re-organize configuration

This commit is contained in:
Antoine Martin 2021-02-14 13:42:43 +01:00
parent e2456d8019
commit 93f392f37e
12 changed files with 54 additions and 24 deletions

2
.gitattributes vendored
View file

@ -1 +1 @@
secrets/** filter=git-crypt diff=git-crypt secrets/*.secret filter=git-crypt diff=git-crypt

View file

@ -1,11 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let
secrets = config.my.secrets;
in
{ {
users.mutableUsers = false; users.mutableUsers = false;
users.users.root = { users.users.root = {
hashedPassword = lib.fileContents ../secrets/shadow-hashed-password-root; hashedPassword = secrets.shadow-hashed-password-root;
}; };
users.users.alarsyo = { users.users.alarsyo = {
hashedPassword = lib.fileContents ../secrets/shadow-hashed-password-alarsyo; hashedPassword = secrets.shadow-hashed-password-alarsyo;
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user. extraGroups = [ "wheel" ]; # Enable sudo for the user.
shell = pkgs.fish; shell = pkgs.fish;

View file

@ -9,7 +9,7 @@
system = "x86_64-linux"; system = "x86_64-linux";
modules = modules =
[ [
./configuration.nix ./poseidon.nix
]; ];
}; };
}; };

View file

@ -3,16 +3,13 @@
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let
secrets = config.my.secrets;
in
{ {
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./services
# Default configuration
./base
]; ];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
@ -80,7 +77,7 @@
borg-backup = { borg-backup = {
enable = true; enable = true;
repo = lib.fileContents ./secrets/borg-backup-repo; repo = secrets.borg-backup-repo;
}; };
gitea = { gitea = {
@ -90,15 +87,13 @@
miniflux = { miniflux = {
enable = true; enable = true;
adminCredentialsFile = "${./secrets/miniflux-admin-credentials}"; adminCredentialsFile = "${../../secrets/miniflux-admin-credentials.secret}";
privatePort = 8080; privatePort = 8080;
}; };
matrix = { matrix = {
enable = true; enable = true;
registration_shared_secret = ( registration_shared_secret = secrets.matrix-registration-shared-secret;
lib.fileContents ./secrets/matrix-registration-shared-secret
);
}; };
monitoring = { monitoring = {
@ -120,17 +115,10 @@
services.openssh.permitRootLogin = "no"; services.openssh.permitRootLogin = "no";
services.openssh.passwordAuthentication = false; services.openssh.passwordAuthentication = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09"; # Did you read the comment?
boot.supportedFilesystems = [ "btrfs" ]; boot.supportedFilesystems = [ "btrfs" ];
nixpkgs.overlays = import ./overlays; nixpkgs.overlays = import ../../overlays;
nix = { nix = {
package = pkgs.nixUnstable; package = pkgs.nixUnstable;
@ -152,4 +140,3 @@
}; };
}; };
} }

25
poseidon.nix Normal file
View file

@ -0,0 +1,25 @@
{ ... }:
{
imports = [
# Default configuration
./base
# Service definitions
./services
# Configuration secrets
./secrets
# Host-specific config
./hosts/poseidon
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09"; # Did you read the comment?
}

15
secrets/default.nix Normal file
View file

@ -0,0 +1,15 @@
{ lib, config, ... }:
with lib;
{
options.my.secrets = mkOption {
type = types.attrs;
};
config.my.secrets = {
matrix-registration-shared-secret = lib.fileContents ./matrix-registration-shared-secret.secret;
shadow-hashed-password-alarsyo = lib.fileContents ./shadow-hashed-password-alarsyo.secret;
shadow-hashed-password-root = lib.fileContents ./shadow-hashed-password-root.secret;
miniflux-admin-credentials = lib.fileContents ./miniflux-admin-credentials.secret;
borg-backup-repo = lib.fileContents ./borg-backup-repo.secret;
};
}