servers/mermet/configuration.nix

   1 # This is the root configuration of the target machine.
   2 # Usable by nixos-install and used by nixops.
   3 # It is NOT copied nor usable on the target machine,
   4 # only the resulting closure is copied to the target machine.
   5 { pkgs, lib, config, options, ... }:
   6 let
   7   inherit (builtins) readFile;
   8   inherit (builtins.extraBuiltins) pass pass-chomp;
   9 in
  10 {
  11 # This value determines the NixOS release with which your system is to be
  12 # compatible, in order to avoid breaking some software such as database servers.
  13 # You should change this only after NixOS release notes say you should.
  14 system.stateVersion = "19.09"; # Did you read the comment?
  15
  16 nix = {
  17   trustedUsers = [ "julm" ];
  18 };
  19
  20 imports = [
  21   ../../defaults.nix
  22   ../../base/unbound.nix
  23   #./nsd.nix
  24   ./knot.nix
  25   ./openldap.nix
  26   ./gitolite.nix
  27   ./nginx.nix
  28   ./postfix.nix
  29   ./dovecot.nix
  30   ./redis.nix
  31   ./rspamd.nix
  32 ];
  33
  34 networking = rec {
  35   hostName   = "mermet";
  36   domainBase = "sourcephile";
  37   domain     = "${domainBase}.fr";
  38 };
  39
  40 /*
  41 environment.etc."sudo.conf".text = ''
  42   Debug sudo /var/log/sudo_debug.log all@debug
  43   Debug sudoers.so /var/log/sudo_debug.log all@debug
  44 '';
  45 */
  46
  47 users = {
  48   mutableUsers = false;
  49   users = {
  50     root = {
  51       openssh.authorizedKeys.keys = [
  52         (readFile ../../../sec/ssh/julm.pub)
  53         (readFile ../../../sec/ssh/julm-mob.pub)
  54       ];
  55     };
  56     julm = {
  57       uid = 1000;
  58       hashedPassword = pass-chomp "servers/mermet/login/julm/hashedPassword";
  59       isNormalUser = true;
  60       openssh.authorizedKeys.keys = [
  61         (readFile ../../../sec/ssh/julm.pub)
  62         (readFile ../../../sec/ssh/julm-mob.pub)
  63         (readFile ../../../sec/ssh/julm-mermet.pub)
  64       ];
  65     };
  66   };
  67   groups = {
  68     wheel = {
  69       members = [ "julm" ];
  70     };
  71     julm = {
  72       members = [ "julm" ];
  73       gid = 1000;
  74     };
  75   };
  76 };
  77
  78 systemd.coredump.enable = true;
  79
  80 environment = {
  81   enableDebugInfo = true;
  82   systemPackages = with pkgs; [
  83     cryptsetup
  84     direnv
  85     file
  86     fio
  87     gdb
  88     git
  89     gptfdisk
  90     #hey
  91     home-manager
  92     lm_sensors
  93     rsync
  94     smartctl-tbw
  95     socat
  96   ];
  97 };
  98 }