final changes for tonight

2022-07-30 23:35:52 +02:00 · 2022-07-30 23:35:52 +02:00 · ecfc36e017
parent 1e3192f865
commit ecfc36e017
7 changed files with 14 additions and 18 deletions
--- a/flake.nix
+++ b/flake.nix
@ -71,9 +71,10 @@
      pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ];
    in
    {
-      # Make the config and deploy sets
+      # Make the nixosConfigurations, mostly for vault-secrets
      nixosConfigurations = lib.foldr (el: acc: acc // mkConfig el) { } nixHosts;

+      # Make the coleman configuration
      colmena = lib.foldr (el: acc: acc // mkColmenaHost el)
        {
          meta = {
@ -104,8 +105,8 @@
          nixfmt
          nixUnstable
          vault
-          # (vault-push-approle-envs self)
-          # (vault-push-approle-approles self)
+          (vault-push-approle-envs self)
+          (vault-push-approle-approles self)
        ];
      };
    };
--- a/nixos/common/default.nix
+++ b/nixos/common/default.nix
@ -1,4 +1,4 @@
-{ config, pkgs, inputs, ... }:
+{ config, lib, pkgs, inputs, ... }:

 {
  imports = [
@ -32,11 +32,7 @@
        "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
        "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
      ];
-    };
-    gc = {
-      dates = "weekly";
-      automatic = true;
-      randomizedDelaySec = "45min";
+    # Also use zsh for root;
    };
    optimise = {
      automatic = true;
@ -63,8 +59,7 @@
    permitRootLogin = "no";
  };

-  # TODO: Location dependent
-  vault-secrets = {
+  vault-secrets = lib.mkIf (config.networking.domain == "olympus") {
    vaultPrefix = "secrets/nixos";
    vaultAddress = "http://vault.olympus:8200/";
    approlePrefix = "olympus-${config.networking.hostName}";
--- a/nixos/common/users/default.nix
+++ b/nixos/common/users/default.nix
@ -54,7 +54,7 @@
  # Configure the root account
  users.extraUsers.root = {
    # Allow my SSH keys for logging in as root.
-    openssh.authorizedKeys.keys = config.users.users.victor.openssh.authorizedKeys.keys;
+    openssh.authorizedKeys.keys = config.users.extraUsers.victor.openssh.authorizedKeys.keys;
    # Also use zsh for root
    shell = pkgs.zsh;
  };
--- a/nixos/hosts/default.nix
+++ b/nixos/hosts/default.nix
@ -1,4 +1,4 @@
 {
+  hades = import ./hades;
  olympus = import ./olympus;
-  hades = [];
 }
--- a/nixos/hosts/hades/default.nix
+++ b/nixos/hosts/hades/default.nix
@ -0,0 +1 @@
+[]
--- a/nixos/hosts/olympus/_template/configuration.nix
+++ b/nixos/hosts/olympus/_template/configuration.nix
@ -7,8 +7,6 @@
 {
  imports = [ ];

-  networking.hostName = "template";
-
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/nixos/hosts/olympus/dhcp/configuration.nix
+++ b/nixos/hosts/olympus/dhcp/configuration.nix
@ -5,7 +5,8 @@ let
    hostName = hostname;
    ipAddress = ip;
  };
-  hosts' = hosts.olympus;
+  localDomain = config.networking.domain;
+  hosts' = hosts.${localDomain};
 in {
  imports = [ ];

@ -41,8 +42,8 @@ in {
      option broadcast-address 10.42.43.255;
      option routers 10.42.42.1;
      option domain-name-servers 10.42.42.15, 10.42.42.16;
-      option domain-name "olympus";
-      option domain-search "olympus";
+      option domain-name "${localDomain}";
+      option domain-search "${localDomain}";
      subnet 10.42.42.0 netmask 255.255.254.0 {
        range 10.42.43.1 10.42.43.254;
      }