zivildienst/nixos/nix/system.nix

60 lines
2.5 KiB
Nix

{ ... }:
{
imports = [
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
];
boot.loader.grub.device = "/dev/sda";
boot.cleanTmpDir = true;
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; label = "root"; };
networking.firewall.allowPing = true;
networking.hostName = (builtins.readFile (builtins.fetchurl "http://169.254.169.254/hetzner/v1/metadata/hostname"));
services.openssh.enable = true;
services.cloud-init.enable = true;
security.sudo.wheelNeedsPassword = false;
# The created service `nixos-rebuild.service` can be used to trigger an unattended configuration change
# See https://nixos.org/manual/nixos/stable/#sec-changing-config
#
# `systemctl start nixos-rebuild` := `nixos-rebuild switch`
systemd.services.nixos-rebuild = {
serviceConfig.Type = "oneshot";
postStart = "systemctl stop socket-nixos-rebuild-trigger.service && systemctl restart socket-nixos-rebuild-trigger.socket";
script = ''
/run/current-system/sw/bin/nixos-rebuild switch -I nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs -I nixos-config=/etc/nixos/configuration.nix
'';
};
systemd.services.socket-nixos-rebuild-trigger = {
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
after = [ "socket-nixos-rebuild-trigger.socket" ];
requires = [ "socket-nixos-rebuild-trigger.socket" ];
script = ''
systemctl start nixos-rebuild
'';
};
systemd.sockets.socket-nixos-rebuild-trigger = {
listenStreams = [ "10.0.1.51:4444" ];
partOf = [ "socket-nixos-rebuild-trigger.service" ];
wantedBy = [ "sockets.target" ];
};
users.extraUsers.operator = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCAOgDVmgLQ1tEiE7kXoLu14wLW0LoYbNPsKae0DlMeWJe6JcR8HkQnSZm3aFEt30SmaFDtXcw3fyur0wByrIh0cFMUsdiO4e4B+Gke/vTc4/51rfjjzsA/1zipWnD5Yf0lO6KqE6Vm2uTejJ7NIRume3c2nlLCZ/Ajt0GqYwIuMOOGZSA5o/pNKiH88GyW9C+kI0kIOwswMHHQ5bFmpWttTy8JNI0iC4FzcQrAFIMUPTsM2kphJyqTPMGoztzRX64HSfmdr43MfLEWtIWvUXcYiazXFCTfXrStUS/z1GN2kOGvmr6fcC4MX3zhJF9WETRjM0VTFHJbERAQOmw3P87oAK759l0eHGiS7bbmX2hNLz6LLOCmPpaih5TaFp3NjMnVlEd1bGzZC4mgmFqxMUtx8Uqyd3zr3Wlp+u4zHaNiNhZo0USsIzagcdmeGIuXT1deyjnpbJVesixTMcttm6rlhVd4/McO972bP+4qtPSVZcGZd6d01TgK16fXp1WybuO6SpaLUIYcnimM+/zeanJkfgtA419xkZqEHvBf80/RTqmX/NTree8vHBVFSxla2Ru4RDBpGnbDKUYpRFeP9SMSkpGtdjZK45U7ffikK+UdXr24Nl6NFeFFs/PW5gOibfPzTJwpLqeu4E8xXXyakRSHW8aa+BtuV8WKFB4e/4dSQ=="
];
};
}