]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet.nix
mermet: unbound config following calomel.org's
[sourcephile-nix.git] / servers / mermet.nix
1 # This is the root configuration of the target machine.
2 # Usable by nixos-install and used by nixops.
3 # It is NOT copied nor usable on the target machine,
4 # only the resulting closure is copied to the target machine.
5 { pkgs, lib, config, options, ... }:
6 let
7 inherit (builtins) readFile;
8 inherit (builtins.extraBuiltins) pass pass-chomp;
9 in
10 {
11 # This value determines the NixOS release with which your system is to be
12 # compatible, in order to avoid breaking some software such as database servers.
13 # You should change this only after NixOS release notes say you should.
14 system.stateVersion = "19.09"; # Did you read the comment?
15
16 nix = {
17 autoOptimiseStore = true;
18 trustedUsers = [ "julm" ];
19 };
20
21 nixpkgs.overlays = import ../overlays.nix;
22
23 imports =
24 [ ../nixos/defaults.nix
25 mermet/unbound.nix
26 mermet/nsd.nix
27 mermet/openldap.nix
28 mermet/gitolite.nix
29 mermet/nginx.nix
30 mermet/postfix.nix
31 #mermet/rspamd.nix
32 #mermet/dovecot2.nix
33 ];
34
35 networking = rec {
36 hostName = "mermet";
37 domainBase = "sourcephile";
38 domain = "${domainBase}.fr";
39 };
40
41 users = {
42 mutableUsers = false;
43 users = {
44 root = rec {
45 initialPassword = password;
46 password = pass-chomp "servers/mermet/login/root";
47 openssh.authorizedKeys.keys = [
48 (readFile ../../sec/ssh/julm.pub)
49 (readFile ../../sec/ssh/julm-mob.pub)
50 ];
51 };
52 };
53 groups = {
54 };
55 };
56
57 programs = {
58 mosh.enable = true;
59 };
60
61 environment = {
62 systemPackages = with pkgs; [
63 cryptsetup
64 direnv
65 fio
66 git
67 gptfdisk
68 lm_sensors
69 rsync
70 smartctl-tbw
71 socat
72 ];
73 };
74 }