{ config, latestModulesPath, lib, inputs, pkgs, profiles, self, ... }: let psCfg = config.pub-solar; in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ./triton-vmtools.nix ./caddy.nix ./drone.nix ./keycloak.nix ./gitea.nix profiles.base-user profiles.users.root # make sure to configure ssh keys profiles.users.barkeeper "${latestModulesPath}/services/web-apps/keycloak.nix" "${latestModulesPath}/services/misc/gitea.nix" ]; disabledModules = [ "services/web-apps/keycloak.nix" "services/misc/gitea.nix" ]; config = { # # # # # # pub.solar options # # # pub-solar.core = { disk-encryption-active = false; iso-options.enable = true; lite = true; }; # Allow sudo without a password for the barkeeper user security.sudo.extraRules = [ { users = ["${psCfg.user.name}"]; commands = [ { command = "ALL"; options = ["NOPASSWD"]; } ]; } ]; # Machine user for CI pipelines users.users.hakkonaut = { description = "CI and automation user"; home = "/var/nix/iso-cache"; useDefaultShell = true; uid = 998; group = "hakkonaut"; isSystemUser = true; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP5MvCwNRtCcP1pSDrn0XZTNlpOqYnjHDm9/OI4hECW hakkonaut@flora-6" ]; }; users.groups.hakkonaut = {}; # # # # # # Triton host specific options # # # DO NOT ALTER below this line, changes might render system unbootable # # # # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; # Force getting the hostname from cloud-init networking.hostName = lib.mkDefault ""; # Set your time zone. time.timeZone = "Europe/Berlin"; # Select internationalisation properties. console = { font = "Lat2-Terminus16"; keyMap = "us"; }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ git vim wget ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; # }; # List services that you want to enable: services.cloud-init.enable = true; services.cloud-init.ext4.enable = true; services.cloud-init.network.enable = true; # use the default NixOS cloud-init config, but add some SmartOS customization to it environment.etc."cloud/cloud.cfg.d/90_smartos.cfg".text = '' datasource_list: [ SmartOS ] # Do not create the centos/ubuntu/debian user users: [ ] # mount second disk with label ephemeral0, gets formated by cloud-init # this will fail to get added to /etc/fstab as it's read-only, but should # mount at boot anyway mounts: - [ vdb, /data, auto, "defaults,nofail" ] ''; # Enable the OpenSSH daemon. services.openssh = { enable = true; passwordAuthentication = false; permitRootLogin = "no"; }; # We manage the firewall with nix, too # altough triton can also manage firewall rules via the triton fwrule subcommand networking.firewall.enable = true; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.05"; # Did you read the comment? }; }