servers/losurdo/configuration.nix

   1 # This is the root configuration of the target machine.
   2 # Usable by nixos-install and used by nixops.
   3 # It is NOT copied nor usable on the target machine,
   4 # only the resulting closure is copied to the target machine.
   5 { pkgs, lib, config, options, ... }@attrs:
   6 let
   7   inherit (builtins) getEnv hasAttr readFile;
   8   inherit (builtins.extraBuiltins) pass pass-chomp;
   9   inherit (config.users) users;
  10 in
  11 {
  12 # This value determines the NixOS release with which your system is to be
  13 # compatible, in order to avoid breaking some software such as database servers.
  14 # You should change this only after NixOS release notes say you should.
  15 system.stateVersion = "19.09"; # Did you read the comment?
  16
  17 nix = {
  18   trustedUsers = [ users."julm".name ];
  19 };
  20
  21 imports = [
  22   (./. + ("/" + getEnv "LOSURDO_DEPLOYMENT" + ".nix"))
  23   ../../defaults.nix
  24   ../../base/unbound.nix
  25   ./transmission.nix
  26 ] ++ lib.optionals (! hasAttr "nodes" attrs) [
  27   <nixops/options.nix>
  28   <nixops/resource.nix>
  29 ];
  30
  31 networking = rec {
  32   hostName   = "losurdo";
  33   domainBase = "sourcephile";
  34   domain     = "${domainBase}.fr";
  35 };
  36
  37 /*
  38 environment.etc."sudo.conf".text = ''
  39   Debug sudo /var/log/sudo_debug.log all@debug
  40   Debug sudoers.so /var/log/sudo_debug.log all@debug
  41 '';
  42 */
  43
  44 users = {
  45   mutableUsers = false;
  46   users = {
  47     root = {
  48       openssh.authorizedKeys.keys = [
  49         (readFile ../../../sec/ssh/julm.pub)
  50         (readFile ../../../sec/ssh/julm-mob.pub)
  51       ];
  52     };
  53     julm = {
  54       uid = 1000;
  55       hashedPassword = pass-chomp "servers/losurdo/login/julm/hashedPassword";
  56       isNormalUser = true;
  57       openssh.authorizedKeys.keys = [
  58         (readFile ../../../sec/ssh/julm.pub)
  59         (readFile ../../../sec/ssh/julm-mob.pub)
  60         #(readFile ../../../sec/ssh/julm-losurdo.pub)
  61       ];
  62     };
  63   };
  64   groups = {
  65     wheel = {
  66       members = [ users."julm".name ];
  67     };
  68     julm = {
  69       members = [ users."julm".name ];
  70       gid = 1000;
  71     };
  72   };
  73 };
  74
  75 systemd.coredump.enable = true;
  76
  77 environment = {
  78   enableDebugInfo = true;
  79   systemPackages = with pkgs; [
  80     cryptsetup
  81     direnv
  82     file
  83     fio
  84     gdb
  85     git
  86     gptfdisk
  87     #hey
  88     home-manager
  89     lm_sensors
  90     rsync
  91     smartctl-tbw
  92     socat
  93     sanoid
  94   ];
  95 };
  96 }