hd/cfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor + syncthing

Browse source
This commit is contained in:
Henri Dohmen 2025-12-20 23:37:05 +01:00
parent 0f3e917ba7
commit 20472f8d1b
Signed by: hd
GPG key ID: AB79213B044674AE
7 changed files with 43 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

2
common/users.nix
View file

@ -22,7 +22,7 @@
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
shell = pkgs.fish; shell = pkgs.fish;
packages = [ ]; packages = [ ];
openssh.authorizedKeys.keys = var.ssh-keys.hd; openssh.authorizedKeys.keys = var.ssh-keys.trusted;
hashedPasswordFile = config.age.secrets.hd-password.path; hashedPasswordFile = config.age.secrets.hd-password.path;
}; };
users.root = { users.root = {

1
host/roam/default.nix
View file

@ -13,6 +13,7 @@
./hardware-configuration.nix ./hardware-configuration.nix
./networking.nix ./networking.nix
./services.nix ./services.nix
./syncthing.nix
]; ];
boot = { boot = {

6
host/roam/syncthing.nix Normal file
View file

@ -0,0 +1,6 @@
{ ... }:
{
services.syncthing = {
enable = false; # TODO
};
}

20
var/default.nix
View file

@ -1,11 +1,13 @@
{ lib, ... }@inp: { lib, ... }@inputs:
let let
files = [ inputs' = inputs // {
"lan-dns" var = outputs;
"ssh-keys" };
"wg" # watch out for cycles
]; outputs = {
import_file = name: { ${name} = import ./${name}.nix (inp // { inherit var; }); }; "lan-dns" = import ./lan-dns.nix inputs';
var = lib.foldl' (a: b: a // b) { } (map import_file files); "ssh-keys" = import ./ssh-keys.nix inputs';
"wg" = import ./wg.nix inputs';
};
in in
var outputs

1
var/lan-dns.nix
View file

@ -1,3 +1,4 @@
# Wireguard peers hardcoded in /etc/hosts until I have a nice dns solution
{ lib, var, ... }: { lib, var, ... }:
let let
lan-hosts = lib.mapAttrs' (name: value: { lan-hosts = lib.mapAttrs' (name: value: {

14
var/ssh-keys.nix
View file

@ -1,9 +1,7 @@
{ lib, ... }: { lib, ... }:
let let
mkKeys = k: { by-host = k; } // builtins.mapAttrs (_: lib.attrValues) k; mkKeys = k: { by-host = k; } // builtins.mapAttrs (_: lib.attrValues) k;
in keys = {
mkKeys {
hd = { hd = {
"solo" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEG+dd4m98aKEWfFa/7VZUlJNX0axvIlHVihT8w7RLyY"; "solo" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEG+dd4m98aKEWfFa/7VZUlJNX0axvIlHVihT8w7RLyY";
"c2" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIsoj2+esEebRwDV2PuNRt9Vz28oolOy+Hc2THwrWTAB"; "c2" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIsoj2+esEebRwDV2PuNRt9Vz28oolOy+Hc2THwrWTAB";
@ -16,4 +14,14 @@ mkKeys {
"roam" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID++uLcQOx/to3sEo5Nk97CenGf0Y6/dMsBbLouVTgIQ"; "roam" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID++uLcQOx/to3sEo5Nk97CenGf0Y6/dMsBbLouVTgIQ";
"fw" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOjfPXDS3UvVGXzJYXU8TyP5q0WDzb0anx4Std40AT+j"; "fw" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOjfPXDS3UvVGXzJYXU8TyP5q0WDzb0anx4Std40AT+j";
}; };
};
keys' = mkKeys keys;
in
keys'
// {
trusted = with keys'.by-host.hd; [
solo
c2
fw
];
} }

1
var/wg.nix
View file

@ -35,6 +35,7 @@ rec {
}; };
keyFile = "/var/secrets/wg.key"; keyFile = "/var/secrets/wg.key";
# Helper method: `peers-for x` filters out `x` from wireguard-network
peers-for = peers-for =
host: host:
map (lib.filterAttrs (n: _: n != "ips")) ( map (lib.filterAttrs (n: _: n != "ips")) (