generation 491 25.11.20250714.62e0f05

2025-08-17 01:03:44 -04:00
parent 968b13f8ad
commit 5622a6dd4c
5 changed files with 104 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -53,6 +53,13 @@
      ];
    };
    nixosConfigurations.server = nixpkgs.lib.nixosSystem {
      modules = [
        baseModule
        ./hosts/thonkpad/configuration.nix
      ];
    };
    nixosConfigurations.rq = nixpkgs.lib.nixosSystem {
      modules = [
        baseModule
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -0,0 +1,77 @@
 {
  config,
  pkgs,
  lib,
  ...
 }: {
  imports = [
    ./hardware-configuration.nix
    ../../system/system.nix
    ./ssh.nix
  ];
  options = {
    res = lib.mkOption {
      type = lib.types.str;
      default = "1920x1080";
      description = "screen resolution";
    };
  };
  config = {
    networking.hostName = "server"; # Define your hostname.
    res = "2560x1440";
    home-manager = {
      useGlobalPkgs = true;
      useUserPackages = true;
      backupFileExtension = "backup";
      users.synchronous.imports = [../../home/home.nix];
    };
    # Bootloader.
    # boot.loader.grub.enable = true;
    # boot.loader.grub.device = "/dev/nvme0n1";
    # boot.loader.grub.useOSProber = true;
    # boot.loader.grub.version = 2;
    # services.logind.lidSwitchExternalPower = "ignore";
    boot.loader.systemd-boot.enable = true;
    boot.loader.efi.canTouchEfiVariables = true;
    boot.loader.grub.enable = false;
    age = {
      secrets = {
        zsh_remote = {
          file = ../../secrets/zsh_remote.age;
          owner = "synchronous";
          mode = "0400";
        };
        tailscale-rq = {
          file = ../../secrets/tailscale-rq.age;
          owner = "synchronous";
          mode = "0400";
        };
        ssh-pub = {
          file = ../../secrets/ssh-pub.age;
          owner = "synchronous";
          mode = "0400";
        };
      };
      secretsDir = "/home/synchronous/.agenix/agenix";
      secretsMountPoint = "/home/synchronous/.agenix/agenix.d";
      identityPaths = ["/home/synchronous/.ssh/id_ed25519"];
    };
    #boot = {
    #  loader.systemd-boot = {
    #    enable = true;
    #    editor = false;
    #  };
    #  kernelPackages = pkgs.linuxPackages;
    #};
    # boot.loader.systemd-boot.enable = true;
    # boot.loader.efi.canTouchEfiVariables = true;
    # boot.loader.grub.enable = false;
  };
 }
--- a/hosts/server/ssh.nix
+++ b/hosts/server/ssh.nix
@@ -0,0 +1,19 @@
 {
  config,
  pkgs,
  ...
 }: {
  services.openssh.enable = true;
  # Disable password login for security
  services.openssh.settings.PasswordAuthentication = false;
  services.openssh.settings.PermitRootLogin = "no";
  # Add your authorized key for a specific user
  users.users.yourusername = {
    isNormalUser = true;
    openssh.authorizedKeys.keys = [
      config.age.secrets.ssh-pub
    ];
  };
 }
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -4,4 +4,5 @@ let
 in {
  "zsh_remote.age".publicKeys = [key];
  "tailscale-rq.age".publicKeys = [key];
  "ssh-pub.age".publicKeys = [key];
 }
--- a/secrets/ssh-pub.age
+++ b/secrets/ssh-pub.age