1 # This is the root configuration of the target machine.
2 # Usable by nixos-install and used by nixops.
3 # It is NOT copied nor usable on the target machine,
4 # only the resulting closure is copied to the target machine.
5 { pkgs, lib, config, options, ... }:
7 inherit (builtins) readFile;
8 inherit (builtins.extraBuiltins) pass pass-chomp;
11 # This value determines the NixOS release with which your system is to be
12 # compatible, in order to avoid breaking some software such as database servers.
13 # You should change this only after NixOS release notes say you should.
14 system.stateVersion = "19.09"; # Did you read the comment?
17 trustedUsers = [ "julm" ];
20 nixpkgs.overlays = import ../overlays.nix;
23 [ ../nixos/defaults.nix
37 domainBase = "sourcephile";
38 domain = "${domainBase}.fr";
42 environment.etc."sudo.conf".text = ''
43 Debug sudo /var/log/sudo_debug.log all@debug
44 Debug sudoers.so /var/log/sudo_debug.log all@debug
52 hashedPassword = pass-chomp "servers/mermet/login/root/hashedPassword";
53 openssh.authorizedKeys.keys = [
54 (readFile ../../sec/ssh/julm.pub)
55 (readFile ../../sec/ssh/julm-mob.pub)
60 hashedPassword = pass-chomp "servers/mermet/login/julm/hashedPassword";
62 openssh.authorizedKeys.keys = [
63 (readFile ../../sec/ssh/julm.pub)
64 (readFile ../../sec/ssh/julm-mob.pub)
65 (readFile ../../sec/ssh/julm-mermet.pub)
84 systemd.coredump.enable = true;
87 enableDebugInfo = true;
88 systemPackages = with pkgs; [