xin/configs/manager.nix

58 lines
1.5 KiB
Nix
Raw Normal View History

2023-07-11 09:12:50 -06:00
{
config,
lib,
pkgs,
inputs,
...
}: let
microcaBin = "${pkgs.microca}/bin/microca";
microca = pkgs.writeScriptBin "microca" ''
#!/usr/bin/env sh
${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@
'';
2023-07-11 09:12:50 -06:00
in
with lib; {
options = {
nixManager = {
enable = mkEnableOption "Configure host as nix-conf manager.";
user = mkOption {
type = types.str;
default = "root";
description = ''
User who will own the private key.
'';
};
2022-08-25 12:21:35 -06:00
};
};
imports = [./tailnet.nix];
2023-07-11 09:12:50 -06:00
config = mkIf config.nixManager.enable {
sops.defaultSopsFile = config.xin-secrets.manager;
sops.secrets = {
xin_status_key = {owner = config.nixManager.user;};
xin_status_pubkey = {owner = config.nixManager.user;};
manager_key = {owner = config.nixManager.user;};
manager_pubkey = {owner = config.nixManager.user;};
ca_key = {owner = config.nixManager.user;};
ca_cert = {owner = config.nixManager.user;};
po_env = {owner = config.nixManager.user;};
};
2023-07-11 09:12:50 -06:00
environment.systemPackages = [
microca
inputs.xintray.packages.${pkgs.system}.xintray
inputs.po.packages.${pkgs.system}.po
];
2023-07-11 09:12:50 -06:00
networking = {
hosts = {
"66.135.2.235" = ["ns1"];
"23.234.251.216" = ["ns2"];
"46.23.94.18" = ["ns3"];
"198.23.149.18" = ["ns4"];
};
};
};
2023-07-11 09:12:50 -06:00
}