37 lines
1.2 KiB
Nix
37 lines
1.2 KiB
Nix
{
|
|
inputs,
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
# Change this if recreating the server from scratch. See README for this instance.
|
|
bootstrapping = false;
|
|
in
|
|
{
|
|
options.khscodes."security.kaareskovgaard.net" = {
|
|
bootstrap = {
|
|
enable = lib.mkEnableOption "Enables bootstrapping mode for security.kaareskovgaard.net. This should be set when first setting up the server. See the README";
|
|
};
|
|
};
|
|
imports = [
|
|
"${inputs.self}/nix/profiles/nixos/hetzner-server.nix"
|
|
./kanidm.nix
|
|
./openbao.nix
|
|
./post
|
|
];
|
|
config = {
|
|
khscodes.services.nginx.enable = true;
|
|
khscodes."security.kaareskovgaard.net".bootstrap.enable = bootstrapping;
|
|
khscodes.infrastructure.hetzner-instance = {
|
|
enable = true;
|
|
server_type = "cax11";
|
|
};
|
|
# Cannot use vault for secrets source, as this is the server containing vault.
|
|
khscodes.infrastructure.provisioning.pre.secretsSource = "bitwarden";
|
|
khscodes.infrastructure.provisioning.post.secretsSource = "bitwarden";
|
|
khscodes.infrastructure.vault-server-approle.stage = "post";
|
|
khscodes.networking.fqdn = "security.kaareskovgaard.net";
|
|
khscodes.infrastructure.openbao.domain = "secrets.kaareskovgaard.net";
|
|
system.stateVersion = "25.05";
|
|
};
|
|
}
|