users: add richard

nginx: refactor to apply settings across all nodes
rearrange files
2024-07-09 22:04:00 +01:00 · 2024-07-09 22:00:09 +01:00 · 2024-07-09 18:14:33 +01:00
8 changed files with 78 additions and 46 deletions
--- a/common/nginx.nix
+++ b/common/nginx.nix
@ -2,8 +2,6 @@
 {
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
@ -28,6 +26,4 @@
    acceptTerms = true;
    defaults.email = "accounts@katherina.rocks"; # TODO: replace with more appropriate email
  };
  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }
--- a/common/users/default.nix
+++ b/common/users/default.nix
@ -0,0 +1,6 @@
 {
  imports = [
    ./qenya.nix
    ./richard.nix
  ];
 }
--- a/common/users/qenya.nix
+++ b/common/users/qenya.nix
@ -1,5 +1,7 @@
 { config, lib, pkgs, ... }:
 let keys = import ../../keys.nix;
 in
 {
  users.users.qenya = {
    isNormalUser = true;
@ -9,9 +11,7 @@
      "networkmanager" # UI wifi configuration
      "dialout" # access to serial ports
    ];
-    openssh.authorizedKeys.keys = [
+    openssh.authorizedKeys.keys = keys.users.qenya;
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru"
    ];
    uid = 1001;
  };
--- a/common/users/richard.nix
+++ b/common/users/richard.nix
@ -0,0 +1,12 @@
 { config, lib, pkgs, ... }:
 let keys = import ../../keys.nix;
 in
 {
  users.users.richard = {
    isNormalUser = true;
    home = "/home/richard";
    openssh.authorizedKeys.keys = keys.users.richard;
    uid = 1002;
  };
 }
--- a/hive.nix
+++ b/hive.nix
@ -24,10 +24,11 @@ in {
      (import "${sources.home-manager}/nixos")
      (import "${sources.agenix}/modules/age.nix")
      ./pinning.nix
      ./common/nginx.nix
      ./common/ssh.nix
      ./common/sudo.nix
      ./common/utilities.nix
-      ./users/qenya.nix
+      ./common/users
    ];
  };
--- a/hosts/yevaud/forgejo.nix
+++ b/hosts/yevaud/forgejo.nix
@ -1,14 +1,13 @@
 { config, lib, pkgs, ... }:
 {
  imports = [
    ../../common/nginx.nix
  ];
  # TODO: email out
  # TODO: interface customisation
-  services.nginx.virtualHosts = {
+  services = {
    nginx = {
      enable = true;
      virtualHosts = {
        "git.qenya.tel" = {
          forceSSL = true;
          enableACME = true;
@ -20,8 +19,9 @@
          locations."/".return = "301 https://git.qenya.tel$request_uri";
        };
      };
    };
-  services.forgejo = {
+    forgejo = {
      enable = true;
      stateDir = "/data/forgejo";
      settings = {
@ -43,4 +43,7 @@
        service.DISABLE_REGISTRATION = true;
      };
    };
  };
  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }
--- a/keys.nix
+++ b/keys.nix
@ -0,0 +1,16 @@
 {
  machines = {
    tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru";
    yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud";
    orm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGc9rkcdOVWozBFj3kLVnSyUQQbyyH+UG+bLawanQkRQ root@orm";
  };
  users = {
    qenya = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru"
    ];
    richard = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHAuYWPfYVKdjBY/gBMt2n11Seb+hMqjui1PQ6C4ph8i richard@tress"
    ];
  };
 }
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -1,6 +1,4 @@
 let
-  tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru";
+  keys = ../ssh-keys.nix;
  yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud";
  systems = [ tohru yevaud ];
 in
 { }
Author	SHA1	Message	Date
Katherina Walshe-Grey	bae6a97842	users: add richard	2024-07-09 22:04:00 +01:00
Katherina Walshe-Grey	0d0b3e2d2d	nginx: refactor to apply settings across all nodes	2024-07-09 22:00:09 +01:00
Katherina Walshe-Grey	39c1bc664c	rearrange files	2024-07-09 18:14:33 +01:00