titaniumtown/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fae5ee8a47ac3b237d4fdd2f5cb85129c7af9045
nixos/site-config.nix
Simon Gardling 7721c9d3a2
Some checks failed
Build and Deploy / mreow (push) Successful in 1m58s
Details
Build and Deploy / yarn (push) Successful in 47s
Details
Build and Deploy / muffin (push) Failing after 30s
Details
ssh: remove desktop key
2026-04-23 20:23:37 -04:00

63 lines
2.3 KiB
Nix
Raw Blame History

# Site-wide constants shared across all three hosts and home-manager profiles.
#
# This file is pure data — no package refs, no module config. Import it from
# flake.nix and pass it as the `site_config` specialArg (and extraSpecialArg for
# home-manager). Callers read values; they do not set them.
#
# Adding a value: only add if it's used by ≥2 hosts/modules. Host-specific
# single-use values stay in the host's default.nix. Muffin-only service
# infrastructure (ports, zpool names, hugepage budgets) stays in
# hosts/muffin/service-configs.nix.
rec {
# --- Identity ---
domain = "sigkill.computer";
old_domain = "gardling.com"; # served by muffin via permanent redirect (services/caddy/caddy.nix)
contact_email = "titaniumtown@proton.me";
# All three hosts run on the same timezone. Override per-host via
# lib.mkForce when travelling (see hosts/mreow/default.nix for the pattern).
timezone = "America/New_York";
# --- Binary cache (muffin serves via harmonia, desktops consume) ---
binary_cache = {
url = "https://nix-cache.${domain}";
public_key = "nix-cache.${domain}-1:ONtQC9gUjL+2yNgMWB68NudPySXhyzJ7I3ra56/NPgk=";
};
# --- LAN topology ---
dns_servers = [
"1.1.1.1"
"9.9.9.9"
];
lan = {
cidr = "192.168.1.0/24";
gateway = "192.168.1.1";
};
# Per-host network info. mreow is laptop-on-DHCP so it has no entry.
hosts = {
muffin = {
ip = "192.168.1.50";
# Canonical alias used by deploy.sh, CI workflows, and borg backup target.
# Resolves via /etc/hosts on muffin and the desktops' NetworkManager DNS.
alias = "server-public";
# SSH host key — same key is served for every alias muffin answers to
# (server-public, the IP, git.${domain}, git.${old_domain}).
ssh_host_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFMjgaMnE+zS7tL+m5E7gh9Q9U1zurLdmU0qcmEmaucu";
};
yarn = {
ip = "192.168.1.223";
alias = "desktop";
};
};
# --- SSH pubkeys ---
# One line per key, referenced by name from services/ssh.nix (muffin) and
# hosts/yarn/default.nix. Rotating a key means changing it here, nowhere else.
ssh_keys = {
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH";
ci_deploy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5ZYN6idL/w/mUIfPOH1i+Q/SQXuzAMQUEuWpipx1Pc ci-deploy@muffin";
};
}
Reference in New Issue View Git Blame Copy Permalink