# This is the root configuration of the target machine. # Usable by nixos-install and used by nixops. # It is NOT copied nor usable on the target machine, # only the resulting closure is copied to the target machine. { pkgs, lib, config, options, ... }: let inherit (builtins) readFile; inherit (builtins.extraBuiltins) pass pass-chomp; in { # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database servers. # You should change this only after NixOS release notes say you should. system.stateVersion = "19.09"; # Did you read the comment? nix = { trustedUsers = [ "julm" ]; }; imports = [ ../../defaults.nix ../../base/unbound.nix #./nsd.nix ./knot.nix ./openldap.nix ./gitolite.nix ./nginx.nix ./postfix.nix ./dovecot.nix ./redis.nix ./rspamd.nix ]; networking = rec { hostName = "mermet"; domainBase = "sourcephile"; domain = "${domainBase}.fr"; }; /* environment.etc."sudo.conf".text = '' Debug sudo /var/log/sudo_debug.log all@debug Debug sudoers.so /var/log/sudo_debug.log all@debug ''; */ users = { mutableUsers = false; users = { root = { openssh.authorizedKeys.keys = [ (readFile ../../../sec/ssh/julm.pub) (readFile ../../../sec/ssh/julm-mob.pub) ]; }; julm = { uid = 1000; hashedPassword = pass-chomp "servers/mermet/login/julm/hashedPassword"; isNormalUser = true; openssh.authorizedKeys.keys = [ (readFile ../../../sec/ssh/julm.pub) (readFile ../../../sec/ssh/julm-mob.pub) (readFile ../../../sec/ssh/julm-mermet.pub) ]; }; }; groups = { wheel = { members = [ "julm" ]; }; julm = { members = [ "julm" ]; gid = 1000; }; }; }; systemd.coredump.enable = true; environment = { enableDebugInfo = true; systemPackages = with pkgs; [ cryptsetup direnv file fio gdb git gptfdisk #hey home-manager lm_sensors rsync smartctl-tbw socat ]; }; }