{ inputs, nixpkgs, ... }: { mkMachine = hostname: { system ? "aarch64-linux", user ? "lander", timeZone ? "Europe/Berlin", disks ? [ "/dev/sda" ], ipv6Address, tailscale ? true, extraModules ? [ ], }: let diskConfig = import ./disk-config.nix { inherit disks nixpkgs; }; machineConfig = import ../hosts/servers/${hostname}.nix; in nixpkgs.lib.nixosSystem { inherit system; modules = [ inputs.disko.nixosModules.disko inputs.sops-nix.nixosModules.sops inputs.self.nixosModules.namespaced-vpn inputs.self.nixosModules.storagebox diskConfig ( { config, lib, modulesPath, pkgs, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/profiles/qemu-guest.nix") ]; boot = { loader.grub = { devices = [ "/dev/sda" ]; efiSupport = true; efiInstallAsRemovable = true; }; initrd.kernelModules = [ "virtio_gpu" ]; kernelParams = [ "console=tty" ]; }; time.timeZone = timeZone; networking = { useNetworkd = true; hostName = hostname; }; systemd.network = { enable = true; networks = { "30-wan" = { matchConfig.Name = "enp1s0"; networkConfig.DHCP = "ipv4"; address = [ ipv6Address ]; routes = [ { Gateway = "fe80::1"; } ]; }; }; }; services.openssh = { enable = true; settings.PasswordAuthentication = false; extraConfig = '' PrintLastLog no ''; }; sops.secrets.tailscale-authkey = lib.mkIf tailscale { owner = "root"; group = "root"; sopsFile = ../hosts/common/servers/secrets.yaml; }; services.tailscale = lib.mkIf tailscale { enable = tailscale; openFirewall = false; extraUpFlags = [ "--login-server=https://headscale.escapeangle.com" ]; authKeyFile = config.sops.secrets.tailscale-authkey.path; }; programs.zsh.enable = true; environment.pathsToLink = [ "/share/zsh" ]; environment.shells = [ pkgs.zsh ]; environment.enableAllTerminfo = true; users.users.${user} = { isNormalUser = true; shell = pkgs.zsh; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnthKtz0fE4yQ/X10cJgKVCjYCNkRNoqV28xAhD7h2M cardno:22_498_026" ]; }; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnthKtz0fE4yQ/X10cJgKVCjYCNkRNoqV28xAhD7h2M cardno:22_498_026" ]; nix = { settings = { trusted-users = [ "${user}" ]; accept-flake-config = true; auto-optimise-store = true; }; registry = { nixpkgs = { flake = nixpkgs; }; }; nixPath = [ "nixpkgs=${nixpkgs.outPath}" "nixos-config=/etc/nixos/configuration.nix" "/nix/var/nix/profiles/per-user/root/channels" ]; package = pkgs.nixVersions.stable; extraOptions = ''experimental-features = nix-command flakes''; gc = { automatic = true; options = "--delete-older-than 7d"; }; }; } ) machineConfig ] ++ extraModules; }; mkColmena = { system ? "aarch64-linux", user ? "lander", timeZone ? "Europe/Berlin", disks ? [ "/dev/sda" ], ipv6Address, tailscale ? true, extraModules ? [ ], }: { deployment = { targetHost = "hosting-02.escapeangle.com"; targetPort = 22; targetUser = "root"; buildOnTarget = true; }; }; }