{ config, lib, pkgs, self, ... }: # Read configuration from JSON let jsonConfig = builtins.fromJSON (builtins.readFile ./config.json); customServicesDir = ./custom-services; customServicesExists = builtins.pathExists customServicesDir; customServices = if customServicesExists then map (name: ./custom-services + "/${name}") (builtins.filter (name: lib.hasSuffix ".nix" name) (builtins.attrNames (builtins.readDir customServicesDir))) else []; in { imports = [ ./disko-config.nix ] ++ customServices; options.nixosConfig.flake = lib.mkOption { type = lib.types.path; description = "Path to the current flake configuration"; }; config = { nix.settings = { trusted-users = [jsonConfig.username]; }; # Set the flake path nixosConfig.flake = self; # Activation script to save the configuration system.activationScripts.saveFlakeConfig = { deps = []; text = '' rm -rf /etc/nixos/current-systemconfig mkdir -p /etc/nixos/current-systemconfig cp -rf ${config.nixosConfig.flake}/* /etc/nixos/current-systemconfig/ cd /etc/nixos/current-systemconfig chown -R ${jsonConfig.username}:users /etc/nixos/current-systemconfig chmod -R u=rwX,g=rX,o=rX /etc/nixos/current-systemconfig ''; }; services.selfHostPlaybook = { enable = true; tier = "starter"; # This determines which services are enabled }; # Networking networking = { firewall = { enable = true; # Only allow necessary ports allowedTCPPorts = [80 443 2222]; # HTTP, HTTPS, and SSH }; }; environment.etc = { environment-files = { source = ./env; }; }; # User configuration users.users.${jsonConfig.username} = { isNormalUser = true; extraGroups = ["wheel" "docker"]; hashedPassword = jsonConfig.hashedPassword; openssh.authorizedKeys.keys = [jsonConfig.sshKey]; # Set default shell to bash shell = pkgs.bash; }; programs.git = { enable = true; config = { user.name = jsonConfig.username; user.email = "${jsonConfig.username}@nixos"; safe.directory = "/etc/nixos/current-systemconfig"; }; }; }; }