samfelag/hosts/thingvellir/default.nix

{ config, pkgs, lib, inputs, ... }:

with lib;
{
  imports = [
    ./hardware.nix
    ./secrets.nix
  ];

  # - Basic --------------------------------------

  user.name = "marc";
  user.shell = pkgs.zsh;
  networking = {
    hostName = "thingvellir";
    firewall = {
      enable = false;
      allowedUDPPorts = [
        53      # DNS (pihole + unbound)
        8600    # Consul DNS
       ];
    };
  };

  # - Bootloader ---------------------------------

  boot.loader.grub = {
    enable = true;
    device = "/dev/vda";
  };

  # - Agenix ---------------------------------

  age.identityPaths = [
    "/home/marc/.ssh/id_ed25519"
  ];

  # - Modules ------------------------------------

  samfelag.modules = {
    # - Common -----------------------------------
    # See modules/common.nix for common packages installed

    # - System -----------------------------------
    system.utils.enable = true;
    system.gpg.enable = true;
    system.pass.enable = true;
    system.ssh.enable = true;
    system.sshfs.enable = true;

    # - Server ----------------------------------
    server.consul = {
      enable = true;
      server = true;
      agent-token = config.age.secrets."consul.d/agent-token-thingvellir.json".path;
      server-cert = config.age.secrets."consul.d/samfelag-server-thingvellir.pem".path;
      server-cert-key = config.age.secrets."consul.d/samfelag-server-thingvellir-key.pem".path;
    };
    server.nomad = {
      enable = true;
      server = true;
      host-config = ../../config/nomad.d/host-thingvellir.hcl;
    };

    # - Editors and development ------------------
    dev.git.userName = "marc";
    dev.git.userEmail = "marc@sastre.cat";

    dev.docker.enable = true;
    dev.docker.users = ["marc"];
  };
}