]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet.nix
direnv: fix gpg keyserver
[sourcephile-nix.git] / servers / mermet.nix
1 # This is the root configuration of the target machine.
2 # Usable by nixos-install and used by nixops.
3 # It is NOT copied nor usable on the target machine,
4 # only the resulting closure is copied to the target machine.
5 { pkgs, lib, config, options, ... }:
6 let
7 inherit (builtins) readFile;
8 inherit (builtins.extraBuiltins) pass pass-chomp;
9 in
10 {
11 # This value determines the NixOS release with which your system is to be
12 # compatible, in order to avoid breaking some software such as database servers.
13 # You should change this only after NixOS release notes say you should.
14 system.stateVersion = "19.09"; # Did you read the comment?
15
16 nix = {
17 trustedUsers = [ "julm" ];
18 };
19
20 nixpkgs.overlays = import ../overlays.nix;
21
22 imports =
23 [ ../nixos/defaults.nix
24 mermet/unbound.nix
25 #mermet/nsd.nix
26 mermet/knot.nix
27 mermet/openldap.nix
28 mermet/gitolite.nix
29 mermet/nginx.nix
30 mermet/postfix.nix
31 mermet/dovecot.nix
32 mermet/redis.nix
33 mermet/rspamd.nix
34 ];
35
36 networking = rec {
37 hostName = "mermet";
38 domainBase = "sourcephile";
39 domain = "${domainBase}.fr";
40 };
41
42 /*
43 environment.etc."sudo.conf".text = ''
44 Debug sudo /var/log/sudo_debug.log all@debug
45 Debug sudoers.so /var/log/sudo_debug.log all@debug
46 '';
47 */
48
49 users = {
50 mutableUsers = false;
51 users = {
52 root = {
53 openssh.authorizedKeys.keys = [
54 (readFile ../../sec/ssh/julm.pub)
55 (readFile ../../sec/ssh/julm-mob.pub)
56 ];
57 };
58 julm = {
59 uid = 1000;
60 hashedPassword = pass-chomp "servers/mermet/login/julm/hashedPassword";
61 isNormalUser = true;
62 openssh.authorizedKeys.keys = [
63 (readFile ../../sec/ssh/julm.pub)
64 (readFile ../../sec/ssh/julm-mob.pub)
65 (readFile ../../sec/ssh/julm-mermet.pub)
66 ];
67 };
68 };
69 groups = {
70 wheel = {
71 members = [ "julm" ];
72 };
73 julm = {
74 members = [ "julm" ];
75 gid = 1000;
76 };
77 };
78 };
79
80 programs = {
81 mosh.enable = true;
82 };
83
84 systemd.coredump.enable = true;
85
86 environment = {
87 enableDebugInfo = true;
88 systemPackages = with pkgs; [
89 cryptsetup
90 direnv
91 file
92 fio
93 gdb
94 git
95 gptfdisk
96 #hey
97 lm_sensors
98 rsync
99 smartctl-tbw
100 socat
101 ];
102 };
103 }