generation 491 25.11.20250714.62e0f05

2025-08-17 01:03:44 -04:00
parent 968b13f8ad
commit 5622a6dd4c
5 changed files with 104 additions and 0 deletions
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -0,0 +1,77 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  imports = [
+    ./hardware-configuration.nix
+    ../../system/system.nix
+    ./ssh.nix
+  ];
+
+  options = {
+    res = lib.mkOption {
+      type = lib.types.str;
+      default = "1920x1080";
+      description = "screen resolution";
+    };
+  };
+
+  config = {
+    networking.hostName = "server"; # Define your hostname.
+    res = "2560x1440";
+
+    home-manager = {
+      useGlobalPkgs = true;
+      useUserPackages = true;
+      backupFileExtension = "backup";
+      users.synchronous.imports = [../../home/home.nix];
+    };
+
+    # Bootloader.
+    # boot.loader.grub.enable = true;
+    # boot.loader.grub.device = "/dev/nvme0n1";
+    # boot.loader.grub.useOSProber = true;
+    # boot.loader.grub.version = 2;
+    # services.logind.lidSwitchExternalPower = "ignore";
+
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.efi.canTouchEfiVariables = true;
+    boot.loader.grub.enable = false;
+
+    age = {
+      secrets = {
+        zsh_remote = {
+          file = ../../secrets/zsh_remote.age;
+          owner = "synchronous";
+          mode = "0400";
+        };
+        tailscale-rq = {
+          file = ../../secrets/tailscale-rq.age;
+          owner = "synchronous";
+          mode = "0400";
+        };
+        ssh-pub = {
+          file = ../../secrets/ssh-pub.age;
+          owner = "synchronous";
+          mode = "0400";
+        };
+      };
+      secretsDir = "/home/synchronous/.agenix/agenix";
+      secretsMountPoint = "/home/synchronous/.agenix/agenix.d";
+      identityPaths = ["/home/synchronous/.ssh/id_ed25519"];
+    };
+
+    #boot = {
+    #  loader.systemd-boot = {
+    #    enable = true;
+    #    editor = false;
+    #  };
+    #  kernelPackages = pkgs.linuxPackages;
+    #};
+    # boot.loader.systemd-boot.enable = true;
+    # boot.loader.efi.canTouchEfiVariables = true;
+    # boot.loader.grub.enable = false;
+  };
+}
--- a/hosts/server/ssh.nix
+++ b/hosts/server/ssh.nix
@@ -0,0 +1,19 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  services.openssh.enable = true;
+
+  # Disable password login for security
+  services.openssh.settings.PasswordAuthentication = false;
+  services.openssh.settings.PermitRootLogin = "no";
+
+  # Add your authorized key for a specific user
+  users.users.yourusername = {
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      config.age.secrets.ssh-pub
+    ];
+  };
+}