hosts/blacksteel: use colmena
This commit is contained in:
parent
acb0f46834
commit
b6826c238e
3 changed files with 27 additions and 14 deletions
|
@ -224,7 +224,12 @@
|
||||||
|
|
||||||
"lightsail-tokyo" = {
|
"lightsail-tokyo" = {
|
||||||
imports = [./hosts/lightsail-tokyo];
|
imports = [./hosts/lightsail-tokyo];
|
||||||
deployment.targetHost = "ny4.dev";
|
deployment.targetHost = "tyo0.ny4.dev";
|
||||||
|
};
|
||||||
|
|
||||||
|
"blacksteel" = {
|
||||||
|
imports = [./hosts/blacksteel];
|
||||||
|
deployment.targetHost = "blacksteel"; # thru tailscale
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
|
|
@ -23,6 +23,8 @@
|
||||||
time.timeZone = "Asia/Shanghai";
|
time.timeZone = "Asia/Shanghai";
|
||||||
system.stateVersion = "23.11";
|
system.stateVersion = "23.11";
|
||||||
|
|
||||||
|
services.openssh.settings.PermitRootLogin = "prohibit-password";
|
||||||
|
|
||||||
######## Secrets
|
######## Secrets
|
||||||
sops = {
|
sops = {
|
||||||
secrets = builtins.mapAttrs (_name: value: value // {sopsFile = ./secrets.yaml;}) {
|
secrets = builtins.mapAttrs (_name: value: value // {sopsFile = ./secrets.yaml;}) {
|
||||||
|
|
|
@ -73,7 +73,8 @@
|
||||||
"[ 5.996722] amdgpu 0000:67:00.0: Fatal error during GPU init"}
|
"[ 5.996722] amdgpu 0000:67:00.0: Fatal error during GPU init"}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
users.users."guanranwang" = {
|
users.users = rec {
|
||||||
|
"guanranwang" = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
description = "Guanran Wang";
|
description = "Guanran Wang";
|
||||||
hashedPasswordFile = config.sops.secrets."hashed-passwd".path;
|
hashedPasswordFile = config.sops.secrets."hashed-passwd".path;
|
||||||
|
@ -88,6 +89,11 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
"root" = {
|
||||||
|
openssh.authorizedKeys.keys = guanranwang.openssh.authorizedKeys.keys;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
programs.dconf.enable = true;
|
programs.dconf.enable = true;
|
||||||
programs.fish.enable = true;
|
programs.fish.enable = true;
|
||||||
users.groups."nix-access-tokens" = {};
|
users.groups."nix-access-tokens" = {};
|
||||||
|
|
Loading…
Reference in a new issue