final changes for tonight

flake.nix

@@ -71,9 +71,10 @@
       pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ];
     in
     {
-      # Make the config and deploy sets
+      # Make the nixosConfigurations, mostly for vault-secrets
       nixosConfigurations = lib.foldr (el: acc: acc // mkConfig el) { } nixHosts;
 
+      # Make the coleman configuration
       colmena = lib.foldr (el: acc: acc // mkColmenaHost el)
         {
           meta = {
@@ -104,8 +105,8 @@
           nixfmt
           nixUnstable
           vault
-          # (vault-push-approle-envs self)
+          (vault-push-approle-envs self)
-          # (vault-push-approle-approles self)
+          (vault-push-approle-approles self)
         ];
       };
     };

nixos/common/default.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, inputs, ... }:
+{ config, lib, pkgs, inputs, ... }:
 
 {
   imports = [
@@ -32,11 +32,7 @@
         "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
         "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
       ];
-    };
+    # Also use zsh for root;
-    gc = {
-      dates = "weekly";
-      automatic = true;
-      randomizedDelaySec = "45min";
     };
     optimise = {
       automatic = true;
@@ -63,8 +59,7 @@
     permitRootLogin = "no";
   };
 
-  # TODO: Location dependent
+  vault-secrets = lib.mkIf (config.networking.domain == "olympus") {
-  vault-secrets = {
     vaultPrefix = "secrets/nixos";
     vaultAddress = "http://vault.olympus:8200/";
     approlePrefix = "olympus-${config.networking.hostName}";

nixos/common/users/default.nix

@@ -54,7 +54,7 @@
   # Configure the root account
   users.extraUsers.root = {
     # Allow my SSH keys for logging in as root.
-    openssh.authorizedKeys.keys = config.users.users.victor.openssh.authorizedKeys.keys;
+    openssh.authorizedKeys.keys = config.users.extraUsers.victor.openssh.authorizedKeys.keys;
     # Also use zsh for root
     shell = pkgs.zsh;
   };

nixos/hosts/default.nix

@@ -1,4 +1,4 @@
 {
+  hades = import ./hades;
   olympus = import ./olympus;
-  hades = [];
 }

nixos/hosts/hades/default.nix

@@ -0,0 +1 @@
+[]

nixos/hosts/olympus/_template/configuration.nix

@@ -7,8 +7,6 @@
 {
   imports = [ ];
 
-  networking.hostName = "template";
-
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave

nixos/hosts/olympus/dhcp/configuration.nix

@@ -5,7 +5,8 @@ let
     hostName = hostname;
     ipAddress = ip;
   };
-  hosts' = hosts.olympus;
+  localDomain = config.networking.domain;
+  hosts' = hosts.${localDomain};
 in {
   imports = [ ];
 
@@ -41,8 +42,8 @@ in {
       option broadcast-address 10.42.43.255;
       option routers 10.42.42.1;
       option domain-name-servers 10.42.42.15, 10.42.42.16;
-      option domain-name "olympus";
+      option domain-name "${localDomain}";
-      option domain-search "olympus";
+      option domain-search "${localDomain}";
       subnet 10.42.42.0 netmask 255.255.254.0 {
         range 10.42.43.1 10.42.43.254;
       }