]> Git — Sourcephile - sourcephile-nix.git/blob - servers/losurdo/configuration.nix
nginx: covid19: fix access_log
[sourcephile-nix.git] / servers / losurdo / configuration.nix
1 # This is the root configuration of the target machine.
2 # Usable by nixos-install and used by nixops.
3 # It is NOT copied nor usable on the target machine,
4 # only the resulting closure is copied to the target machine.
5 { pkgs, lib, config, options, ... }@attrs:
6 let
7 inherit (builtins) getEnv hasAttr readFile;
8 inherit (builtins.extraBuiltins) pass pass-chomp;
9 inherit (config.users) users;
10 in
11 {
12 # This value determines the NixOS release with which your system is to be
13 # compatible, in order to avoid breaking some software such as database servers.
14 # You should change this only after NixOS release notes say you should.
15 system.stateVersion = "19.09"; # Did you read the comment?
16
17 nix = {
18 trustedUsers = [ users."julm".name ];
19 };
20
21 imports = [
22 (./. + ("/" + getEnv "LOSURDO_DEPLOYMENT" + ".nix"))
23 ../../defaults.nix
24 ../../base/unbound.nix
25 ] ++ lib.optionals (! hasAttr "nodes" attrs) [
26 <nixops/options.nix>
27 <nixops/resource.nix>
28 ];
29
30 networking = rec {
31 hostName = "losurdo";
32 domainBase = "sourcephile";
33 domain = "${domainBase}.fr";
34 };
35
36 /*
37 environment.etc."sudo.conf".text = ''
38 Debug sudo /var/log/sudo_debug.log all@debug
39 Debug sudoers.so /var/log/sudo_debug.log all@debug
40 '';
41 */
42
43 users = {
44 mutableUsers = false;
45 users = {
46 root = {
47 openssh.authorizedKeys.keys = [
48 (readFile ../../../sec/ssh/julm.pub)
49 (readFile ../../../sec/ssh/julm-mob.pub)
50 ];
51 };
52 julm = {
53 uid = 1000;
54 hashedPassword = pass-chomp "servers/losurdo/login/julm/hashedPassword";
55 isNormalUser = true;
56 openssh.authorizedKeys.keys = [
57 (readFile ../../../sec/ssh/julm.pub)
58 (readFile ../../../sec/ssh/julm-mob.pub)
59 #(readFile ../../../sec/ssh/julm-losurdo.pub)
60 ];
61 };
62 };
63 groups = {
64 wheel = {
65 members = [ users."julm".name ];
66 };
67 julm = {
68 members = [ users."julm".name ];
69 gid = 1000;
70 };
71 };
72 };
73
74 systemd.coredump.enable = true;
75
76 environment = {
77 enableDebugInfo = true;
78 systemPackages = with pkgs; [
79 cryptsetup
80 direnv
81 file
82 fio
83 gdb
84 git
85 gptfdisk
86 #hey
87 home-manager
88 lm_sensors
89 rsync
90 smartctl-tbw
91 socat
92 sanoid
93 ];
94 };
95 }