Remote deployment configuration

2022-12-18 19:02:50 +01:00 · 2022-12-18 19:02:50 +01:00 · 429efc52ae
commit 429efc52ae
parent 1bdc118dc7
4 changed files with 35 additions and 6 deletions
--- a/flake.nix
+++ b/flake.nix
@ -119,6 +119,7 @@

        ./nixos_modules/bertof_user.nix
        ./nixos_modules/distributed.nix
+        ./nixos_modules/remote-deploy.nix
        ./nixos_modules/extended_registry.nix
        ./nixos_modules/automatic-garbage-collection.nix
        ./nixos_modules/automatic-upgrade.nix
@ -251,20 +252,40 @@
        };
      };

-      images = with flake-utils.lib; eachSystem [ system.x86_64-linux system.aarch64-linux ] (system:
+      images = with flake-utils.lib; let
+        installerModules = [
+          # Nix configuration
+          {
+            nixpkgs = { inherit overlays config; };
+            nix = {
+              extraOptions = "experimental-features = nix-command flakes";
+              registry = {
+                stable = { from = { id = "stable"; type = "indirect"; }; flake = nixpkgs; };
+                unstable = { from = { id = "unstable"; type = "indirect"; }; flake = nixpkgs-u; };
+              };
+            };
+          }
+
+          ./nixos_modules/bertof_user.nix
+          ./nixos_modules/distributed.nix
+          ./nixos_modules/extended_registry.nix
+          ./nixos_modules/zerotier.nix
+        ];
+      in
+      eachSystem [ system.x86_64-linux system.aarch64-linux ] (system:
        {
          packages = {
            # Installer ISO
            install-iso = nixos-generators.nixosGenerate {
              inherit system;
-              modules = commonModules ++ [ ./nixos_modules/installer.nix ];
+              modules = installerModules ++ [ ./nixos_modules/installer.nix ];
              format = "install-iso";
            };

            # Installer DigitalOcean
            do = nixos-generators.nixosGenerate {
              inherit system;
-              modules = commonModules ++ [ ./nixos_modules/installer.nix ];
+              modules = installerModules ++ [ ./nixos_modules/installer.nix ];
              format = "do";
            };
          };
--- a/loki/configuration.nix
+++ b/loki/configuration.nix
@ -106,7 +106,7 @@ with lib; {
    openssh = {
      enable = true;
      openFirewall = true;
-      permitRootLogin = "no";
+      # permitRootLogin = "no";
      passwordAuthentication = false;
    };
    # plex = { enable = true; openFirewall = true; group = "users"; };
--- a/nixos_modules/remote-deploy.nix
+++ b/nixos_modules/remote-deploy.nix
@ -0,0 +1,10 @@
+{
+  services.openssh = {
+    enable = true;
+    openFirewall = true;
+
+    permitRootLogin = "prohibit-password";
+    passwordAuthentication = false;
+    kbdInteractiveAuthentication = false;
+  };
+}
--- a/thor/configuration.nix
+++ b/thor/configuration.nix
@ -128,8 +128,6 @@ with lib; {
    openssh = {
      enable = true;
      openFirewall = true;
-      permitRootLogin = "no";
-      passwordAuthentication = false;
      forwardX11 = true;
    };
    pipewire = {