1 {pkgs, lib, config, system, ...}:
2 let inherit (builtins.extraBuiltins) pass;
4 inherit (config) networking;
5 inherit (config.services) dovecot2;
6 userPass = name: pass "${networking.domainBase}/${networking.hostName}/login/${name}";
9 <nixpkgs-plurasoft/install/modules.nix>
10 ../overlays/tools/networking/shorewall/service.nix
11 ../overlays/tools/networking/shorewall6/service.nix
12 ../overlays/servers/mail/rspamd/service.nix
28 enable = lib.mkEnableOption "friot";
29 networking.domainBase = lib.mkOption {
31 description = "Base network name.";
34 networking.domainAliases = lib.mkOption {
35 type = types.listOf types.str;
36 description = "Domain aliases.";
37 example = [ "example.org" "example.net" ];
39 networking.zones = lib.mkOption {
40 type = types.attrsOf (types.submodule ({name, options, config, ...}: {
42 iface = lib.mkOption {
44 description = "Interface name.";
49 description = "Static IPv4 address of the machine.";
54 description = "Static IPv6 address of the machine.";
64 auto-optimise-store = true
69 options = "--delete-older-than 30d";
76 packageOverrides = pkgs: {
77 postfix = pkgs.postfix.override {
82 overlays = import ../overlays.nix;
88 enable = config.deployment.targetEnv != "virtualbox";
91 authorizedKeys = [ (pass "${networking.domain}/ssh/pub/julm") ];
98 "vm.vfs_cache_pressure" = 50;
104 timeZone = "Europe/Paris";
108 consoleFont = "Lat2-Terminus16";
109 consoleKeyMap = "fr";
110 defaultLocale = "fr_FR.UTF-8";
114 domainBase = "plurasoft";
115 domain = "${networking.domainBase}.fr";
118 "${networking.domainBase}.org"
119 "${networking.domainBase}.net"
120 "${networking.domainBase}.coop"
125 mutableUsers = false;
127 root.initialPassword = userPass "root";
128 root.password = config.users.users.root.initialPassword;
131 extraGroups = [ "sudo" ];
132 description = "Julien Moutinho";
134 shell = lib.mkDefault config.users.defaultUserShell;
135 group = "users"; # FIXME: unknown group
136 initialPassword = userPass "julm";
137 password = config.users.users.julm.initialPassword;
142 gid = config.users.users.julm.uid;
147 documentation.nixos = {
148 enable = false; # NOTE: useless on this machine, and CPU intensive.
180 (dom: map (sub: "${sub}.${dom}")
181 ["www" "git" "mail"])
182 ([networking.domain] ++ networking.domainAliases)
183 ++ networking.domainAliases;
186 # "root@${networking.domain}" = [ "test@${networking.domain}" ];
187 # "postmaster@${networking.domain}" = [ "test@${networking.domain}" ];
188 # "abuse@${networking.domain}" = [ "test@${networking.domain}" ];
190 #dovecot2.domains = {
191 # "${networking.domain}" = {
194 # password = pass "${networking.domain}/mail/julm";
195 # # "${networking.domain}/dovecot2/julm";
196 # # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
197 # aliases = ["julien.moutinho@${networking.domain}"];
201 # password = pass "${networking.domain}/mail/test";
202 # # "${networking.domain}/dovecot2/test";
203 # # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
204 # aliases = ["test-alias@${networking.domain}"];
213 systemPackages = with pkgs; [
247 etc."inputrc".text = ''
248 # /etc/inputrc - global inputrc for libreadline
249 # See readline(3readline) and `info rluserman' for more information.
255 # To allow the use of 8bit-characters like the german umlauts, uncomment
256 # the line below. However this makes the meta key not work as a meta key,
257 # which is annoying to those which don't need to type in 8-bit characters.
259 # set convert-meta off
261 # try to enable the application keypad when it is called. Some systems
262 # need this to enable the arrow keys.
263 # set enable-keypad on
265 # see /usr/share/doc/bash/inputrc.arrows for other codes of arrow keys
267 # do not bell on tab-completion
268 # set bell-style none
269 # set bell-style visible
271 # some defaults / modifications for the emacs mode
274 # allow the use of the Home/End keys
275 "\e[1~": beginning-of-line
278 # allow the use of the Delete/Insert keys
280 "\e[2~": quoted-insert
282 # mappings for "page up" and "page down" to step to the beginning/end
284 # "\e[5~": beginning-of-history
285 # "\e[6~": end-of-history
287 # alternate mappings for "page up" and "page down" to search the history
288 # "\e[5~": history-search-backward
289 # "\e[6~": history-search-forward
291 # mappings for Ctrl-left-arrow and Ctrl-right-arrow for word moving
292 "\e[1;5C": forward-word
293 "\e[1;5D": backward-word
294 "\e[5C": forward-word
295 "\e[5D": backward-word
296 "\e\e[C": forward-word
297 "\e\e[D": backward-word
300 "\e[7~": beginning-of-line
303 "\eOd": backward-word
306 # for non RH/Debian xterm, can't hurt for RH/Debian xterm
307 # "\eOH": beginning-of-line
308 # "\eOF": end-of-line
310 # for freebsd console
311 # "\e[H": beginning-of-line
312 # "\e[F": end-of-line
320 interactiveShellInit = ''
321 bind '"\e[A":history-search-backward'
322 bind '"\e[B":history-search-forward'
324 # Ignore duplicate commands, ignore commands starting with a space
325 export HISTCONTROL=erasedups:ignorespace
326 export HISTSIZE=42000
327 # Append to the history instead of overwriting (good for multiple connections)
334 ls = "ls --color=tty";
337 s-u="systemctl --user";
339 nix-clean="sudo nix-collect-garbage -d";
340 nix-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
341 nix-rollback="sudo nixos-rebuild switch --rollback";
342 nix-update="sudo nix-channel --update";
343 nix-upgrade="sudo nixos-rebuild switch";
344 nix-upstream="sudo nix-channel --list";
345 nix-config="gvim ~/.config/nixos/*.nix";
354 enableSSHSupport = true;