]> Git — Sourcephile - sourcephile-nix.git/blob - servers/losurdo/configuration.nix
openldap: no SHA2 anor PBKDF2 password modules by default
[sourcephile-nix.git] / servers / losurdo / configuration.nix
1 # This is the root configuration of the target machine.
2 # Usable by nixos-install and used by nixops.
3 # It is NOT copied nor usable on the target machine,
4 # only the resulting closure is copied to the target machine.
5 { pkgs, lib, config, options, ... }@attrs:
6 let
7 inherit (builtins) getEnv hasAttr readFile;
8 inherit (builtins.extraBuiltins) pass pass-chomp;
9 inherit (config.users) users;
10 in
11 {
12 # This value determines the NixOS release with which your system is to be
13 # compatible, in order to avoid breaking some software such as database servers.
14 # You should change this only after NixOS release notes say you should.
15 system.stateVersion = "19.09"; # Did you read the comment?
16
17 nix = {
18 trustedUsers = [ users."julm".name ];
19 };
20
21 imports = [
22 (./. + ("/" + getEnv "LOSURDO_DEPLOYMENT" + ".nix"))
23 ../../defaults.nix
24 ../../base/unbound.nix
25 ./transmission.nix
26 ] ++ lib.optionals (! hasAttr "nodes" attrs) [
27 <nixops/options.nix>
28 <nixops/resource.nix>
29 ];
30
31 networking = rec {
32 hostName = "losurdo";
33 domainBase = "sourcephile";
34 domain = "${domainBase}.fr";
35 };
36
37 /*
38 environment.etc."sudo.conf".text = ''
39 Debug sudo /var/log/sudo_debug.log all@debug
40 Debug sudoers.so /var/log/sudo_debug.log all@debug
41 '';
42 */
43
44 users = {
45 mutableUsers = false;
46 users = {
47 root = {
48 openssh.authorizedKeys.keys = [
49 (readFile ../../../sec/ssh/julm.pub)
50 (readFile ../../../sec/ssh/julm-mob.pub)
51 ];
52 };
53 julm = {
54 uid = 1000;
55 hashedPassword = pass-chomp "servers/losurdo/login/julm/hashedPassword";
56 isNormalUser = true;
57 openssh.authorizedKeys.keys = [
58 (readFile ../../../sec/ssh/julm.pub)
59 (readFile ../../../sec/ssh/julm-mob.pub)
60 #(readFile ../../../sec/ssh/julm-losurdo.pub)
61 ];
62 };
63 };
64 groups = {
65 wheel = {
66 members = [ users."julm".name ];
67 };
68 julm = {
69 members = [ users."julm".name ];
70 gid = 1000;
71 };
72 };
73 };
74
75 systemd.coredump.enable = true;
76
77 environment = {
78 enableDebugInfo = true;
79 systemPackages = with pkgs; [
80 cryptsetup
81 direnv
82 file
83 fio
84 gdb
85 git
86 gptfdisk
87 #hey
88 home-manager
89 lm_sensors
90 rsync
91 smartctl-tbw
92 socat
93 sanoid
94 ];
95 };
96 }