Skyler Grey
919b3c4e73
Agenix-rekey is a project which uses rage to encrypt secrets for hosts where they're needed. We'll need it for a future commit with buildbot
54 lines
923 B
Nix
54 lines
923 B
Nix
# SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors
|
|
#
|
|
# SPDX-License-Identifier: GPL-3.0-only
|
|
|
|
# baxter
|
|
# 209.38.149.197
|
|
{
|
|
pkgs,
|
|
modulesPath,
|
|
config,
|
|
...
|
|
}: {
|
|
imports = [
|
|
(modulesPath + "/virtualisation/digital-ocean-config.nix")
|
|
];
|
|
|
|
age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM4rfWCoqby2qIcq/KVEWCKZVvIxr6h4GxJcsCQYffj+";
|
|
|
|
boot.loader.grub.enable = true;
|
|
|
|
virtualisation.digitalOcean.rebuildFromUserData = false;
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
80
|
|
443
|
|
];
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
neovim
|
|
];
|
|
|
|
auxolotl = {
|
|
nix.enable = true;
|
|
|
|
users.infra.enable = true;
|
|
|
|
security = {
|
|
doas.enable = true;
|
|
|
|
acme = {
|
|
enable = true;
|
|
email = "jake.hamilton@hey.com";
|
|
};
|
|
};
|
|
|
|
services = {
|
|
ssh.enable = true;
|
|
forge.enable = true;
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "23.11";
|
|
}
|