2023-07-11 09:12:50 -06:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
lib,
|
|
|
|
pkgs,
|
|
|
|
inputs,
|
|
|
|
...
|
|
|
|
}: let
|
2022-09-06 11:08:12 -06:00
|
|
|
microcaBin = "${pkgs.microca}/bin/microca";
|
|
|
|
microca = pkgs.writeScriptBin "microca" ''
|
|
|
|
#!/usr/bin/env sh
|
|
|
|
${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@
|
|
|
|
'';
|
2023-07-11 09:12:50 -06:00
|
|
|
in
|
|
|
|
with lib; {
|
|
|
|
options = {
|
|
|
|
nixManager = {
|
|
|
|
enable = mkEnableOption "Configure host as nix-conf manager.";
|
|
|
|
user = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
default = "root";
|
|
|
|
description = ''
|
|
|
|
User who will own the private key.
|
|
|
|
'';
|
|
|
|
};
|
2022-08-25 12:21:35 -06:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2023-07-27 09:51:55 -06:00
|
|
|
imports = [./tailnet.nix];
|
|
|
|
|
2023-07-11 09:12:50 -06:00
|
|
|
config = mkIf config.nixManager.enable {
|
|
|
|
sops.defaultSopsFile = config.xin-secrets.manager;
|
|
|
|
sops.secrets = {
|
|
|
|
xin_status_key = {owner = config.nixManager.user;};
|
|
|
|
xin_status_pubkey = {owner = config.nixManager.user;};
|
|
|
|
manager_key = {owner = config.nixManager.user;};
|
|
|
|
manager_pubkey = {owner = config.nixManager.user;};
|
|
|
|
ca_key = {owner = config.nixManager.user;};
|
|
|
|
ca_cert = {owner = config.nixManager.user;};
|
|
|
|
po_env = {owner = config.nixManager.user;};
|
|
|
|
};
|
2023-07-27 09:51:55 -06:00
|
|
|
|
2023-07-11 09:12:50 -06:00
|
|
|
environment.systemPackages = [
|
|
|
|
microca
|
|
|
|
inputs.xintray.packages.${pkgs.system}.xintray
|
|
|
|
inputs.po.packages.${pkgs.system}.po
|
|
|
|
];
|
2023-07-27 09:51:55 -06:00
|
|
|
|
2023-07-11 09:12:50 -06:00
|
|
|
networking = {
|
|
|
|
hosts = {
|
|
|
|
"66.135.2.235" = ["ns1"];
|
|
|
|
"23.234.251.216" = ["ns2"];
|
|
|
|
"46.23.94.18" = ["ns3"];
|
|
|
|
"198.23.149.18" = ["ns4"];
|
|
|
|
};
|
2023-02-28 10:45:23 -07:00
|
|
|
};
|
|
|
|
};
|
2023-07-11 09:12:50 -06:00
|
|
|
}
|