diff options
author | sefidel <contact@sefidel.net> | 2023-02-02 18:47:44 +0900 |
---|---|---|
committer | sefidel <contact@sefidel.net> | 2023-02-02 18:47:44 +0900 |
commit | c551a417940f9c66b4346c5813c2550f06269380 (patch) | |
tree | 969ee5bb2f179db027ea8ef935f70d94ceb086dd | |
parent | cf86cf37ea7413471b9c4461f4816206a305e7b9 (diff) | |
download | nixrc-c551a417940f9c66b4346c5813c2550f06269380.tar.gz nixrc-c551a417940f9c66b4346c5813c2550f06269380.zip |
feat(colmena/cobalt): use impermanence
-rw-r--r-- | colmena/cobalt/configuration.nix | 17 | ||||
-rw-r--r-- | colmena/default.nix | 1 | ||||
-rw-r--r-- | flake.lock | 16 | ||||
-rw-r--r-- | flake.nix | 2 | ||||
-rw-r--r-- | lib/mk_colmena.nix | 3 |
5 files changed, 35 insertions, 4 deletions
diff --git a/colmena/cobalt/configuration.nix b/colmena/cobalt/configuration.nix index b3d05b9..e115859 100644 --- a/colmena/cobalt/configuration.nix +++ b/colmena/cobalt/configuration.nix @@ -109,11 +109,22 @@ in users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDi7GGOGVj1Y5Sc1EW6zEdrp78dS6hvmS348pqu9dUsB openpgp:0x6BE7BD6F" ]; services.openssh.enable = true; services.openssh.permitRootLogin = "prohibit-password"; - - nix.nixPath = [ - "nixos-config=/persist/etc/nixos" + # mkdir -p /persist/etc/ssh + services.openssh.hostKeys = [ + { + path = "/persist/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + { + path = "/persist/ssh/ssh_host_rsa_key"; + type = "rsa"; + bits = 4096; + } ]; + # impermanence requirement + fileSystems."/persist".neededForBoot = true; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/colmena/default.nix b/colmena/default.nix index 2fa7bc6..99945e6 100644 --- a/colmena/default.nix +++ b/colmena/default.nix @@ -17,6 +17,7 @@ cobalt = self.lib.mkColmena { name = "cobalt"; system = "x86_64-linux"; + inputs = inputs; deployment = { targetHost = "cobalt.sefidel.com"; targetPort = 22; diff --git a/flake.lock b/flake.lock index 9272cdd..6bd2032 100644 --- a/flake.lock +++ b/flake.lock @@ -124,6 +124,21 @@ "type": "github" } }, + "impermanence": { + "locked": { + "lastModified": 1668668915, + "narHash": "sha256-QjY4ZZbs9shwO4LaLpvlU2bO9J1juYhO9NtV3nrbnYQ=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "5df9108b346f8a42021bf99e50de89c9caa251c3", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "neovim": { "inputs": { "flake-utils": "flake-utils_2", @@ -168,6 +183,7 @@ "chaotic-nixpkgs": "chaotic-nixpkgs", "darwin": "darwin", "home-manager": "home-manager", + "impermanence": "impermanence", "neovim": "neovim", "nixpkgs-2111": "nixpkgs-2111", "rust": "rust", diff --git a/flake.nix b/flake.nix index 696dfe7..4278936 100644 --- a/flake.nix +++ b/flake.nix @@ -12,6 +12,8 @@ home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "unstable"; + impermanence.url = "github:nix-community/impermanence"; + neovim.url = "github:neovim/neovim?dir=contrib"; neovim.inputs.nixpkgs.follows = "unstable"; diff --git a/lib/mk_colmena.nix b/lib/mk_colmena.nix index c4b5bad..b9c50a6 100644 --- a/lib/mk_colmena.nix +++ b/lib/mk_colmena.nix @@ -6,7 +6,7 @@ , host ? null , port ? 22 , tags ? null -, extraModules ? null +, inputs ? null , ... }: let @@ -30,5 +30,6 @@ in hardware ../nixos/modules/flake.nix ../nixos/modules/nix.nix + inputs.impermanence.nixosModules.impermanence ]; } |