# SPDX-FileCopyrightText: 2022 Richard Brežák # # SPDX-License-Identifier: LGPL-3.0-or-later { inputs, lib', config, ... }: let inherit (lib') flip mapAttrs singleton mkForce; config' = config; in { flake.nixosConfigurations.altra = inputs.nixpkgs.lib.nixosSystem { system = "aarch64-linux"; specialArgs = { config' = config'; inputs' = inputs; secret = lib'.loadSecrets inputs.secret; }; modules = singleton ({ pkgs, config, ... }: { imports = [ # ./consul.nix # ./nomad.nix # ./vault-agent.nix # ./u2t.nix ./grub.nix ./networking.nix ./nixpkgs.nix ./hardware.nix ./filesystems.nix ./users.nix ./http-synapse-proxy.nix ../../common/remote_access.nix inputs.serokell-nix.nixosModules.acme-sh config'.flake.nixosModules.hashicorp inputs.disko.nixosModules.disko ]; environment.defaultPackages = mkForce []; nix.settings.allowed-users = [ "@wheel" ]; security.sudo.execWheelOnly = true; security.auditd.enable = true; security.audit.enable = true; security.audit.rules = [ "-a exit,always -F arch=b64 -S execve" ]; environment.etc."audit/auditd.conf".text = '' write_logs = no dispatcher = ${pkgs.audit}/bin/audispd space_left = 1 ''; _module.args.nixinate = { host = "altra.redalder.org"; sshUser = "main"; buildOn = "local"; substituteOnTarget = true; hermetic = false; nixOptions = [ "--override-input secret path://$HOME/dotfiles/secret" ]; }; environment.systemPackages = [ pkgs.git ]; time.timeZone = "Europe/Amsterdam"; system.stateVersion = "23.05"; }); }; }