30 lines
1.6 KiB
Nix
30 lines
1.6 KiB
Nix
{
|
|
inputs,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
"${inputs.self}/nix/profiles/nixos/hetzner-server.nix"
|
|
./authentik.nix
|
|
./openbao.nix
|
|
./post/openbao
|
|
];
|
|
khscodes.services.nginx.enable = true;
|
|
khscodes.infrastructure.hetzner-instance = {
|
|
enable = true;
|
|
server_type = "cax11";
|
|
};
|
|
# Cannot use vault for secrets source, as this is the server containing vault.
|
|
khscodes.infrastructure.provisioning.pre.secretsSource = "bitwarden";
|
|
khscodes.infrastructure.provisioning.post.secretsSource = "bitwarden";
|
|
khscodes.infrastructure.vault-server-approle.stage = "post";
|
|
khscodes.networking.fqdn = "security.kaareskovgaard.net";
|
|
users.users.khs = {
|
|
initialPassword = "changeme";
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCqY0FHnWFKfLG2yfgr4qka5sR9CK+EMAhzlHUkaQyWHTKD+G0/vC/fNPyL1VV3Dxc/ajxGuPzVE+mBMoyxazL3EtuCDOVvHJ5CR+MUSEckg/DDwcGHqy6rC8BvVVpTAVL04ByQdwFnpE1qNSBaQLkxaFVdtriGKkgMkc7+UNeYX/bv7yn+APqfP1a3xr6wdkSSdO8x4N2jsSygOIMx10hLyCV4Ueu7Kp8Ww4rGY8j5o7lKJhbgfItBfSOuQHdppHVF/GKYRhdnK6Y2fZVYbhq4KipUtclbZ6O/VYd8/sOO98+LMm7cOX+K35PQjUpYgcoNy5+Sw3CNS/NHn4JvOtTaUEYP7fK6c9LhMULOO3T7Cm6TMdiFjUKHkyG+s2Mu/LXJJoilw571zwuh6chkeitW8+Ht7k0aPV96kNEvTdoXwLhBifVEaChlAsLAzSUjUq+YYCiXVk0VIXCZQWKj8LoVNTmaqDksWwbcT64fw/FpVC0N18WHbKcFUEIW/O4spJMa30CQwf9FeqpoWoaF1oRClCSDPvX0AauCu0JcmRinz1/JmlXljnXWbSfm20/V+WyvktlI0wTD0cdpNuSasT9vS77YfJ8nutcWWZKSkCj4R4uHeCNpDTX5YXzapy7FxpM9ANCXLIvoGX7Yafba2Po+er7SSsUIY1AsnBBr8ZoDVw=="
|
|
];
|
|
};
|
|
khscodes.infrastructure.openbao.domain = "vault-test.kaareskovgaard.net";
|
|
system.stateVersion = "25.05";
|
|
}
|