summaryrefslogtreecommitdiff
path: root/modules/nixos/profiles
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos/profiles')
-rw-r--r--modules/nixos/profiles/personal.nix5
-rw-r--r--modules/nixos/profiles/server.nix21
2 files changed, 20 insertions, 6 deletions
diff --git a/modules/nixos/profiles/personal.nix b/modules/nixos/profiles/personal.nix
index 4d1c784..fd59a27 100644
--- a/modules/nixos/profiles/personal.nix
+++ b/modules/nixos/profiles/personal.nix
@@ -15,6 +15,10 @@ in
};
config = lib.mkIf cfg.enable {
+ services = {
+ tailscale.enable = true;
+ };
+
traits = {
home-manager.enable = true;
@@ -22,7 +26,6 @@ in
enable = true;
secretsDir = inputs.self + "/secrets/personal";
};
- tailscale.enable = true;
users = {
seth.enable = true;
diff --git a/modules/nixos/profiles/server.nix b/modules/nixos/profiles/server.nix
index 373dc5d..d1c54c1 100644
--- a/modules/nixos/profiles/server.nix
+++ b/modules/nixos/profiles/server.nix
@@ -1,6 +1,7 @@
{
config,
lib,
+ secretsDir,
inputs',
...
}:
@@ -27,6 +28,10 @@ in
# All servers are most likely on stable, so we want to pull in some newer packages from time to time
_module.args.unstable = inputs'.nixpkgs.legacyPackages;
+ age.secrets = {
+ tailscaleAuthKey.file = "${secretsDir}/tailscaleAuthKey.age";
+ };
+
boot.tmp.cleanOnBoot = lib.mkDefault true;
# We don't need it here
@@ -43,16 +48,22 @@ in
];
};
- services.comin.enable = true;
+ services = {
+ comin.enable = true;
- traits = {
- secrets.enable = true;
tailscale = {
enable = true;
- ssh.enable = true;
+
+ authKeyFile = config.age.secrets.tailscaleAuthKey.path;
+ extraUpFlags = [ "--ssh" ];
};
- zram.enable = true;
};
+
+ traits = {
+ secrets.enable = true;
+ };
+
+ zramSwap.enable = true;
}
(lib.mkIf cfg.hostUser {
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 14:59:47 +0000