refactor

2025-12-20 21:55:03 +00:00
parent 4850d85030
commit cac332c6fb
20 changed files with 230 additions and 203 deletions
--- a/hosts/mindy/default.nix
+++ b/hosts/mindy/default.nix
@@ -11,6 +11,9 @@
 		(modulesPath + "/profiles/qemu-guest.nix")
 		./disk-config.nix
 		./hardware-configuration.nix
+		./openssh.nix
+		./pgbackrest.nix
+		./secrets.nix
 		../../modules/pgbackrest.nix
 		../../profiles/core.nix
 		../../profiles/fail2ban.nix
@@ -21,19 +24,6 @@
 		inputs.sops-nix.nixosModules.sops
 	];

-	sops.secrets.mindy-pgbackrest = {
-		sopsFile = ../../secrets/mindy-pgbackrest;
-		format = "binary";
-		owner = "postgres";
-		group = "postgres";
-	};
-
-	my.pgbackrest = {
-		enable = true;
-		secretFile = "/run/secrets/mindy-pgbackrest";
-		s3.bucket = "mindy-pgbackrest";
-	};
-
 	home-manager.users.${user} = {
 		pkgs,
 		lib,
@@ -61,14 +51,6 @@
 		];
 	};

-	services.openssh = {
-		enable = true;
-		settings = {
-			PermitRootLogin = "yes";
-			PasswordAuthentication = false;
-		};
-	};
-
 	virtualisation.docker.enable = true;

 	networking.hostName = hostname;
--- a/hosts/mindy/openssh.nix
+++ b/hosts/mindy/openssh.nix
@@ -0,0 +1,9 @@
+{...}: {
+	services.openssh = {
+		enable = true;
+		settings = {
+			PermitRootLogin = "yes";
+			PasswordAuthentication = false;
+		};
+	};
+}
--- a/hosts/mindy/pgbackrest.nix
+++ b/hosts/mindy/pgbackrest.nix
@@ -0,0 +1,7 @@
+{...}: {
+	my.pgbackrest = {
+		enable = true;
+		secretFile = "/run/secrets/mindy-pgbackrest";
+		s3.bucket = "mindy-pgbackrest";
+	};
+}
--- a/hosts/mindy/secrets.nix
+++ b/hosts/mindy/secrets.nix
@@ -0,0 +1,8 @@
+{...}: {
+	sops.secrets.mindy-pgbackrest = {
+		sopsFile = ../../secrets/mindy-pgbackrest;
+		format = "binary";
+		owner = "postgres";
+		group = "postgres";
+	};
+}