diff --git a/flake.nix b/flake.nix index a2f0d1f..90a08b1 100644 --- a/flake.nix +++ b/flake.nix @@ -71,9 +71,10 @@ pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ]; in { - # Make the config and deploy sets + # Make the nixosConfigurations, mostly for vault-secrets nixosConfigurations = lib.foldr (el: acc: acc // mkConfig el) { } nixHosts; + # Make the coleman configuration colmena = lib.foldr (el: acc: acc // mkColmenaHost el) { meta = { @@ -104,8 +105,8 @@ nixfmt nixUnstable vault - # (vault-push-approle-envs self) - # (vault-push-approle-approles self) + (vault-push-approle-envs self) + (vault-push-approle-approles self) ]; }; }; diff --git a/nixos/common/default.nix b/nixos/common/default.nix index bc1478b..215ad9b 100644 --- a/nixos/common/default.nix +++ b/nixos/common/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, inputs, ... }: +{ config, lib, pkgs, inputs, ... }: { imports = [ @@ -32,11 +32,7 @@ "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE=" "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg=" ]; - }; - gc = { - dates = "weekly"; - automatic = true; - randomizedDelaySec = "45min"; + # Also use zsh for root; }; optimise = { automatic = true; @@ -63,8 +59,7 @@ permitRootLogin = "no"; }; - # TODO: Location dependent - vault-secrets = { + vault-secrets = lib.mkIf (config.networking.domain == "olympus") { vaultPrefix = "secrets/nixos"; vaultAddress = "http://vault.olympus:8200/"; approlePrefix = "olympus-${config.networking.hostName}"; diff --git a/nixos/common/users/default.nix b/nixos/common/users/default.nix index 5cb68df..3036bae 100644 --- a/nixos/common/users/default.nix +++ b/nixos/common/users/default.nix @@ -54,7 +54,7 @@ # Configure the root account users.extraUsers.root = { # Allow my SSH keys for logging in as root. - openssh.authorizedKeys.keys = config.users.users.victor.openssh.authorizedKeys.keys; + openssh.authorizedKeys.keys = config.users.extraUsers.victor.openssh.authorizedKeys.keys; # Also use zsh for root shell = pkgs.zsh; }; diff --git a/nixos/hosts/default.nix b/nixos/hosts/default.nix index b325b5b..a09236d 100644 --- a/nixos/hosts/default.nix +++ b/nixos/hosts/default.nix @@ -1,4 +1,4 @@ { + hades = import ./hades; olympus = import ./olympus; - hades = []; } diff --git a/nixos/hosts/hades/default.nix b/nixos/hosts/hades/default.nix new file mode 100644 index 0000000..fe51488 --- /dev/null +++ b/nixos/hosts/hades/default.nix @@ -0,0 +1 @@ +[] diff --git a/nixos/hosts/olympus/_template/configuration.nix b/nixos/hosts/olympus/_template/configuration.nix index b33d3f0..e660f64 100644 --- a/nixos/hosts/olympus/_template/configuration.nix +++ b/nixos/hosts/olympus/_template/configuration.nix @@ -7,8 +7,6 @@ { imports = [ ]; - networking.hostName = "template"; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/nixos/hosts/olympus/dhcp/configuration.nix b/nixos/hosts/olympus/dhcp/configuration.nix index 9c7db31..afd5cf9 100644 --- a/nixos/hosts/olympus/dhcp/configuration.nix +++ b/nixos/hosts/olympus/dhcp/configuration.nix @@ -5,7 +5,8 @@ let hostName = hostname; ipAddress = ip; }; - hosts' = hosts.olympus; + localDomain = config.networking.domain; + hosts' = hosts.${localDomain}; in { imports = [ ]; @@ -41,8 +42,8 @@ in { option broadcast-address 10.42.43.255; option routers 10.42.42.1; option domain-name-servers 10.42.42.15, 10.42.42.16; - option domain-name "olympus"; - option domain-search "olympus"; + option domain-name "${localDomain}"; + option domain-search "${localDomain}"; subnet 10.42.42.0 netmask 255.255.254.0 { range 10.42.43.1 10.42.43.254; }