2025-01-31 14:59:35 +01:00
|
|
|
{
|
|
|
|
|
self,
|
|
|
|
|
inputs,
|
|
|
|
|
providers,
|
|
|
|
|
lib,
|
|
|
|
|
config,
|
|
|
|
|
...
|
|
|
|
|
}:
|
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
inherit (lib) attrValues mkOption;
|
|
|
|
|
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
options = {
|
2025-01-31 15:11:56 +01:00
|
|
|
procolixVm = {
|
|
|
|
|
name = mkOption { };
|
|
|
|
|
host = mkOption { };
|
|
|
|
|
};
|
2025-01-31 14:59:35 +01:00
|
|
|
};
|
|
|
|
|
|
2025-01-31 15:11:56 +01:00
|
|
|
config = {
|
|
|
|
|
type = providers.local.exec;
|
2025-01-31 14:59:35 +01:00
|
|
|
|
2025-01-31 15:11:56 +01:00
|
|
|
ssh = {
|
|
|
|
|
host = config.procolixVm.host;
|
|
|
|
|
opts = "";
|
|
|
|
|
hostPublicKey = self.keys.systems.${config.procolixVm.name};
|
|
|
|
|
};
|
2025-01-31 14:59:35 +01:00
|
|
|
|
2025-01-31 15:11:56 +01:00
|
|
|
nixpkgs = inputs.nixpkgs;
|
2025-01-31 14:59:35 +01:00
|
|
|
|
2025-01-31 15:11:56 +01:00
|
|
|
nixos.module = {
|
|
|
|
|
imports = [
|
|
|
|
|
./common
|
2025-01-31 14:59:35 +01:00
|
|
|
|
2025-01-31 15:11:56 +01:00
|
|
|
self.nixosModules.ageSecrets
|
|
|
|
|
];
|
2025-01-31 14:59:35 +01:00
|
|
|
|
2025-01-31 15:11:56 +01:00
|
|
|
## Necessary to filter Age secrets.
|
|
|
|
|
fediversity.hostPublicKey = self.keys.systems.${config.procolixVm.name};
|
2025-01-31 14:59:35 +01:00
|
|
|
|
2025-01-31 15:11:56 +01:00
|
|
|
## FIXME: Remove direct root authentication once the NixOps4 NixOS
|
|
|
|
|
## provider supports users with password-less sudo.
|
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = attrValues self.keys.contributors;
|
2025-01-31 14:59:35 +01:00
|
|
|
};
|
2025-01-31 15:11:56 +01:00
|
|
|
};
|
2025-01-31 14:59:35 +01:00
|
|
|
}
|
