hardware
+        inputs.sops-nix.nixosModules.sops
+        self.nixosModules.system
+        self.nixosModules.users
+      ];
+
+      boot.loader.grub = {
+        enable = true;
+        efiSupport = false;
+        device = "/dev/sda";
+      };
+
+      services.openssh = {
+        enable = true;
+        settings = {
+          PasswordAuthentication = true;
+          KbdInteractiveAuthentication = false;
+          PermitRootLogin = "no";
+          UseDns = false;
+        };
+      };
+
+      sops = {
+        defaultSopsFile = ../../../secrets/secrets.yaml;
+        defaultSopsFormat = "yaml";
+        age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+      };
+
+      sops.secrets."users/server/hashedPassword".neededForUsers = true;
+
+      security.sudo.wheelNeedsPassword = true;
+
+      nix.settings = {
+        experimental-features = [ "nix-command" "flakes" ];
+        trusted-users = [ "root" "@wheel" ];
+        allowed-users = [ "root" "@wheel" ];
+      };
+
+      chiasson.system = {
+        networking = {
+          hostName = "r5500";
+          networkManager.enable = true;
+        };
+        extraPackages = with pkgs; [ btop git ];
+      };
+
+      chiasson.users = {
+        enabled = [ "server" ];
+        hostOverrides.server = {
+          hashedPasswordFile = config.sops.secrets."users/server/hashedPassword".path;
+        };
+      };
+
+      services.xserver.enable = lib.mkDefault false;
+
+      system.stateVersion = "25.11";
+    };
+}