]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet.nix
ssh: default to PasswordAuthentification=no
[sourcephile-nix.git] / servers / mermet.nix
1 # This is the root configuration of the target machine.
2 # Usable by nixos-install and used by nixops.
3 # It is NOT copied nor usable on the target machine,
4 # only the resulting closure is copied to the target machine.
5 { pkgs, lib, config, options
6 # NixOps extra module inputs
7 , nodes, name, uuid, resources
8 , ... }:
9 let
10 inherit (builtins) readFile;
11 inherit (builtins.extraBuiltins) pass pass-chomp;
12 in
13 {
14 # This value determines the NixOS release with which your system is to be
15 # compatible, in order to avoid breaking some software such as database servers.
16 # You should change this only after NixOS release notes say you should.
17 system.stateVersion = "19.09"; # Did you read the comment?
18
19 nixpkgs.overlays = import ../overlays.nix;
20
21 imports =
22 [ ../nixos/defaults.nix
23 mermet/apu2e4.nix
24 mermet/zfs.nix
25 mermet/lesptts.nix
26 mermet/shorewall.nix
27 mermet/unbound.nix
28 mermet/nsd.nix
29 mermet/openldap.nix
30 mermet/gitolite.nix
31 mermet/nginx.nix
32 mermet/postfix.nix
33 #mermet/rspamd.nix
34 #mermet/dovecot2.nix
35 ];
36
37 networking = rec {
38 hostName = "mermet";
39 domainBase = "sourcephile";
40 domain = "${domainBase}.fr";
41 };
42
43 users = {
44 mutableUsers = false;
45 users = {
46 root = rec {
47 initialPassword = password;
48 password = pass-chomp "servers/mermet/login/root";
49 openssh.authorizedKeys.keys = [
50 (readFile ../../sec/ssh/julm.pub)
51 (readFile ../../sec/ssh/julm-mob.pub)
52 ];
53 };
54 };
55 groups = {
56 };
57 };
58
59 environment = {
60 systemPackages = with pkgs; [
61 cryptsetup
62 direnv
63 fio
64 git
65 gptfdisk
66 lm_sensors
67 rsync
68 smartctl-tbw
69 socat
70 ];
71 };
72 }