From 7058185beb837582463e1fa3da57b9dc5a525b1c Mon Sep 17 00:00:00 2001 From: TheWanderingCrow Date: Sat, 21 Sep 2024 18:29:48 -0400 Subject: [PATCH] Prepare for hashicorp vault --- hosts/Parzival-Mobile/default.nix | 1 - hosts/WCE-Vault/default.nix | 10 ++++++++++ modules/core.nix | 8 +++++++- modules/users/default.nix | 1 + modules/users/vault/default.nix | 5 +++++ modules/users/vault/user.nix | 7 +++++++ modules/vault/default.nix | 11 +++++++++++ 7 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 hosts/WCE-Vault/default.nix create mode 100644 modules/users/vault/default.nix create mode 100644 modules/users/vault/user.nix create mode 100644 modules/vault/default.nix diff --git a/hosts/Parzival-Mobile/default.nix b/hosts/Parzival-Mobile/default.nix index 78713e4..a5b4183 100644 --- a/hosts/Parzival-Mobile/default.nix +++ b/hosts/Parzival-Mobile/default.nix @@ -4,7 +4,6 @@ ../../modules ]; - i3.enable = true; hyprland.enable = true; packages.mudding.enable = true; networking.hostName = "Parzival-Mobile"; diff --git a/hosts/WCE-Vault/default.nix b/hosts/WCE-Vault/default.nix new file mode 100644 index 0000000..b9fcbe2 --- /dev/null +++ b/hosts/WCE-Vault/default.nix @@ -0,0 +1,10 @@ +{config, pkgs, ...}:{ + imports = [ + ./hardware-configuration.nix + ../../modules + ]; + + networking.hostName = "WCE-Vault"; + gui.enable = false; + programming.enable = false; +} diff --git a/modules/core.nix b/modules/core.nix index 9c7a92c..c2a2a96 100644 --- a/modules/core.nix +++ b/modules/core.nix @@ -23,13 +23,16 @@ enable = lib.mkEnableOption "enable crow"; home.enable = lib.mkEnableOption "enable home configuration"; }; + vault = { + enable = lib.mkEnableOption "enable vault"; + }; }; }; config = { system.stateVersion = "24.05"; time.timeZone = "America/New_York"; - nix.settings.experimental-features = ["flakes" "nix-command"]; + nix.settings.experimental-features = ["flakes" "nix-command"]; users = { enable = lib.mkDefault true; @@ -37,6 +40,9 @@ enable = lib.mkDefault true; home.enable = lib.mkDefault true; }; + vault = { + enable = lib.mkDefault false; + }; }; fonts.packages = with pkgs; [ diff --git a/modules/users/default.nix b/modules/users/default.nix index e485bdb..766afbe 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -1,6 +1,7 @@ {config, ...}: { imports = [ ./crow + ./vault ]; config.home-manager = { diff --git a/modules/users/vault/default.nix b/modules/users/vault/default.nix new file mode 100644 index 0000000..9712fa4 --- /dev/null +++ b/modules/users/vault/default.nix @@ -0,0 +1,5 @@ +{lib, config, ...}: { + imports = [ + ./user.nix + ]; +} diff --git a/modules/users/vault/user.nix b/modules/users/vault/user.nix new file mode 100644 index 0000000..214cb90 --- /dev/null +++ b/modules/users/vault/user.nix @@ -0,0 +1,7 @@ +{ lib, config, ...}: { + config.users.users.vault = lib.mkIf config.users.vault.enable { + isNormalUser = true; + initialPassword = "changeme"; + extraGroups = []; + }; +} diff --git a/modules/vault/default.nix b/modules/vault/default.nix new file mode 100644 index 0000000..550abf2 --- /dev/null +++ b/modules/vault/default.nix @@ -0,0 +1,11 @@ +{ inputs, pkgs, lib, config, ...}: { + + options.vault.enable = lib.mkEnableOption "enables hashicorp vault services"; + + config = { + services.vault = lib.mkIf config.vault.enable { + enable = true; + address = "localhost:8200"; + }; + }; +}