self-host-playbook/configuration.nix
2025-04-11 11:33:45 +02:00

96 lines
2.3 KiB
Nix

{
config,
lib,
pkgs,
self,
...
}:
# Read configuration from JSON
let
jsonConfig = builtins.fromJSON (builtins.readFile ./config.json);
customServicesDir = ./custom-services;
customServicesExists = builtins.pathExists customServicesDir;
customServices =
if customServicesExists
then
map
(name: ./custom-services + "/${name}")
(builtins.filter
(name: lib.hasSuffix ".nix" name)
(builtins.attrNames (builtins.readDir customServicesDir)))
else [];
in {
imports =
[
./disko-config.nix
]
++ customServices;
options.nixosConfig.flake = lib.mkOption {
type = lib.types.path;
description = "Path to the current flake configuration";
};
config = {
nix.settings = {
trusted-users = [jsonConfig.username];
};
# Set the flake path
nixosConfig.flake = self;
# Activation script to save the configuration
system.activationScripts.saveFlakeConfig = {
deps = [];
text = ''
rm -rf /etc/nixos/current-systemconfig
mkdir -p /etc/nixos/current-systemconfig
cp -rf ${config.nixosConfig.flake}/* /etc/nixos/current-systemconfig/
cd /etc/nixos/current-systemconfig
chown -R ${jsonConfig.username}:users /etc/nixos/current-systemconfig
chmod -R u=rwX,g=rX,o=rX /etc/nixos/current-systemconfig
'';
};
services.selfHostPlaybook = {
enable = true;
tier = "starter"; # This determines which services are enabled
};
# Networking
networking = {
hostName = jsonConfig.hostname;
firewall = {
enable = true;
# Only allow necessary ports
allowedTCPPorts = [80 443 2222]; # HTTP, HTTPS, and SSH
};
};
environment.etc = {
environment-files = {
source = ./env;
};
};
# User configuration
users.users.${jsonConfig.username} = {
isNormalUser = true;
extraGroups = ["wheel" "docker"];
hashedPassword = jsonConfig.hashedPassword;
openssh.authorizedKeys.keys = [jsonConfig.sshKey];
# Set default shell to bash
shell = pkgs.bash;
};
programs.git = {
enable = true;
config = {
user.name = jsonConfig.username;
user.email = "${jsonConfig.username}@nixos";
safe.directory = "/etc/nixos/current-systemconfig";
};
};
};
}