forked from Fediversity/Fediversity
Kiara Grouwstra
dbb4ce67fc
later we may want to distinguish dev vs host as well, tho eventually we expect not to have hard-coded machines anyway. split off from #319. Reviewed-on: Fediversity/Fediversity#367 Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
45 lines
740 B
Nix
45 lines
740 B
Nix
{
|
|
config,
|
|
...
|
|
}:
|
|
let
|
|
name = "panel";
|
|
in
|
|
{
|
|
imports = [
|
|
(import ../../../panel { }).module
|
|
];
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "beheer@procolix.com";
|
|
};
|
|
|
|
age.secrets.panel-ssh-key = {
|
|
owner = name;
|
|
mode = "400";
|
|
};
|
|
|
|
programs.ssh.startAgent = true;
|
|
|
|
home-manager = {
|
|
users.${name}.home = {
|
|
stateVersion = "25.05";
|
|
file.".ssh/config" = {
|
|
text = ''
|
|
IdentityFile ${config.age.secrets.panel-ssh-key.path}
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
services.${name} = {
|
|
enable = true;
|
|
production = true;
|
|
domain = "demo.fediversity.eu";
|
|
secrets = {
|
|
SECRET_KEY = config.age.secrets.panel-secret-key.path;
|
|
};
|
|
port = 8000;
|
|
};
|
|
}
|