chore: initialized project

2026-02-27 17:03:35 +01:00 · 2026-02-27 17:03:35 +01:00 · d79fe97b7e
commit d79fe97b7e
24 changed files with 786 additions and 0 deletions
--- a/roles/device/default.nix
+++ b/roles/device/default.nix
@ -0,0 +1,11 @@
+{ inputs, ... }:
+{
+  imports = [
+    inputs.disko.nixosModules.disko
+    ./firewall.nix
+    ./secrets.nix
+    ./sudo.nix
+    ./users.nix
+  ]
+  ++ import ../../modules/top-level.nix;
+}
--- a/roles/device/firewall.nix
+++ b/roles/device/firewall.nix
@ -0,0 +1,3 @@
+{
+  networking.firewall.enable = true;
+}
--- a/roles/device/secrets.nix
+++ b/roles/device/secrets.nix
@ -0,0 +1,14 @@
+{
+  inputs,
+  config,
+  lib,
+  ...
+}:
+let
+  hostSecretsFile = ../../systems + "${config.networking.hostName}/secrets.yaml";
+in
+{
+  imports = [ inputs.sops-nix.nixosModules.sops ];
+
+  sops.defaultSopsFile = lib.mkIf (builtins.pathExists hostSecretsFile) hostSecretsFile;
+}
--- a/roles/device/sudo.nix
+++ b/roles/device/sudo.nix
@ -0,0 +1,6 @@
+{
+  security.sudo = {
+    enable = true;
+    wheelNeedsPassword = false;
+  };
+}
--- a/roles/device/users.nix
+++ b/roles/device/users.nix
@ -0,0 +1,5 @@
+{
+  imports = [
+    ../../users/bddvlpr.nix
+  ];
+}