diff options
Diffstat (limited to '')
| -rw-r--r-- | system/impermanence/default.nix | 34 | ||||
| -rw-r--r-- | system/options/default.nix | 8 | ||||
| -rw-r--r-- | system/services/serverphone/default.nix | 65 |
3 files changed, 66 insertions, 41 deletions
diff --git a/system/impermanence/default.nix b/system/impermanence/default.nix index 8e6d81fb..adbdfce2 100644 --- a/system/impermanence/default.nix +++ b/system/impermanence/default.nix @@ -1,4 +1,9 @@ -{config, ...}: let +{ + config, + lib, + ... +}: let + cfg = config.soispha.impermanence; networkmanager = if config.networking.networkmanager.enable then [ @@ -23,16 +28,25 @@ ++ networkmanager ++ secureboot; in { - # needed for the hm impermanence config - programs.fuse.userAllowOther = true; + options.soispha.impermanence = { + enable = lib.mkOption { + type = lib.types.bool; + default = true; + description = lib.mdDoc "Disk setup with disko"; + }; + }; + config = lib.mkIf cfg.enable { + # needed for the hm impermanence config + programs.fuse.userAllowOther = true; - environment.persistence = { - "/srv" = { - hideMounts = true; - inherit directories; - files = [ - "/etc/machine-id" - ]; + environment.persistence = { + "/srv" = { + hideMounts = true; + inherit directories; + files = [ + "/etc/machine-id" + ]; + }; }; }; } diff --git a/system/options/default.nix b/system/options/default.nix index 13861199..72ebc4fb 100644 --- a/system/options/default.nix +++ b/system/options/default.nix @@ -14,5 +14,13 @@ in { description = lib.mdDoc "Which backlight to query for the screen brightness"; }; }; + secrets = { + #enable = lib.mkEnableOption "Secrets through agenix"; + enable = lib.mkOption { + type = lib.types.bool; + default = true; + description = lib.mdDoc "Enable secrets through agenix"; + }; + }; }; } diff --git a/system/services/serverphone/default.nix b/system/services/serverphone/default.nix index d07d3809..1684f92d 100644 --- a/system/services/serverphone/default.nix +++ b/system/services/serverphone/default.nix @@ -2,41 +2,44 @@ config, serverphone, system, + lib, ... }: { - services.serverphone = { - package = "${serverphone.packages.${system}.default}"; - enable = true; - domain = "localhost"; - configureDoas = true; - acceptedSshKeys = [ - "AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME" - ]; - authorized = { - acceptedGpgKeys = [ - { - source = ./keys/soispha_at_vhack.eu; - trust = "ultimate"; - } + config = lib.mkIf config.soispha.secrets.enable { + services.serverphone = { + package = "${serverphone.packages.${system}.default}"; + enable = true; + domain = "localhost"; + configureDoas = true; + acceptedSshKeys = [ + "AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME" ]; + authorized = { + acceptedGpgKeys = [ + { + source = ./keys/soispha_at_vhack.eu; + trust = "ultimate"; + } + ]; + }; + caCertificate = "${./certificates/ca.crt}"; + certificate = "${./certificates/server.crt}"; + privateKey = config.age.secrets.serverphoneServer.path; + certificateRequest = { + acceptedUsers = [ + "soispha $argon2id$v=19$m=19456,t=2,p=1$EvhPENIBqL5b1RO5waNMWA$pJ8vDrCNJKDlqwB5bVDLjHVPEXm9McQhtt9OXSD8Zkc" + ]; + caPrivateKey = config.age.secrets.serverphoneCa.path; + }; }; - caCertificate = "${./certificates/ca.crt}"; - certificate = "${./certificates/server.crt}"; - privateKey = config.age.secrets.serverphoneServer.path; - certificateRequest = { - acceptedUsers = [ - "soispha $argon2id$v=19$m=19456,t=2,p=1$EvhPENIBqL5b1RO5waNMWA$pJ8vDrCNJKDlqwB5bVDLjHVPEXm9McQhtt9OXSD8Zkc" - ]; - caPrivateKey = config.age.secrets.serverphoneCa.path; - }; - }; - users.users.serverphone = { - group = "serverphone"; - isSystemUser = true; - home = "/run/serverphone"; - }; - users.groups.serverphone = { - members = ["serverphone"]; + users.users.serverphone = { + group = "serverphone"; + isSystemUser = true; + home = "/run/serverphone"; + }; + users.groups.serverphone = { + members = ["serverphone"]; + }; }; } |