]> Git — Sourcephile - sourcephile-nix.git/blob - install/logical/friot.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
nixops: add mermet
[sourcephile-nix.git] / install / logical / friot.nix
1 {pkgs, lib, config, system, ...}:
2 let inherit (builtins.extraBuiltins) pass;
3 inherit (lib) types;
4 inherit (config) networking;
5 inherit (config.services) dovecot2;
6 userPass = name: pass "${networking.domainBase}/${networking.hostName}/login/${name}";
7 in {
8 imports = [
9 <nixpkgs-sourcephile/install/modules.nix>
10 ../options.nix
11 ../overlays/tools/networking/shorewall/service.nix
12 ../overlays/tools/networking/shorewall6/service.nix
13 ../overlays/servers/mail/rspamd/service.nix
14 friot/dovecot.nix
15 friot/gitolite.nix
16 friot/nginx.nix
17 friot/nsd.nix
18 friot/postfix.nix
19 friot/postgrey.nix
20 friot/postgresql.nix
21 #friot/rmilter.nix
22 friot/rspamd.nix
23 #friot/redmine.nix
24 friot/shorewall.nix
25 friot/openldap.nix
26 #friot/discourse.nix
27 ];
28 config = {
29 nix = {
30 extraOptions = ''
31 auto-optimise-store = true
32 '';
33 gc = {
34 automatic = true;
35 dates = "weekly";
36 options = "--delete-older-than 30d";
37 };
38 };
39
40 nixpkgs = {
41 config = {
42 allowUnfree = false;
43 packageOverrides = pkgs: {
44 postfix = pkgs.postfix.override {
45 withLDAP = true;
46 };
47 };
48 };
49 overlays = import ../overlays.nix;
50 };
51
52 boot = {
53 initrd = {
54 network = {
55 enable = config.deployment.targetEnv != "virtualbox";
56 ssh = {
57 enable = true;
58 authorizedKeys = [ (pass "${networking.domain}/ssh/pub/julm") ];
59 };
60 };
61 };
62 kernel = {
63 sysctl = {
64 "vm.swappiness" = 10;
65 "vm.vfs_cache_pressure" = 50;
66 };
67 };
68 };
69
70 time = {
71 timeZone = "Europe/Paris";
72 };
73
74 i18n = {
75 consoleFont = "Lat2-Terminus16";
76 consoleKeyMap = "fr";
77 defaultLocale = "fr_FR.UTF-8";
78 };
79
80 networking = {
81 domainBase = "sourcephile";
82 domain = "${networking.domainBase}.fr";
83 domainAliases = [
84 #"${networking.domainBase}.coop"
85 ];
86 };
87
88 users = {
89 mutableUsers = false;
90 users = {
91 root.initialPassword = userPass "root";
92 root.password = config.users.users.root.initialPassword;
93 julm = {
94 uid = 1000;
95 extraGroups = [ "sudo" ];
96 description = "Julien Moutinho";
97 home = "/home/julm";
98 shell = lib.mkDefault config.users.defaultUserShell;
99 group = "users"; # FIXME: unknown group
100 initialPassword = userPass "julm";
101 password = config.users.users.julm.initialPassword;
102 };
103 };
104 groups = {
105 julm = {
106 gid = config.users.users.julm.uid;
107 };
108 };
109 };
110
111 documentation.nixos = {
112 enable = false; # NOTE: useless on this machine, and CPU intensive.
113 };
114
115 services = {
116 redis = {
117 enable = true;
118 };
119 disnix = {
120 enable = false;
121 };
122 openssh = {
123 enable = true;
124 extraConfig = ''
125 '';
126 };
127 gitea = {
128 enable = false;
129 };
130 sssd = {
131 enable = false;
132 };
133 dovecot2 = {
134 #debug = true;
135 };
136 journald = {
137 extraConfig = ''
138 SystemMaxUse=50M
139 '';
140 };
141 x509 = {
142 domains =
143 lib.concatMap
144 (dom: map (sub: "${sub}.${dom}")
145 ["www" "git" "mail"])
146 ([networking.domain] ++ networking.domainAliases)
147 ++ networking.domainAliases;
148 };
149 #postfix.aliases = {
150 # "root@${networking.domain}" = [ "test@${networking.domain}" ];
151 # "postmaster@${networking.domain}" = [ "test@${networking.domain}" ];
152 # "abuse@${networking.domain}" = [ "test@${networking.domain}" ];
153 #};
154 #dovecot2.domains = {
155 # "${networking.domain}" = {
156 # accounts = {
157 # julm = {
158 # password = pass "${networking.domain}/mail/julm";
159 # # "${networking.domain}/dovecot2/julm";
160 # # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
161 # aliases = ["julien.moutinho@${networking.domain}"];
162 # quota = "512M";
163 # };
164 # test = {
165 # password = pass "${networking.domain}/mail/test";
166 # # "${networking.domain}/dovecot2/test";
167 # # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
168 # aliases = ["test-alias@${networking.domain}"];
169 # quota = "512M";
170 # };
171 # };
172 # };
173 #};
174 };
175
176 environment = {
177 systemPackages = with pkgs; [
178 htop
179 tree
180 vim
181 tcpdump
182 #mysql
183 #procmail
184 postgrey
185 duplicity
186 pypolicyd-spf
187 unbound
188 dropbear
189 cryptsetup
190 openssl
191 postgresql
192 openldap
193 #mail
194 #sympa
195 multitail
196 dnsutils
197 inetutils
198 binutils
199 mailutils
200 ncdu
201 cgit
202 #sssd
203 #docker
204 #nss_ldap
205 #nss_pam_ldapd
206 tmux
207 socat
208 users-init
209 which
210 ];
211 etc."inputrc".text = ''
212 # /etc/inputrc - global inputrc for libreadline
213 # See readline(3readline) and `info rluserman' for more information.
