96 lines
2.3 KiB
Nix
96 lines
2.3 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
self,
|
|
...
|
|
}:
|
|
# Read configuration from JSON
|
|
let
|
|
jsonConfig = builtins.fromJSON (builtins.readFile ./config.json);
|
|
|
|
customServicesDir = ./custom-services;
|
|
customServicesExists = builtins.pathExists customServicesDir;
|
|
|
|
customServices =
|
|
if customServicesExists
|
|
then
|
|
map
|
|
(name: ./custom-services + "/${name}")
|
|
(builtins.filter
|
|
(name: lib.hasSuffix ".nix" name)
|
|
(builtins.attrNames (builtins.readDir customServicesDir)))
|
|
else [];
|
|
in {
|
|
imports =
|
|
[
|
|
./disko-config.nix
|
|
]
|
|
++ customServices;
|
|
|
|
options.nixosConfig.flake = lib.mkOption {
|
|
type = lib.types.path;
|
|
description = "Path to the current flake configuration";
|
|
};
|
|
|
|
config = {
|
|
nix.settings = {
|
|
trusted-users = [jsonConfig.username];
|
|
};
|
|
# Set the flake path
|
|
nixosConfig.flake = self;
|
|
|
|
# Activation script to save the configuration
|
|
system.activationScripts.saveFlakeConfig = {
|
|
deps = [];
|
|
text = ''
|
|
rm -rf /etc/nixos/current-systemconfig
|
|
mkdir -p /etc/nixos/current-systemconfig
|
|
cp -rf ${config.nixosConfig.flake}/* /etc/nixos/current-systemconfig/
|
|
cd /etc/nixos/current-systemconfig
|
|
chown -R ${jsonConfig.username}:users /etc/nixos/current-systemconfig
|
|
chmod -R u=rwX,g=rX,o=rX /etc/nixos/current-systemconfig
|
|
'';
|
|
};
|
|
|
|
services.selfHostPlaybook = {
|
|
enable = true;
|
|
tier = "starter"; # This determines which services are enabled
|
|
};
|
|
|
|
# Networking
|
|
networking = {
|
|
hostName = jsonConfig.hostname;
|
|
firewall = {
|
|
enable = true;
|
|
# Only allow necessary ports
|
|
allowedTCPPorts = [80 443 2222]; # HTTP, HTTPS, and SSH
|
|
};
|
|
};
|
|
|
|
environment.etc = {
|
|
environment-files = {
|
|
source = ./env;
|
|
};
|
|
};
|
|
# User configuration
|
|
users.users.${jsonConfig.username} = {
|
|
isNormalUser = true;
|
|
extraGroups = ["wheel" "docker"];
|
|
hashedPassword = jsonConfig.hashedPassword;
|
|
openssh.authorizedKeys.keys = [jsonConfig.sshKey];
|
|
# Set default shell to bash
|
|
shell = pkgs.bash;
|
|
};
|
|
|
|
programs.git = {
|
|
enable = true;
|
|
config = {
|
|
user.name = jsonConfig.username;
|
|
user.email = "${jsonConfig.username}@nixos";
|
|
safe.directory = "/etc/nixos/current-systemconfig";
|
|
};
|
|
};
|
|
};
|
|
}
|