]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/configuration.nix
openldap: no SHA2 anor PBKDF2 password modules by default
[sourcephile-nix.git] / servers / mermet / configuration.nix
1 # This is the root configuration of the target machine.
2 # Usable by nixos-install and used by nixops.
3 # It is NOT copied nor usable on the target machine,
4 # only the resulting closure is copied to the target machine.
5 { pkgs, lib, config, options, ... }@attrs:
6 let
7 inherit (builtins) getEnv hasAttr readFile;
8 inherit (builtins.extraBuiltins) pass pass-chomp;
9 in
10 {
11 # This value determines the NixOS release with which your system is to be
12 # compatible, in order to avoid breaking some software such as database servers.
13 # You should change this only after NixOS release notes say you should.
14 system.stateVersion = "19.09"; # Did you read the comment?
15
16 nix = {
17 trustedUsers = [ "julm" ];
18 };
19
20 imports = [
21 (./. + ("/" + getEnv "MERMET_DEPLOYMENT" + ".nix"))
22 ../../defaults.nix
23 ../../base/unbound.nix
24 #./nsd.nix
25 ./knot.nix
26 ./openldap.nix
27 ./gitolite.nix
28 ./nginx.nix
29 ./postfix.nix
30 ./dovecot.nix
31 ./redis.nix
32 ./rspamd.nix
33 ] ++ lib.optional (hasAttr "nodes" attrs) (pkgs.nixops + "/share/nix/nixops/options.nix");
34
35 networking = rec {
36 hostName = "mermet";
37 domainBase = "sourcephile";
38 domain = "${domainBase}.fr";
39 };
40
41 /*
42 environment.etc."sudo.conf".text = ''
43 Debug sudo /var/log/sudo_debug.log all@debug
44 Debug sudoers.so /var/log/sudo_debug.log all@debug
45 '';
46 */
47
48 users = {
49 mutableUsers = false;
50 users = {
51 root = {
52 openssh.authorizedKeys.keys = [
53 (readFile ../../../sec/ssh/julm.pub)
54 (readFile ../../../sec/ssh/julm-mob.pub)
55 (readFile ../../../sec/ssh/losurdo/root/ssh/id_ed25519.pub)
56 ];
57 };
58 julm = {
59 uid = 1000;
60 hashedPassword = pass-chomp "servers/mermet/login/julm/hashedPassword";
61 isNormalUser = true;
62 openssh.authorizedKeys.keys = [
63 (readFile ../../../sec/ssh/julm.pub)
64 (readFile ../../../sec/ssh/julm-mob.pub)
65 (readFile ../../../sec/ssh/julm-mermet.pub)
66 ];
67 };
68 };
69 groups = {
70 wheel = {
71 members = [ "julm" ];
72 };
73 julm = {
74 members = [ "julm" ];
75 gid = 1000;
76 };
77 };
78 };
79
80 systemd.coredump.enable = true;
81
82 environment = {
83 enableDebugInfo = true;
84 systemPackages = with pkgs; [
85 cryptsetup
86 direnv
87 file
88 fio
89 gdb
90 git
91 gptfdisk
92 #hey
93 home-manager
94 lm_sensors
95 rsync
96 smartctl-tbw
97 socat
98 thttpd
99 ];
100 };
101 }