Artificer NixOS host: init, configure docker

2025-01-23 22:48:53 -08:00 · 2025-01-23 22:48:53 -08:00 · 44d2847778
commit 44d2847778
parent be68f6252b
3 changed files with 81 additions and 0 deletions
--- a/dotfiles/flake.nix
+++ b/dotfiles/flake.nix
@ -34,6 +34,8 @@
    home-manager,
    nixgl,
    ghostty,
+    deploy-rs,
+    self, 
    ...
  }:
  let
@ -166,6 +168,42 @@
        inherit system pkgs;
        specialArgs = { inherit sys; };
      };
+      artificer = let 
+        sys = {
+          username = "admin";
+        };
+        system = "x86_64-linux";
+        pkgs = import inputs.nixpkgs {
+          inherit system;
+          config = { allowUnfreePredicate = (_: true); };
+        };
+      in nixpkgs.lib.nixosSystem {
+        modules = [
+          ./systems/artificer/configuration.nix
+        ];
+        inherit system pkgs;
+        specialArgs = { inherit sys; };
+      };
    };
+    deploy = {
+      nodes = {
+        artificer = {
+          hostname = "143.198.68.202";
+          profilesOrder = [ "system" ];
+          profiles.system = {
+            user = "root";
+            sshUser = "admin";
+            path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.artificer;
+          };
+        };
+      };
+      fastConnection = true;
+      interactiveSudo = false;
+      autoRollback = true;
+      magicRollback = true;
+      remoteBuild = true;
+      confirmTimeout = 60;
+    };
+    checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
  };
 }
--- a/dotfiles/systems/artificer/configuration.nix
+++ b/dotfiles/systems/artificer/configuration.nix
@ -0,0 +1,34 @@
+{ pkgs, sys, ... }: {
+  system.stateVersion = "24.11";
+  environment.systemPackages = with pkgs; [
+    git
+  ];
+  users.users."${sys.username}" = {
+    isNormalUser = true;
+    extraGroups = [ "networkmanager" "wheel" ];
+    description = "${sys.username}";
+    openssh.authorizedKeys.keys = let
+      authorizedKeys = pkgs.fetchurl {
+        url = "https://github.com/Jafner.keys";
+        sha256 = "1i3Vs6mPPl965g3sRmbXGzx6zQBs5geBCgNx2zfpjF4=";
+      }; in pkgs.lib.splitString "\n" (builtins.readFile authorizedKeys);
+  };
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+  };
+  security.sudo = {
+    enable = true;
+    extraRules = [{
+      commands = [
+        {
+          command = "ALL";
+          options = [ "NOPASSWD" ];
+        }
+      ];
+      groups = [ "wheel" ];
+    }];
+  };
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+}
--- a/dotfiles/systems/artificer/docker.nix
+++ b/dotfiles/systems/artificer/docker.nix
@ -0,0 +1,9 @@
+{ pkgs, sys, ... }: {
+  virtualisation.docker = {
+    enable = true;
+    rootless.enable = true;
+    rootless.setSocketVariable = true;
+  };
+  users.users.${sys.username}.extraGroups = [ "docker" ];
+  environment.systemPackages = [ pkgs.docker-compose ];
+}