shell: gnupg: always update conf

[sourcephile-nix.git] / servers / mermet.nix

diff --git a/servers/mermet.nix b/servers/mermet.nix
index da2c02551bae7a996fa3eca856b3ef7a2af3b58d..a9b1fb8f1a6a09630842f06d88cf94e395562b3d 100644 (file)
--- a/servers/mermet.nix
+++ b/servers/mermet.nix
@@ -2,10 +2,7 @@
 # Usable by nixos-install and used by nixops.
 # It is NOT copied nor usable on the target machine,
 # only the resulting closure is copied to the target machine.
-{ pkgs, lib, config, options
-# NixOps extra module inputs
-, nodes, name, uuid, resources
-, ... }:
+{ pkgs, lib, config, options, ... }:
 let
   inherit (builtins) readFile;
   inherit (builtins.extraBuiltins) pass pass-chomp;
@@ -17,7 +14,6 @@ in
   system.stateVersion = "19.09"; # Did you read the comment?
 
   nix = {
-    autoOptimiseStore = true;
     trustedUsers = [ "julm" ];
   };
 
@@ -25,18 +21,15 @@ in
 
   imports =
     [ ../nixos/defaults.nix
-      mermet/apu2e4.nix
-      mermet/zfs.nix
-      mermet/lesptts.nix
-      mermet/shorewall.nix
       mermet/unbound.nix
-      mermet/nsd.nix
+      #mermet/nsd.nix
+      mermet/knot.nix
       mermet/openldap.nix
       mermet/gitolite.nix
       mermet/nginx.nix
       mermet/postfix.nix
-      #mermet/rspamd.nix
-      #mermet/dovecot2.nix
+      mermet/dovecot.nix
+      mermet/rspamd.nix
     ];
 
   networking = rec {
@@ -45,26 +38,58 @@ in
     domain     = "${domainBase}.fr";
   };
 
+  /*
+  environment.etc."sudo.conf".text = ''
+    Debug sudo /var/log/sudo_debug.log all@debug
+    Debug sudoers.so /var/log/sudo_debug.log all@debug
+  '';
+  */
+
   users = {
     mutableUsers = false;
     users = {
-      root = rec {
-        initialPassword = password;
-        password = pass-chomp "servers/mermet/login/root";
+      root = {
+        hashedPassword = pass-chomp "servers/mermet/login/root/hashedPassword";
+        openssh.authorizedKeys.keys = [
+          (readFile ../../sec/ssh/julm.pub)
+          (readFile ../../sec/ssh/julm-mob.pub)
+        ];
+      };
+      julm = {
+        uid = 1000;
+        hashedPassword = pass-chomp "servers/mermet/login/julm/hashedPassword";
+        isNormalUser = true;
         openssh.authorizedKeys.keys = [
           (readFile ../../sec/ssh/julm.pub)
           (readFile ../../sec/ssh/julm-mob.pub)
+          (readFile ../../sec/ssh/julm-mermet.pub)
         ];
       };
     };
     groups = {
+      wheel = {
+        members = [ "julm" ];
+      };
+      julm = {
+        members = [ "julm" ];
+        gid = 1000;
+      };
     };
   };
 
+  programs = {
+    mosh.enable = true;
+  };
+
+  systemd.coredump.enable = true;
+
   environment = {
+    enableDebugInfo = true;
     systemPackages = with pkgs; [
       cryptsetup
       direnv
+      file
+      gdb
       fio
       git
       gptfdisk