Kaare Hoff Skovgaard
30cf1f407a
This should allow for disks to survive destruction of instances. Also support creating additional disks on hetzner, storing a mapping of nix names for disks with their linux device paths. Something similiar should also be possible to create for openstack allowing a provider agnostic way of mapping between them.
36 lines
1.1 KiB
Nix
36 lines
1.1 KiB
Nix
{
|
|
inputs,
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
# Change this if recreating the server from scratch. See README for this instance.
|
|
bootstrapping = false;
|
|
in
|
|
{
|
|
options.khscodes."security.kaareskovgaard.net" = {
|
|
bootstrap = {
|
|
enable = lib.mkEnableOption "Enables bootstrapping mode for security.kaareskovgaard.net. This should be set when first setting up the server. See the README";
|
|
};
|
|
};
|
|
imports = [
|
|
"${inputs.self}/nix/profiles/nixos/hetzner-server.nix"
|
|
./kanidm.nix
|
|
./openbao.nix
|
|
./post
|
|
];
|
|
config = {
|
|
khscodes.services.nginx.enable = true;
|
|
khscodes."security.kaareskovgaard.net".bootstrap.enable = bootstrapping;
|
|
khscodes.infrastructure.hetzner-instance = {
|
|
enable = true;
|
|
server_type = "cax11";
|
|
};
|
|
# Cannot use vault for secrets source, as this is the server containing vault.
|
|
khscodes.infrastructure.provisioning.secretsSource = "bitwarden";
|
|
khscodes.infrastructure.vault-server-approle.stage = "configuration";
|
|
khscodes.networking.fqdn = "security.kaareskovgaard.net";
|
|
khscodes.infrastructure.openbao.domain = "secrets.kaareskovgaard.net";
|
|
system.stateVersion = "25.05";
|
|
};
|
|
}
|