move deployment options back to flake.nix for demo
This commit is contained in:
parent
da2e1ff0e1
commit
d7aaf13032
2 changed files with 15 additions and 11 deletions
|
@ -1,5 +1,9 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
targetUser = "nixos";
|
||||||
|
targetPort = 2222;
|
||||||
|
in
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
|
@ -22,15 +26,8 @@
|
||||||
|
|
||||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||||
|
|
||||||
# Used by colmena to know which target host to deploy to.
|
|
||||||
deployment = {
|
|
||||||
targetHost = "example";
|
|
||||||
targetPort = 2222;
|
|
||||||
targetUser = "nixos";
|
|
||||||
};
|
|
||||||
|
|
||||||
# We need to create the user we will deploy with.
|
# We need to create the user we will deploy with.
|
||||||
users.users.${config.deployment.targetUser} = {
|
users.users.${targetUser} = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||||
initialPassword = "nixos";
|
initialPassword = "nixos";
|
||||||
|
@ -42,7 +39,7 @@
|
||||||
|
|
||||||
# The user we're deploying with must be able to run sudo without password.
|
# The user we're deploying with must be able to run sudo without password.
|
||||||
security.sudo.extraRules = [
|
security.sudo.extraRules = [
|
||||||
{ users = [ config.deployment.targetUser ];
|
{ users = [ targetUser ];
|
||||||
commands = [
|
commands = [
|
||||||
{ command = "ALL";
|
{ command = "ALL";
|
||||||
options = [ "NOPASSWD" ];
|
options = [ "NOPASSWD" ];
|
||||||
|
@ -53,13 +50,13 @@
|
||||||
|
|
||||||
# Needed to allow the user we're deploying with to write to the nix store.
|
# Needed to allow the user we're deploying with to write to the nix store.
|
||||||
nix.settings.trusted-users = [
|
nix.settings.trusted-users = [
|
||||||
config.deployment.targetUser
|
targetUser
|
||||||
];
|
];
|
||||||
|
|
||||||
# We need to enable the ssh daemon to be able to deploy.
|
# We need to enable the ssh daemon to be able to deploy.
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
ports = [ config.deployment.targetPort ];
|
ports = [ targetPort ];
|
||||||
permitRootLogin = "no";
|
permitRootLogin = "no";
|
||||||
passwordAuthentication = false;
|
passwordAuthentication = false;
|
||||||
};
|
};
|
||||||
|
|
|
@ -26,6 +26,13 @@
|
||||||
selfhostblocks.nixosModules.x86_64-linux.default
|
selfhostblocks.nixosModules.x86_64-linux.default
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# Used by colmena to know which target host to deploy to.
|
||||||
|
deployment = {
|
||||||
|
targetHost = "example";
|
||||||
|
targetUser = "nixos";
|
||||||
|
targetPort = 2222;
|
||||||
|
};
|
||||||
|
|
||||||
shb.ldap = {
|
shb.ldap = {
|
||||||
enable = true;
|
enable = true;
|
||||||
domain = "example.com";
|
domain = "example.com";
|
||||||
|
|
Loading…
Reference in a new issue