Lebesque Configuration.

2025-02-03 13:00:31 -06:00 · 2025-02-03 13:00:31 -06:00 · 859556d0e6
commit 859556d0e6
parent b2595f1936
18 changed files with 386 additions and 50 deletions
--- a/nixos/common/caddy.nix
+++ b/nixos/common/caddy.nix
@ -1,6 +1,7 @@
 {
  config,
  lib,
+  ...
 }: let
  inherit (lib) mkIf mkEnableOption;
  cfg = config.foehammer.caddy;
--- a/nixos/common/nixos.nix
+++ b/nixos/common/nixos.nix
@ -2,6 +2,7 @@
  config,
  lib,
  pkgs,
+  ...
 }: let
  inherit (lib) mkIf;
 in {
--- a/nixos/common/services/vaultwarden.nix
+++ b/nixos/common/services/vaultwarden.nix
@ -2,6 +2,7 @@
  config,
  lib,
  pkgs,
+  ...
 }: let
  inherit (lib) mkEnableOption mkIf mkOption;

@ -32,21 +33,23 @@ in {
    };
  };

-  config.services.vaultwarden = mkIf cfg.enable {
-    enable = true;
+  config = mkIf cfg.enable {
+    services.vaultwarden = {
+      enable = true;

-    config = {
-      ROCKET_ADDRESS = "127.0.0.1";
-      ROCKET_PORT = cfg.port;
-      DOMAIN = cfg.domain;
-      ROCKET_LOG = "critical";
-      SIGNUPS_ALLOWED = cfg.signups;
+      config = {
+        ROCKET_ADDRESS = "127.0.0.1";
+        ROCKET_PORT = cfg.port;
+        DOMAIN = cfg.domain;
+        ROCKET_LOG = "critical";
+        SIGNUPS_ALLOWED = cfg.signups;
+      };
+
+      environmentFile = cfg.envPath;
    };

    foehammer.backups.paths = [
      "/var/lib/bitwarden_rs"
    ];
-
-    environmentFile = cfg.envPath;
  };
 }
--- a/nixos/common/sudo.nix
+++ b/nixos/common/sudo.nix
@ -0,0 +1,7 @@
+{...}: {
+  security.sudo = {
+    enable = true;
+    execWheelOnly = true;
+    wheelNeedsPassword = false;
+  };
+}
--- a/nixos/common/users/admin.nix
+++ b/nixos/common/users/admin.nix
@ -4,10 +4,16 @@
  foelib,
  ...
 }: let
-  inherit (lib) mkIf mkEnableOption optionals;
+  inherit (lib) mkIf mkOption mkEnableOption optionals types;
  cfg = config.foehammer.users.admin;
 in {
-  options.foehammer.users.admin.enable = mkEnableOption "Enable a wheel admin user.";
+  options.foehammer.users.admin = {
+    enable = mkEnableOption "Enable a wheel admin user.";
+    hashedPasswordFile = mkOption {
+      type = with types; nullOr str;
+      default = null;
+    };
+  };
  config = mkIf cfg.enable {
    users.users.admin = {
      createHome = true;
@ -19,6 +25,8 @@ in {
      uid = 9999;

      openssh.authorizedKeys.keys = foelib.getSSHKeys "foehammer";
+
+      hashedPasswordFile = cfg.hashedPasswordFile;
    };

    users.groups.admin.gid = config.users.users.admin.uid;