]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet.nix
nix: fix nixpkgs-channel and gpg-agent
[sourcephile-nix.git] / servers / mermet.nix
1 # This is the root configuration of the target machine.
2 # Usable by nixos-install and used by nixops.
3 # It is NOT copied nor usable on the target machine,
4 # only the resulting closure is copied to the target machine.
5 { pkgs, lib, config, options
6 # NixOps extra module inputs
7 , nodes, name, uuid, resources
8 , ... }:
9 let
10 inherit (builtins) readFile;
11 inherit (builtins.extraBuiltins) pass pass-chomp;
12 in
13 {
14 # This value determines the NixOS release with which your system is to be
15 # compatible, in order to avoid breaking some software such as database servers.
16 # You should change this only after NixOS release notes say you should.
17 system.stateVersion = "19.09"; # Did you read the comment?
18
19 nix = {
20 autoOptimiseStore = true;
21 trustedUsers = [ "julm" ];
22 };
23
24 nixpkgs.overlays = import ../overlays.nix;
25
26 imports =
27 [ ../nixos/defaults.nix
28 mermet/apu2e4.nix
29 mermet/zfs.nix
30 mermet/lesptts.nix
31 mermet/shorewall.nix
32 mermet/unbound.nix
33 mermet/nsd.nix
34 mermet/openldap.nix
35 mermet/gitolite.nix
36 mermet/nginx.nix
37 mermet/postfix.nix
38 #mermet/rspamd.nix
39 #mermet/dovecot2.nix
40 ];
41
42 networking = rec {
43 hostName = "mermet";
44 domainBase = "sourcephile";
45 domain = "${domainBase}.fr";
46 };
47
48 users = {
49 mutableUsers = false;
50 users = {
51 root = rec {
52 initialPassword = password;
53 password = pass-chomp "servers/mermet/login/root";
54 openssh.authorizedKeys.keys = [
55 (readFile ../../sec/ssh/julm.pub)
56 (readFile ../../sec/ssh/julm-mob.pub)
57 ];
58 };
59 };
60 groups = {
61 };
62 };
63
64 environment = {
65 systemPackages = with pkgs; [
66 cryptsetup
67 direnv
68 fio
69 git
70 gptfdisk
71 lm_sensors
72 rsync
73 smartctl-tbw
74 socat
75 ];
76 };
77 }