214
215 # Be 8 bit clean.
216 set input-meta on
217 set output-meta on
218
219 # To allow the use of 8bit-characters like the german umlauts, uncomment
220 # the line below. However this makes the meta key not work as a meta key,
221 # which is annoying to those which don't need to type in 8-bit characters.
222
223 # set convert-meta off
224
225 # try to enable the application keypad when it is called. Some systems
226 # need this to enable the arrow keys.
227 # set enable-keypad on
228
229 # see /usr/share/doc/bash/inputrc.arrows for other codes of arrow keys
230
231 # do not bell on tab-completion
232 # set bell-style none
233 # set bell-style visible
234
235 # some defaults / modifications for the emacs mode
236 $if mode=emacs
237
238 # allow the use of the Home/End keys
239 "\e[1~": beginning-of-line
240 "\e[4~": end-of-line
241
242 # allow the use of the Delete/Insert keys
243 "\e[3~": delete-char
244 "\e[2~": quoted-insert
245
246 # mappings for "page up" and "page down" to step to the beginning/end
247 # of the history
248 # "\e[5~": beginning-of-history
249 # "\e[6~": end-of-history
250
251 # alternate mappings for "page up" and "page down" to search the history
252 # "\e[5~": history-search-backward
253 # "\e[6~": history-search-forward
254
255 # mappings for Ctrl-left-arrow and Ctrl-right-arrow for word moving
256 "\e[1;5C": forward-word
257 "\e[1;5D": backward-word
258 "\e[5C": forward-word
259 "\e[5D": backward-word
260 "\e\e[C": forward-word
261 "\e\e[D": backward-word
262
263 $if term=rxvt
264 "\e[7~": beginning-of-line
265 "\e[8~": end-of-line
266 "\eOc": forward-word
267 "\eOd": backward-word
268 $endif
269
270 # for non RH/Debian xterm, can't hurt for RH/Debian xterm
271 # "\eOH": beginning-of-line
272 # "\eOF": end-of-line
273
274 # for freebsd console
275 # "\e[H": beginning-of-line
276 # "\e[F": end-of-line
277
278 $endif
279 '';
280 };
281
282 programs = {
283 bash = {
284 interactiveShellInit = ''
285 bind '"\e[A":history-search-backward'
286 bind '"\e[B":history-search-forward'
287
288 # Ignore duplicate commands, ignore commands starting with a space
289 export HISTCONTROL=erasedups:ignorespace
290 export HISTSIZE=42000
291 # Append to the history instead of overwriting (good for multiple connections)
292 shopt -s histappend
293 '';
294 shellAliases = {
295 cl = "clear";
296 l = "ls -alh";
297 ll = "ls -l";
298 ls = "ls --color=tty";
299
300 s="sudo systemctl";
301 s-u="systemctl --user";
302
303 nix-clean="sudo nix-collect-garbage -d";
304 nix-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
305 nix-rollback="sudo nixos-rebuild switch --rollback";
306 nix-update="sudo nix-channel --update";
307 nix-upgrade="sudo nixos-rebuild switch";
308 nix-upstream="sudo nix-channel --list";
309 nix-config="gvim ~/.config/nixos/*.nix";
310 };
311 };
312
313 /*
314 dconf.enable = true;
315
316 gnupg.agent = {
317 enable = true;
318 enableSSHSupport = true;
319 };
320 */
321
322 mtr.enable = true;
323 };
324 };
325 }
NixOS configurations for Sourcephile's infrastructure