home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

remove dataHost option

Browse source 
improve certificate directory structure
This commit is contained in:
Pim Kunis 2024-01-31 22:11:28 +01:00
parent 929d20a7d6
commit beb1c384ec
10 changed files with 25 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/default.nix
View file

@ -1,7 +1,7 @@
{ pkgs, lib, machine, disko, agenix, ... }: {
imports = [
./modules
./lab.nix
./globals.nix
machine.nixosModule
disko.nixosModules.disko
agenix.nixosModules.default

0
nixos/lab.nix → nixos/globals.nix
View file

0
nixos/machines/atlas_host_ed25519-cert.pub → nixos/machines/certificates/atlas/host_ed25519.crt
View file

0
nixos/machines/atlas_user_ed25519-cert.pub → nixos/machines/certificates/atlas/user_ed25519.crt
View file

0
nixos/machines/jefke_host_ed25519-cert.pub → nixos/machines/certificates/jefke/host_ed25519.crt
View file

0
nixos/machines/jefke_user_ed25519-cert.pub → nixos/machines/certificates/jefke/user_ed25519.crt
View file

0
nixos/machines/lewis_host_ed25519-cert.pub → nixos/machines/certificates/lewis/host_ed25519.crt
View file

0
nixos/machines/lewis_user_ed25519-cert.pub → nixos/machines/certificates/lewis/user_ed25519.crt
View file

47
nixos/machines/default.nix
View file

@ -1,4 +1,21 @@
{
atlas = {
type = "physical";
nixosModule.lab = {
storage = {
osDisk = "/dev/sda";
dataPartition = "/dev/nvme0n1p1";
};
ssh = {
useCertificates = true;
hostCert = builtins.readFile ./certificates/atlas/host_ed25519.crt;
userCert = builtins.readFile ./certificates/atlas/user_ed25519.crt;
};
};
};
jefke = {
type = "physical";
@ -13,36 +30,20 @@
ssh = {
useCertificates = true;
# TODO: automatically set this?
hostCert = builtins.readFile ./jefke_host_ed25519-cert.pub;
userCert = builtins.readFile ./jefke_user_ed25519-cert.pub;
hostCert = builtins.readFile ./certificates/jefke/host_ed25519.crt;
userCert = builtins.readFile ./certificates/jefke/user_ed25519.crt;
};
};
};
};
atlas = {
type = "physical";
nixosModule.lab = {
storage = {
osDisk = "/dev/sda";
dataPartition = "/dev/nvme0n1p1";
};
ssh = {
useCertificates = true;
hostCert = builtins.readFile ./atlas_host_ed25519-cert.pub;
userCert = builtins.readFile ./atlas_user_ed25519-cert.pub;
};
};
};
lewis = {
type = "physical";
nixosModule.lab = {
dataHost.enable = true;
backups.enable = true;
data-sharing.enable = true;
networking.dmz.allowConnectivity = true;
storage = {
osDisk = "/dev/sda";
@ -51,8 +52,8 @@
ssh = {
useCertificates = true;
hostCert = builtins.readFile ./lewis_host_ed25519-cert.pub;
userCert = builtins.readFile ./lewis_user_ed25519-cert.pub;
hostCert = builtins.readFile ./certificates/lewis/host_ed25519.crt;
userCert = builtins.readFile ./certificates/lewis/user_ed25519.crt;
};
};
};

21
nixos/modules/default.nix
View file

@ -1,7 +1,3 @@
{ lib, config, ... }:
let cfg = config.lab;
in
{
imports = [
./storage.nix
@ -13,21 +9,4 @@ in
./data-sharing.nix
./globals.nix
];
# TODO: remove this option; make this explicit on the host.
options.lab.dataHost.enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Whether this machine holds application data.
This enables NFS and PostgreSQL to serve this data, and sets up backups.
Also enables networking on the DMZ to enable serving data.
'';
};
config.lab = lib.mkIf cfg.dataHost.enable {
backups.enable = true;
data-sharing.enable = true;
networking.dmz.allowConnectivity = true;
};
}