Olivier
2a911b057b
- Introduced a new `navi` module for managing deployments across multiple hosts. - Enhanced SSH inventory management to support public key application for authorized hosts. - Configured system deployment builder for seamless integration with Navi. - Updated various host configurations to enable deployment capabilities and streamline SSH access.
101 lines
2.6 KiB
Nix
101 lines
2.6 KiB
Nix
{ self, inputs, ... }: {
|
|
flake.nixosModules.nix-serverConfiguration =
|
|
{
|
|
self,
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
inputs.ddrm.nixosModules.default
|
|
self.nixosModules.systemDeployBuilder
|
|
self.nixosModules.nix-serverHardware
|
|
inputs.sops-nix.nixosModules.sops
|
|
self.nixosModules.system
|
|
self.nixosModules.users
|
|
./_services/attic-cache-server.nix
|
|
./_services/portainer.nix
|
|
./_services/organizr.nix
|
|
./_services/swiftshare.nix
|
|
./_services/personal-website.nix
|
|
./_services/immich.nix
|
|
./_services/jellyfin.nix
|
|
./_services/nixdesk-nfs-client.nix
|
|
./_services/ddrm-media-server.nix
|
|
./_services/sonarr.nix
|
|
./_services/prowlarr.nix
|
|
./_services/flaresolverr.nix
|
|
./_services/radarr.nix
|
|
./_services/qbittorrent.nix
|
|
./_services/seerr.nix
|
|
./_services/dispatcharr.nix
|
|
./_services/gitea.nix
|
|
./_services/cloudflare-dyndns.nix
|
|
];
|
|
|
|
boot.loader.grub = {
|
|
enable = true;
|
|
efiSupport = false;
|
|
device = "/dev/sda";
|
|
};
|
|
|
|
services.qemuGuest.enable = true;
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PasswordAuthentication = true;
|
|
KbdInteractiveAuthentication = false;
|
|
PermitRootLogin = "no";
|
|
UseDns = false;
|
|
};
|
|
};
|
|
|
|
sops = {
|
|
defaultSopsFile = ../../../secrets/secrets.yaml;
|
|
defaultSopsFormat = "yaml";
|
|
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
};
|
|
|
|
sops.secrets."users/server/hashedPassword".neededForUsers = true;
|
|
|
|
security.sudo.wheelNeedsPassword = true;
|
|
|
|
nix.settings = {
|
|
experimental-features = [ "nix-command" "flakes" ];
|
|
trusted-users = [ "root" "@wheel" ];
|
|
allowed-users = [ "root" "@wheel" ];
|
|
};
|
|
|
|
chiasson.system = {
|
|
networking = {
|
|
hostName = "nix-server";
|
|
networkManager.enable = true;
|
|
};
|
|
|
|
caching.attic = {
|
|
enable = true;
|
|
cacheName = "nixos-new";
|
|
endpoint = "http://127.0.0.1:8080";
|
|
publicKey = "nixos-new:8NySIcT0HP7KvGQKgBRWoWESxxRA8BVYo8S85UNpNX0=";
|
|
};
|
|
extraPackages = with pkgs; [ btop ];
|
|
};
|
|
|
|
chiasson.system.deploy.builder.enable = true;
|
|
|
|
chiasson.users = {
|
|
enabled = [ "server" ];
|
|
hostOverrides.server = {
|
|
hashedPasswordFile = config.sops.secrets."users/server/hashedPassword".path;
|
|
};
|
|
};
|
|
|
|
services.xserver.enable = lib.mkDefault false;
|
|
|
|
system.stateVersion = "25.11";
|
|
};
|
|
}
|