users: add richard

nginx: refactor to apply settings across all nodes
rearrange files
2024-07-09 22:04:00 +01:00 · 2024-07-09 22:00:09 +01:00 · 2024-07-09 18:14:33 +01:00
8 changed files with 78 additions and 46 deletions
--- a/common/nginx.nix
+++ b/common/nginx.nix
@ -2,8 +2,6 @@

 {
  services.nginx = {
-    enable = true;
-
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
@ -28,6 +26,4 @@
    acceptTerms = true;
    defaults.email = "accounts@katherina.rocks"; # TODO: replace with more appropriate email
  };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }
--- a/common/users/default.nix
+++ b/common/users/default.nix
@ -0,0 +1,6 @@
+{
+  imports = [
+    ./qenya.nix
+    ./richard.nix
+  ];
+}
--- a/common/users/qenya.nix
+++ b/common/users/qenya.nix
@ -1,5 +1,7 @@
 { config, lib, pkgs, ... }:

+let keys = import ../../keys.nix;
+in
 {
  users.users.qenya = {
    isNormalUser = true;
@ -9,9 +11,7 @@
      "networkmanager" # UI wifi configuration
      "dialout" # access to serial ports
    ];
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru"
-    ];
+    openssh.authorizedKeys.keys = keys.users.qenya;
    uid = 1001;
  };

--- a/common/users/richard.nix
+++ b/common/users/richard.nix
@ -0,0 +1,12 @@
+{ config, lib, pkgs, ... }:
+
+let keys = import ../../keys.nix;
+in
+{
+  users.users.richard = {
+    isNormalUser = true;
+    home = "/home/richard";
+    openssh.authorizedKeys.keys = keys.users.richard;
+    uid = 1002;
+  };
+}
--- a/hive.nix
+++ b/hive.nix
@ -24,10 +24,11 @@ in {
      (import "${sources.home-manager}/nixos")
      (import "${sources.agenix}/modules/age.nix")
      ./pinning.nix
+      ./common/nginx.nix
      ./common/ssh.nix
      ./common/sudo.nix
      ./common/utilities.nix
-      ./users/qenya.nix
+      ./common/users
    ];
  };

--- a/hosts/yevaud/forgejo.nix
+++ b/hosts/yevaud/forgejo.nix
@ -1,14 +1,13 @@
 { config, lib, pkgs, ... }:

 {
-  imports = [
-    ../../common/nginx.nix
-  ];
-
  # TODO: email out
  # TODO: interface customisation

-  services.nginx.virtualHosts = {
+  services = {
+    nginx = {
+      enable = true;
+      virtualHosts = {
        "git.qenya.tel" = {
          forceSSL = true;
          enableACME = true;
@ -20,8 +19,9 @@
          locations."/".return = "301 https://git.qenya.tel$request_uri";
        };
      };
+    };

-  services.forgejo = {
+    forgejo = {
      enable = true;
      stateDir = "/data/forgejo";
      settings = {
@ -43,4 +43,7 @@
        service.DISABLE_REGISTRATION = true;
      };
    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }
--- a/keys.nix
+++ b/keys.nix
@ -0,0 +1,16 @@
+{
+  machines = {
+    tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru";
+    yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud";
+    orm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGc9rkcdOVWozBFj3kLVnSyUQQbyyH+UG+bLawanQkRQ root@orm";
+  };
+
+  users = {
+    qenya = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru"
+    ];
+    richard = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHAuYWPfYVKdjBY/gBMt2n11Seb+hMqjui1PQ6C4ph8i richard@tress"
+    ];
+  };
+}
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -1,6 +1,4 @@
 let
-  tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru";
-  yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud";
-  systems = [ tohru yevaud ];
+  keys = ../ssh-keys.nix;
 in
 { }
Author	SHA1	Message	Date
Katherina Walshe-Grey	bae6a97842	users: add richard	2024-07-09 22:04:00 +01:00
Katherina Walshe-Grey	0d0b3e2d2d	nginx: refactor to apply settings across all nodes	2024-07-09 22:00:09 +01:00
Katherina Walshe-Grey	39c1bc664c	rearrange files	2024-07-09 18:14:33 +01:00