tree-wide: refactor

i went overboard on modules. this is much comfier

3 files changed, 65 insertions, 0 deletions

diff --git a/modules/nixos/server/acme.nix b/modules/nixos/server/acme.nix
new file mode 100644
index 0000000..48746c2
--- /dev/null
+++ b/modules/nixos/server/acme.nix
@@ -0,0 +1,14 @@
+{config, ...}: {
+  age.secrets = {
+    cloudflareApiKey.file = ../../../secrets/systems/${config.networking.hostName}/cloudflareApiKey.age;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "[email protected]";
+      dnsProvider = "cloudflare";
+      credentialsFile = config.age.secrets.cloudflareApiKey.path;
+    };
+  };
+}
diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix
new file mode 100644
index 0000000..1f759ec
--- /dev/null
+++ b/modules/nixos/server/default.nix
@@ -0,0 +1,39 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: {
+  imports = [
+    ./acme.nix
+    ./secrets.nix
+  ];
+
+  _module.args.unstable = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system};
+
+  documentation = {
+    enable = false;
+
+    man = {
+      enable = false;
+      man-db.enable = false;
+    };
+
+    nixos.enable = false;
+    dev.enable = false;
+  };
+
+  environment.defaultPackages = lib.mkForce [];
+
+  nix = {
+    gc = {
+      dates = "*-*-1,5,9,13,17,21,25,29 00:00:00";
+      options = "-d --delete-older-than 2d";
+    };
+
+    settings.allowed-users = [config.networking.hostName];
+  };
+
+  security.pam.enableSSHAgentAuth = true;
+}
diff --git a/modules/nixos/server/secrets.nix b/modules/nixos/server/secrets.nix
new file mode 100644
index 0000000..e435690
--- /dev/null
+++ b/modules/nixos/server/secrets.nix
@@ -0,0 +1,12 @@
+{config, ...}: {
+  age = let
+    baseDir = ../../../secrets/systems/${config.networking.hostName};
+  in {
+    identityPaths = ["/etc/age/key"];
+
+    secrets = {
+      rootPassword.file = "${baseDir}/rootPassword.age";
+      userPassword.file = "${baseDir}/userPassword.age";
+    };
+  };
+}