diff --git a/flake.nix b/flake.nix index 8a8d7ba..0001c31 100644 --- a/flake.nix +++ b/flake.nix @@ -17,10 +17,12 @@ mkSystem = { host, lxc ? true }: nixpkgs.lib.nixosSystem { inherit system; - modules = [ ./nixos/hosts/${host}/configuration.nix ./nixos/common.nix ] ++ (if lxc then - [ "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix" ] - else - [ ]); + modules = [ ./nixos/hosts/${host}/configuration.nix ./nixos/common ] + ++ (if lxc then [ + "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix" + ./nixos/common/generic-lxc.nix + ] else + [ ./nixos/common/generic-vm.nix ]); specialArgs.inputs = inputs; }; mkDeploy = hostname: profile: { @@ -33,8 +35,14 @@ }; in { # VMs - nixosConfigurations.bastion = mkSystem { host = "bastion"; lxc = false; }; - nixosConfigurations.k3s = mkSystem { host = "k3s"; lxc = false; }; + nixosConfigurations.bastion = mkSystem { + host = "bastion"; + lxc = false; + }; + nixosConfigurations.k3s = mkSystem { + host = "k3s"; + lxc = false; + }; # LXCs nixosConfigurations.vault = mkSystem { host = "vault"; }; diff --git a/nixos/common.nix b/nixos/common.nix deleted file mode 100644 index 6612aa3..0000000 --- a/nixos/common.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, inputs, ... }: -{ - imports = [ - inputs.vault-secrets.nixosModules.vault-secrets - ]; - - vault-secrets = { - vaultPrefix = "nixos/${config.networking.hostName}"; - vaultAddress = "http://10.42.42.6:8200/"; - approlePrefix = "olympus-${config.networking.hostName}"; - }; -} diff --git a/nixos/common/default.nix b/nixos/common/default.nix index eddc08e..c772366 100644 --- a/nixos/common/default.nix +++ b/nixos/common/default.nix @@ -1,7 +1,8 @@ -{ pkgs, ... }: +{ config, inputs, pkgs, ... }: { imports = [ + inputs.vault-secrets.nixosModules.vault-secrets # User account definitions ./users ./services @@ -38,4 +39,13 @@ SystemMaxUse=100M MaxFileSec=7day ''; + + # Enable SSH daemon support. + services.openssh.enable = true; + + vault-secrets = { + vaultPrefix = "nixos/${config.networking.hostName}"; + vaultAddress = "http://10.42.42.6:8200/"; + approlePrefix = "olympus-${config.networking.hostName}"; + }; } diff --git a/nixos/common/generic-lxc.nix b/nixos/common/generic-lxc.nix index 1bf6c58..a28b708 100644 --- a/nixos/common/generic-lxc.nix +++ b/nixos/common/generic-lxc.nix @@ -3,7 +3,4 @@ # Supress systemd services that don't work (correctly) on LXC systemd.suppressedSystemUnits = [ "dev-mqueue.mount" "sys-kernel-debug.mount" "sys-fs-fuse-connections.mount" ]; - - # Enable SSH daemon support. - services.openssh.enable = true; } diff --git a/nixos/common/generic-vm.nix b/nixos/common/generic-vm.nix index de73208..66aba48 100644 --- a/nixos/common/generic-vm.nix +++ b/nixos/common/generic-vm.nix @@ -5,10 +5,6 @@ networking.useDHCP = false; networking.interfaces.ens18.useDHCP = lib.mkDefault true; - # Enable the OpenSSH daemon. - services.openssh.enable = true; - services.openssh.permitRootLogin = lib.mkDefault "yes"; - # Enable qemu guest agent services.qemuGuest.enable = true; } diff --git a/nixos/hosts/bastion/configuration.nix b/nixos/hosts/bastion/configuration.nix index 833e921..7b5cc72 100644 --- a/nixos/hosts/bastion/configuration.nix +++ b/nixos/hosts/bastion/configuration.nix @@ -17,9 +17,6 @@ in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - # Import common config - ../../common/generic-vm.nix - ../../common ]; # Use the GRUB 2 boot loader. diff --git a/nixos/hosts/consul/configuration.nix b/nixos/hosts/consul/configuration.nix index 28e3e5d..949dfb7 100644 --- a/nixos/hosts/consul/configuration.nix +++ b/nixos/hosts/consul/configuration.nix @@ -6,9 +6,6 @@ { imports = [ - # Import common config - ../../common/generic-lxc.nix - ../../common ]; networking.hostName = "consul"; diff --git a/nixos/hosts/k3s/configuration.nix b/nixos/hosts/k3s/configuration.nix index 7de2f51..4dceed6 100644 --- a/nixos/hosts/k3s/configuration.nix +++ b/nixos/hosts/k3s/configuration.nix @@ -2,9 +2,6 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - # Import common config - ../../common/generic-vm.nix - ../../common ]; # Use the GRUB 2 boot loader. diff --git a/nixos/hosts/mosquitto/configuration.nix b/nixos/hosts/mosquitto/configuration.nix index e72b935..29b1924 100644 --- a/nixos/hosts/mosquitto/configuration.nix +++ b/nixos/hosts/mosquitto/configuration.nix @@ -6,9 +6,6 @@ let mosquittoPort = 1883; in { imports = [ - # Import common config - ../../common/generic-lxc.nix - ../../common ]; networking.hostName = "mosquitto"; diff --git a/nixos/hosts/nginx/configuration.nix b/nixos/hosts/nginx/configuration.nix index 60fa8f9..c28bc31 100644 --- a/nixos/hosts/nginx/configuration.nix +++ b/nixos/hosts/nginx/configuration.nix @@ -14,9 +14,6 @@ let }; in { imports = [ - # Import common config - ../../common/generic-lxc.nix - ../../common ]; networking.hostName = "nginx"; diff --git a/nixos/hosts/vault/configuration.nix b/nixos/hosts/vault/configuration.nix index 7373578..533f8b9 100644 --- a/nixos/hosts/vault/configuration.nix +++ b/nixos/hosts/vault/configuration.nix @@ -6,9 +6,6 @@ { imports = [ - # Import common config - ../../common/generic-lxc.nix - ../../common ]; networking.hostName = "vault";