servers/losurdo/configuration.nix

   1 # This is the root configuration of the target machine.
   2 # Usable by nixos-install and used by nixops.
   3 # It is NOT copied nor usable on the target machine,
   4 # only the resulting closure is copied to the target machine.
   5 { pkgs, lib, config, options, ... }@attrs:
   6 let
   7   inherit (builtins) getEnv hasAttr readFile;
   8   inherit (builtins.extraBuiltins) pass pass-chomp;
   9 in
  10 {
  11 # This value determines the NixOS release with which your system is to be
  12 # compatible, in order to avoid breaking some software such as database servers.
  13 # You should change this only after NixOS release notes say you should.
  14 system.stateVersion = "19.09"; # Did you read the comment?
  15
  16 nix = {
  17   trustedUsers = [ "julm" ];
  18 };
  19
  20 imports = [
  21   (./. + ("/" + getEnv "LOSURDO_DEPLOYMENT" + ".nix"))
  22   ../../defaults.nix
  23   ../../base/unbound.nix
  24 ] ++ lib.optional (hasAttr "nodes" attrs) (pkgs.nixops + "/share/nix/nixops/options.nix");
  25
  26 networking = rec {
  27   hostName   = "losurdo";
  28   domainBase = "sourcephile";
  29   domain     = "${domainBase}.fr";
  30 };
  31
  32 /*
  33 environment.etc."sudo.conf".text = ''
  34   Debug sudo /var/log/sudo_debug.log all@debug
  35   Debug sudoers.so /var/log/sudo_debug.log all@debug
  36 '';
  37 */
  38
  39 users = {
  40   mutableUsers = false;
  41   users = {
  42     root = {
  43       openssh.authorizedKeys.keys = [
  44         (readFile ../../sec/ssh/julm.pub)
  45         (readFile ../../sec/ssh/julm-mob.pub)
  46       ];
  47     };
  48     julm = {
  49       uid = 1000;
  50       hashedPassword = pass-chomp "servers/losurdo/login/julm/hashedPassword";
  51       isNormalUser = true;
  52       openssh.authorizedKeys.keys = [
  53         (readFile ../../sec/ssh/julm.pub)
  54         (readFile ../../sec/ssh/julm-mob.pub)
  55         #(readFile ../../sec/ssh/julm-losurdo.pub)
  56       ];
  57     };
  58   };
  59   groups = {
  60     wheel = {
  61       members = [ "julm" ];
  62     };
  63     julm = {
  64       members = [ "julm" ];
  65       gid = 1000;
  66     };
  67   };
  68 };
  69
  70 systemd.coredump.enable = true;
  71
  72 environment = {
  73   enableDebugInfo = true;
  74   systemPackages = with pkgs; [
  75     cryptsetup
  76     direnv
  77     file
  78     fio
  79     gdb
  80     git
  81     gptfdisk
  82     #hey
  83     home-manager
  84     lm_sensors
  85     rsync
  86     smartctl-tbw
  87     socat
  88   ];
  89 };
  90 }