servers/losurdo/configuration.nix

   1 # This is the root configuration of the target machine.
   2 # Usable by nixos-install and used by nixops.
   3 # It is NOT copied nor usable on the target machine,
   4 # only the resulting closure is copied to the target machine.
   5 { pkgs, lib, config, options, ... }@attrs:
   6 let
   7   inherit (builtins) getEnv hasAttr readFile;
   8   inherit (builtins.extraBuiltins) pass pass-chomp;
   9 in
  10 {
  11 # This value determines the NixOS release with which your system is to be
  12 # compatible, in order to avoid breaking some software such as database servers.
  13 # You should change this only after NixOS release notes say you should.
  14 system.stateVersion = "19.09"; # Did you read the comment?
  15
  16 nix = {
  17   trustedUsers = [ "julm" ];
  18 };
  19
  20 imports = [
  21   (./. + ("/" + getEnv "LOSURDO_DEPLOYMENT" + ".nix"))
  22   ../../defaults.nix
  23   ../../base/unbound.nix
  24 ] ++ lib.optionals (! hasAttr "nodes" attrs) [
  25   <nixops/share/nix/nixops/options.nix>
  26   <nixops/share/nix/nixops/resource.nix>
  27 ];
  28
  29 networking = rec {
  30   hostName   = "losurdo";
  31   domainBase = "sourcephile";
  32   domain     = "${domainBase}.fr";
  33 };
  34
  35 /*
  36 environment.etc."sudo.conf".text = ''
  37   Debug sudo /var/log/sudo_debug.log all@debug
  38   Debug sudoers.so /var/log/sudo_debug.log all@debug
  39 '';
  40 */
  41
  42 users = {
  43   mutableUsers = false;
  44   users = {
  45     root = {
  46       openssh.authorizedKeys.keys = [
  47         (readFile ../../../sec/ssh/julm.pub)
  48         (readFile ../../../sec/ssh/julm-mob.pub)
  49       ];
  50     };
  51     julm = {
  52       uid = 1000;
  53       hashedPassword = pass-chomp "servers/losurdo/login/julm/hashedPassword";
  54       isNormalUser = true;
  55       openssh.authorizedKeys.keys = [
  56         (readFile ../../../sec/ssh/julm.pub)
  57         (readFile ../../../sec/ssh/julm-mob.pub)
  58         #(readFile ../../../sec/ssh/julm-losurdo.pub)
  59       ];
  60     };
  61   };
  62   groups = {
  63     wheel = {
  64       members = [ "julm" ];
  65     };
  66     julm = {
  67       members = [ "julm" ];
  68       gid = 1000;
  69     };
  70   };
  71 };
  72
  73 systemd.coredump.enable = true;
  74
  75 environment = {
  76   enableDebugInfo = true;
  77   systemPackages = with pkgs; [
  78     cryptsetup
  79     direnv
  80     file
  81     fio
  82     gdb
  83     git
  84     gptfdisk
  85     #hey
  86     home-manager
  87     lm_sensors
  88     rsync
  89     smartctl-tbw
  90     socat
  91   ];
  92 };
  93 }