From beb1c384ecea122026e09a822dd0c51cf22a9767 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Wed, 31 Jan 2024 22:11:28 +0100 Subject: [PATCH] remove dataHost option improve certificate directory structure --- nixos/default.nix | 2 +- nixos/{lab.nix => globals.nix} | 0 .../atlas/host_ed25519.crt} | 0 .../atlas/user_ed25519.crt} | 0 .../jefke/host_ed25519.crt} | 0 .../jefke/user_ed25519.crt} | 0 .../lewis/host_ed25519.crt} | 0 .../lewis/user_ed25519.crt} | 0 nixos/machines/default.nix | 47 ++++++++++--------- nixos/modules/default.nix | 21 --------- 10 files changed, 25 insertions(+), 45 deletions(-) rename nixos/{lab.nix => globals.nix} (100%) rename nixos/machines/{atlas_host_ed25519-cert.pub => certificates/atlas/host_ed25519.crt} (100%) rename nixos/machines/{atlas_user_ed25519-cert.pub => certificates/atlas/user_ed25519.crt} (100%) rename nixos/machines/{jefke_host_ed25519-cert.pub => certificates/jefke/host_ed25519.crt} (100%) rename nixos/machines/{jefke_user_ed25519-cert.pub => certificates/jefke/user_ed25519.crt} (100%) rename nixos/machines/{lewis_host_ed25519-cert.pub => certificates/lewis/host_ed25519.crt} (100%) rename nixos/machines/{lewis_user_ed25519-cert.pub => certificates/lewis/user_ed25519.crt} (100%) diff --git a/nixos/default.nix b/nixos/default.nix index 9574fe1..0cfb581 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -1,7 +1,7 @@ { pkgs, lib, machine, disko, agenix, ... }: { imports = [ ./modules - ./lab.nix + ./globals.nix machine.nixosModule disko.nixosModules.disko agenix.nixosModules.default diff --git a/nixos/lab.nix b/nixos/globals.nix similarity index 100% rename from nixos/lab.nix rename to nixos/globals.nix diff --git a/nixos/machines/atlas_host_ed25519-cert.pub b/nixos/machines/certificates/atlas/host_ed25519.crt similarity index 100% rename from nixos/machines/atlas_host_ed25519-cert.pub rename to nixos/machines/certificates/atlas/host_ed25519.crt diff --git a/nixos/machines/atlas_user_ed25519-cert.pub b/nixos/machines/certificates/atlas/user_ed25519.crt similarity index 100% rename from nixos/machines/atlas_user_ed25519-cert.pub rename to nixos/machines/certificates/atlas/user_ed25519.crt diff --git a/nixos/machines/jefke_host_ed25519-cert.pub b/nixos/machines/certificates/jefke/host_ed25519.crt similarity index 100% rename from nixos/machines/jefke_host_ed25519-cert.pub rename to nixos/machines/certificates/jefke/host_ed25519.crt diff --git a/nixos/machines/jefke_user_ed25519-cert.pub b/nixos/machines/certificates/jefke/user_ed25519.crt similarity index 100% rename from nixos/machines/jefke_user_ed25519-cert.pub rename to nixos/machines/certificates/jefke/user_ed25519.crt diff --git a/nixos/machines/lewis_host_ed25519-cert.pub b/nixos/machines/certificates/lewis/host_ed25519.crt similarity index 100% rename from nixos/machines/lewis_host_ed25519-cert.pub rename to nixos/machines/certificates/lewis/host_ed25519.crt diff --git a/nixos/machines/lewis_user_ed25519-cert.pub b/nixos/machines/certificates/lewis/user_ed25519.crt similarity index 100% rename from nixos/machines/lewis_user_ed25519-cert.pub rename to nixos/machines/certificates/lewis/user_ed25519.crt diff --git a/nixos/machines/default.nix b/nixos/machines/default.nix index 9094656..9d3f958 100644 --- a/nixos/machines/default.nix +++ b/nixos/machines/default.nix @@ -1,4 +1,21 @@ { + atlas = { + type = "physical"; + + nixosModule.lab = { + storage = { + osDisk = "/dev/sda"; + dataPartition = "/dev/nvme0n1p1"; + }; + + ssh = { + useCertificates = true; + hostCert = builtins.readFile ./certificates/atlas/host_ed25519.crt; + userCert = builtins.readFile ./certificates/atlas/user_ed25519.crt; + }; + }; + }; + jefke = { type = "physical"; @@ -13,36 +30,20 @@ ssh = { useCertificates = true; - # TODO: automatically set this? - hostCert = builtins.readFile ./jefke_host_ed25519-cert.pub; - userCert = builtins.readFile ./jefke_user_ed25519-cert.pub; + hostCert = builtins.readFile ./certificates/jefke/host_ed25519.crt; + userCert = builtins.readFile ./certificates/jefke/user_ed25519.crt; }; }; }; }; - atlas = { - type = "physical"; - - nixosModule.lab = { - storage = { - osDisk = "/dev/sda"; - dataPartition = "/dev/nvme0n1p1"; - }; - - ssh = { - useCertificates = true; - hostCert = builtins.readFile ./atlas_host_ed25519-cert.pub; - userCert = builtins.readFile ./atlas_user_ed25519-cert.pub; - }; - }; - }; - lewis = { type = "physical"; nixosModule.lab = { - dataHost.enable = true; + backups.enable = true; + data-sharing.enable = true; + networking.dmz.allowConnectivity = true; storage = { osDisk = "/dev/sda"; @@ -51,8 +52,8 @@ ssh = { useCertificates = true; - hostCert = builtins.readFile ./lewis_host_ed25519-cert.pub; - userCert = builtins.readFile ./lewis_user_ed25519-cert.pub; + hostCert = builtins.readFile ./certificates/lewis/host_ed25519.crt; + userCert = builtins.readFile ./certificates/lewis/user_ed25519.crt; }; }; }; diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index fcc11ea..a4ac397 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,7 +1,3 @@ -{ lib, config, ... }: - -let cfg = config.lab; -in { imports = [ ./storage.nix @@ -13,21 +9,4 @@ in ./data-sharing.nix ./globals.nix ]; - - # TODO: remove this option; make this explicit on the host. - options.lab.dataHost.enable = lib.mkOption { - default = false; - type = lib.types.bool; - description = '' - Whether this machine holds application data. - This enables NFS and PostgreSQL to serve this data, and sets up backups. - Also enables networking on the DMZ to enable serving data. - ''; - }; - - config.lab = lib.mkIf cfg.dataHost.enable { - backups.enable = true; - data-sharing.enable = true; - networking.dmz.allowConnectivity = true; - }; }