1 { pkgs, lib, config, name, nodes, ... }:
4 deployment.secrets."secret_vars.yml" = {
5 source = builtins.toString ../../nixops/secrets/vars.yml;
6 destination = config.secrets.secretsVars;
12 networking.extraHosts = builtins.concatStringsSep "\n"
13 (lib.mapAttrsToList (n: v: "${v.config.hostEnv.ips.main.ip4} ${n}") nodes);
15 users.extraUsers.root.openssh.authorizedKeys.keys = [ config.myEnv.sshd.rootKeys.nix_repository ];
16 secrets.deleteSecretsVars = true;
18 ../../nixops/public_keys/Immae.pub
20 secrets.secretsVars = "/run/keys/vars.yml";
22 services.openssh.enable = true;
24 services.duplyBackup.profiles.system = {
26 excludeFile = lib.mkAfter ''
31 + /var/lib/private/systemd
35 nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [
37 postgresql = self.postgresql_pam;
38 mariadb = self.mariadb_pam;
39 }) # don’t put them as generic overlay because of home-manager
42 services.journald.extraConfig = ''
43 #Should be "warning" but disabled for now, it prevents anything from being stored
49 builtins.listToAttrs (map (x: lib.attrsets.nameValuePair x.name ({
51 home = "/home/${x.name}";
54 } // x)) (config.hostEnv.users pkgs))
57 nagios-cli = pkgs.writeScriptBin "nagios-cli" ''
58 #!${pkgs.stdenv.shell}
59 sudo -u naemon ${pkgs.nagios-cli}/bin/nagios-cli -c ${./monitoring/nagios-cli.cfg}
74 # pkgs.mitmproxy # failing
91 users.mutableUsers = lib.mkDefault false;
93 environment.etc.cnagios.source = "${pkgs.cnagios}/share/doc/cnagios";
94 environment.systemPackages = [
100 (lib.optional (builtins.length (config.hostEnv.users pkgs) > 0) pkgs.home-manager);
102 systemd.targets.maintenance = {
103 description = "Maintenance target with only sshd";
104 after = [ "network-online.target" "sshd.service" ];
105 requires = [ "network-online.target" "sshd.service" ];
106 unitConfig.AllowIsolate = "yes";