2023-06-28 14:17:17 +02:00
|
|
|
# SPDX-FileCopyrightText: 2022 Richard Brežák <richard@brezak.sk>
|
|
|
|
#
|
|
|
|
# SPDX-License-Identifier: LGPL-3.0-or-later
|
2024-03-02 22:05:30 +01:00
|
|
|
{
|
|
|
|
inputs,
|
|
|
|
lib',
|
|
|
|
config,
|
|
|
|
...
|
|
|
|
}: let
|
|
|
|
inherit
|
|
|
|
(lib')
|
2023-06-28 14:17:17 +02:00
|
|
|
flip
|
|
|
|
mapAttrs
|
|
|
|
singleton
|
2024-03-02 22:05:30 +01:00
|
|
|
mkForce
|
|
|
|
;
|
2023-06-28 14:17:17 +02:00
|
|
|
|
|
|
|
config' = config;
|
2024-03-02 22:05:30 +01:00
|
|
|
in {
|
2023-06-28 14:17:17 +02:00
|
|
|
flake.nixosConfigurations.altra = inputs.nixpkgs.lib.nixosSystem {
|
|
|
|
system = "aarch64-linux";
|
|
|
|
|
|
|
|
specialArgs = {
|
|
|
|
config' = config';
|
|
|
|
inputs' = inputs;
|
|
|
|
secret = lib'.loadSecrets inputs.secret;
|
|
|
|
};
|
|
|
|
|
2024-03-02 22:05:30 +01:00
|
|
|
modules =
|
|
|
|
singleton
|
|
|
|
({
|
|
|
|
pkgs,
|
|
|
|
config,
|
|
|
|
...
|
|
|
|
}: {
|
|
|
|
imports = [
|
|
|
|
# ./consul.nix
|
|
|
|
# ./nomad.nix
|
|
|
|
# ./vault-agent.nix
|
|
|
|
# ./u2t.nix
|
|
|
|
./grub.nix
|
|
|
|
./networking.nix
|
|
|
|
./nixpkgs.nix
|
|
|
|
./hardware.nix
|
|
|
|
./filesystems.nix
|
|
|
|
./users.nix
|
|
|
|
./http-synapse-proxy.nix
|
|
|
|
../../common/remote_access.nix
|
2023-06-28 14:17:17 +02:00
|
|
|
|
2024-04-20 15:01:23 +02:00
|
|
|
inputs.self.nixosModules.acme-sh
|
2024-03-02 22:05:30 +01:00
|
|
|
config'.flake.nixosModules.hashicorp
|
|
|
|
inputs.disko.nixosModules.disko
|
|
|
|
];
|
2023-06-28 14:17:17 +02:00
|
|
|
|
2024-03-02 22:05:30 +01:00
|
|
|
environment.defaultPackages = mkForce [];
|
|
|
|
nix.settings.allowed-users = ["@wheel"];
|
|
|
|
security.sudo.execWheelOnly = true;
|
2023-06-28 14:17:17 +02:00
|
|
|
|
2024-03-02 22:05:30 +01:00
|
|
|
security.auditd.enable = true;
|
|
|
|
security.audit.enable = true;
|
|
|
|
security.audit.rules = [
|
|
|
|
"-a exit,always -F arch=b64 -S execve"
|
|
|
|
];
|
|
|
|
environment.etc."audit/auditd.conf".text = ''
|
|
|
|
write_logs = no
|
|
|
|
dispatcher = ${pkgs.audit}/bin/audispd
|
|
|
|
space_left = 1
|
|
|
|
'';
|
2023-06-28 14:17:17 +02:00
|
|
|
|
2024-03-02 22:05:30 +01:00
|
|
|
_module.args.nixinate = {
|
|
|
|
host = "altra.redalder.org";
|
|
|
|
sshUser = "main";
|
|
|
|
buildOn = "local";
|
|
|
|
substituteOnTarget = true;
|
|
|
|
hermetic = false;
|
|
|
|
nixOptions = [
|
|
|
|
"--override-input secret path://$HOME/dotfiles/secret"
|
2023-06-28 14:17:17 +02:00
|
|
|
];
|
2024-03-02 22:05:30 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
environment.systemPackages = [
|
|
|
|
pkgs.git
|
|
|
|
];
|
2023-06-28 14:17:17 +02:00
|
|
|
|
2024-03-02 22:05:30 +01:00
|
|
|
time.timeZone = "Europe/Amsterdam";
|
|
|
|
system.stateVersion = "23.05";
|
|
|
|
});
|
2023-06-28 14:17:17 +02:00
|
|
|
};
|
|
|
|
}
|