Commit 39e9b6c
Changed files (4)
modules
hosts
kevin
pardofelis
networking
users
hpcesia
modules/hosts/kevin/default.nix
@@ -54,7 +54,6 @@ in {
desktop
dev
game
- ssh-host-pardofelis
])
++ (
map
modules/hosts/pardofelis/networking/default.nix
@@ -1,4 +1,4 @@
-{lib, ...} @ topArgs: {
+{
flake.modules.nixos."hosts/pardofelis" = {config, ...}: let
iface = "eth0";
in {
@@ -56,25 +56,4 @@
vaultix.secrets.hosts-pardofelis-gateway.file = ./gateway.age;
vaultix.secrets.hosts-pardofelis-gateway6.file = ./gateway6.age;
};
-
- flake.modules.nixos.ssh-host-pardofelis = {config, ...}: {
- programs.ssh.extraConfig = ''
- Host pardofelis
- Port ${toString (lib.elemAt (topArgs.config.flake.meta.host.hosts.pardofelis.sshPorts) 0)}
- Include ${config.vaultix.templates."ssh-host-pardofelis".path}
- '';
-
- users.groups.nix-secrets-ssh-hosts = {};
-
- vaultix.templates.ssh-host-pardofelis = {
- content = ''
- HostName ${config.vaultix.placeholder.hosts-pardofelis-ipv4}
- '';
- owner = "root";
- group = "nix-secrets-ssh-hosts";
- mode = "0440";
- };
-
- vaultix.secrets.hosts-pardofelis-ipv4.file = ./ipv4.age;
- };
}
modules/hosts/pardofelis/networking/ssh.nix
@@ -0,0 +1,26 @@
+{
+ lib,
+ den,
+ ...
+}: {
+ den.aspects.pardofelis.provides.ssh = {user, ...}: {
+ nixos = {config, ...}: {
+ vaultix.templates.ssh-host-pardofelis = {
+ content = ''
+ HostName ${config.vaultix.placeholder.hosts-pardofelis-ipv4}
+ '';
+ owner = user.userName;
+ };
+
+ vaultix.secrets.hosts-pardofelis-ipv4.file = ./ipv4.age;
+ };
+
+ homeManager = {osConfig, ...}: {
+ programs.ssh.extraConfig = ''
+ Host pardofelis
+ Port ${toString (lib.elemAt den.hosts.x86_64-linux.pardofelis.sshPorts 0)}
+ Include ${osConfig.vaultix.templates."ssh-host-pardofelis".path}
+ '';
+ };
+ };
+}
modules/users/hpcesia/default.nix
@@ -9,6 +9,7 @@ in {
<den/primary-user>
];
+ # for all hosts that hpcesia has access to
den.aspects.hpcesia.provides.to-hosts.includes = [
({host, ...}: let
listHas = l: e: (lib.lists.findFirstIndex (x: x == e) null l) != null;
@@ -21,14 +22,17 @@ in {
})
];
+ # host specific configuration for kevin
+ den.aspects.hpcesia.provides.kevin.includes = [
+ <pardofelis/ssh>
+ ];
+
den.aspects.hpcesia.nixos = {config, ...}: {
users.users.hpcesia = {
description = "HPCesia";
hashedPasswordFile = config.vaultix.secrets.user-hpcesia-hashed-password.path;
extraGroups =
- [
- "nix-secrets-ssh-hosts"
- ]
+ []
++ (lib.optionals config.virtualisation.podman.enable ["podman"])
++ (lib.optionals config.virtualisation.docker.enable ["docker"])
++ (lib.optionals config.programs.gamemode.enable ["gamemode"]);
@@ -37,8 +41,6 @@ in {
];
};
- users.groups.nix-secrets-ssh-hosts = {};
-
vaultix.secrets.user-hpcesia-hashed-password.file = ./hashed-password.age;
};
}