# This is the root configuration of the target machine. # Usable by nixos-install and used by nixops. # It is NOT copied nor usable on the target machine, # only the resulting closure is copied to the target machine. { pkgs, lib, config, options, ... }@attrs: let inherit (builtins) getEnv hasAttr readFile; inherit (builtins.extraBuiltins) pass pass-chomp; inherit (config.users) users; in { # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database servers. # You should change this only after NixOS release notes say you should. system.stateVersion = "19.09"; # Did you read the comment? nix = { trustedUsers = [ users."julm".name ]; }; imports = [ (./. + ("/" + getEnv "LOSURDO_DEPLOYMENT" + ".nix")) ../../defaults.nix ../../base/unbound.nix ./transmission.nix ] ++ lib.optionals (! hasAttr "nodes" attrs) [ ]; networking = rec { hostName = "losurdo"; domainBase = "sourcephile"; domain = "${domainBase}.fr"; }; /* environment.etc."sudo.conf".text = '' Debug sudo /var/log/sudo_debug.log all@debug Debug sudoers.so /var/log/sudo_debug.log all@debug ''; */ users = { mutableUsers = false; users = { root = { openssh.authorizedKeys.keys = [ (readFile ../../../sec/ssh/julm.pub) (readFile ../../../sec/ssh/julm-mob.pub) ]; }; julm = { uid = 1000; hashedPassword = pass-chomp "servers/losurdo/login/julm/hashedPassword"; isNormalUser = true; openssh.authorizedKeys.keys = [ (readFile ../../../sec/ssh/julm.pub) (readFile ../../../sec/ssh/julm-mob.pub) #(readFile ../../../sec/ssh/julm-losurdo.pub) ]; }; }; groups = { wheel = { members = [ users."julm".name ]; }; julm = { members = [ users."julm".name ]; gid = 1000; }; }; }; systemd.coredump.enable = true; environment = { enableDebugInfo = true; systemPackages = with pkgs; [ cryptsetup direnv file fio gdb git gptfdisk #hey home-manager lm_sensors rsync smartctl-tbw socat sanoid ]; }; }