servers/mermet.nix

   1 # This is the root configuration of the target machine.
   2 # Usable by nixos-install and used by nixops.
   3 # It is NOT copied nor usable on the target machine,
   4 # only the resulting closure is copied to the target machine.
   5 { pkgs, lib, config, options, ... }:
   6 let
   7   inherit (builtins) readFile;
   8   inherit (builtins.extraBuiltins) pass pass-chomp;
   9 in
  10 {
  11   # This value determines the NixOS release with which your system is to be
  12   # compatible, in order to avoid breaking some software such as database servers.
  13   # You should change this only after NixOS release notes say you should.
  14   system.stateVersion = "19.09"; # Did you read the comment?
  15
  16   nix = {
  17     trustedUsers = [ "julm" ];
  18   };
  19
  20   nixpkgs.overlays = import ../overlays.nix;
  21
  22   imports =
  23     [ ../nixos/defaults.nix
  24       mermet/unbound.nix
  25       #mermet/nsd.nix
  26       mermet/knot.nix
  27       mermet/openldap.nix
  28       mermet/gitolite.nix
  29       mermet/nginx.nix
  30       mermet/postfix.nix
  31       mermet/dovecot.nix
  32       mermet/rspamd.nix
  33     ];
  34
  35   networking = rec {
  36     hostName   = "mermet";
  37     domainBase = "sourcephile";
  38     domain     = "${domainBase}.fr";
  39   };
  40
  41   /*
  42   environment.etc."sudo.conf".text = ''
  43     Debug sudo /var/log/sudo_debug.log all@debug
  44     Debug sudoers.so /var/log/sudo_debug.log all@debug
  45   '';
  46   */
  47
  48   users = {
  49     mutableUsers = false;
  50     users = {
  51       root = {
  52         hashedPassword = pass-chomp "servers/mermet/login/root/hashedPassword";
  53         openssh.authorizedKeys.keys = [
  54           (readFile ../../sec/ssh/julm.pub)
  55           (readFile ../../sec/ssh/julm-mob.pub)
  56         ];
  57       };
  58       julm = {
  59         uid = 1000;
  60         hashedPassword = pass-chomp "servers/mermet/login/julm/hashedPassword";
  61         isNormalUser = true;
  62         openssh.authorizedKeys.keys = [
  63           (readFile ../../sec/ssh/julm.pub)
  64           (readFile ../../sec/ssh/julm-mob.pub)
  65           (readFile ../../sec/ssh/julm-mermet.pub)
  66         ];
  67       };
  68     };
  69     groups = {
  70       wheel = {
  71         members = [ "julm" ];
  72       };
  73       julm = {
  74         members = [ "julm" ];
  75         gid = 1000;
  76       };
  77     };
  78   };
  79
  80   programs = {
  81     mosh.enable = true;
  82   };
  83
  84   systemd.coredump.enable = true;
  85
  86   environment = {
  87     enableDebugInfo = true;
  88     systemPackages = with pkgs; [
  89       cryptsetup
  90       direnv
  91       file
  92       gdb
  93       fio
  94       git
  95       gptfdisk
  96       lm_sensors
  97       rsync
  98       smartctl-tbw
  99       socat
 100     ];
 101   };
 102 }