1
0
Fork 0

move deployment options back to flake.nix for demo

This commit is contained in:
ibizaman 2023-12-09 08:32:28 -08:00 committed by Pierre Penninckx
parent da2e1ff0e1
commit d7aaf13032
2 changed files with 15 additions and 11 deletions

View file

@ -1,5 +1,9 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let
targetUser = "nixos";
targetPort = 2222;
in
{ {
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
@ -22,15 +26,8 @@
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Used by colmena to know which target host to deploy to.
deployment = {
targetHost = "example";
targetPort = 2222;
targetUser = "nixos";
};
# We need to create the user we will deploy with. # We need to create the user we will deploy with.
users.users.${config.deployment.targetUser} = { users.users.${targetUser} = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user. extraGroups = [ "wheel" ]; # Enable sudo for the user.
initialPassword = "nixos"; initialPassword = "nixos";
@ -42,7 +39,7 @@
# The user we're deploying with must be able to run sudo without password. # The user we're deploying with must be able to run sudo without password.
security.sudo.extraRules = [ security.sudo.extraRules = [
{ users = [ config.deployment.targetUser ]; { users = [ targetUser ];
commands = [ commands = [
{ command = "ALL"; { command = "ALL";
options = [ "NOPASSWD" ]; options = [ "NOPASSWD" ];
@ -53,13 +50,13 @@
# Needed to allow the user we're deploying with to write to the nix store. # Needed to allow the user we're deploying with to write to the nix store.
nix.settings.trusted-users = [ nix.settings.trusted-users = [
config.deployment.targetUser targetUser
]; ];
# We need to enable the ssh daemon to be able to deploy. # We need to enable the ssh daemon to be able to deploy.
services.openssh = { services.openssh = {
enable = true; enable = true;
ports = [ config.deployment.targetPort ]; ports = [ targetPort ];
permitRootLogin = "no"; permitRootLogin = "no";
passwordAuthentication = false; passwordAuthentication = false;
}; };

View file

@ -26,6 +26,13 @@
selfhostblocks.nixosModules.x86_64-linux.default selfhostblocks.nixosModules.x86_64-linux.default
]; ];
# Used by colmena to know which target host to deploy to.
deployment = {
targetHost = "example";
targetUser = "nixos";
targetPort = 2222;
};
shb.ldap = { shb.ldap = {
enable = true; enable = true;
domain = "example.com"; domain = "example.com";