nixos-config/machines/sdev/config.nix
makefu 1e2e2bdd35
clan: add secrets
grep -- '- &' .sops.yaml  | cut -d'&' -f2 | grep _host | sed 's/_host//' | xargs -n2 clan secrets machines add
for i in secrets/*.yaml; do host=$(basename $i .yaml); clan secrets import-sops $i --machine $host --user makefu --prefix ${host}-;done
for i in secrets/*.yaml; do host=$(basename $i .yaml) ;clan secrets groups add-machine common "$host";done
2023-10-01 22:58:15 +02:00

55 lines
1.3 KiB
Nix

{ lib, config, pkgs, ... }:
{
krebs.build.host = config.krebs.hosts.sdev;
makefu.awesome.modkey = "Mod1";
imports =
[ # Include the results of the hardware scan.
<stockholm/makefu>
<stockholm/makefu/2configs/home-manager>
# <stockholm/makefu/2configs/hw/vbox-guest.nix> # broken since 2019-04-18
{ # until virtualbox-image is fixed
imports = [
<stockholm/makefu/2configs/fs/single-partition-ext4.nix>
];
boot.loader.grub.device = lib.mkForce "/dev/sda";
}
<stockholm/makefu/2configs/main-laptop.nix>
# <secrets/extra-hosts.nix>
# environment
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
];
# allow sdev to deploy self
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
};
};
# corefonts
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs;[
ppp xclip
get
passwdqc-utils
gnupg
populate
# 20.09: torbrowser is broken
#(pkgs.writeScriptBin "tor-browser" ''
# #! /bin/sh
# TOR_SKIP_LAUNCH=1 ${torbrowser}/bin/tor-browser
#'')
];
networking.firewall.allowedTCPPorts = [
25
80
8010
];
}