+ users.users.backup = {
+ hashedPassword = "!";
+ isSystemUser = true;
+ extraGroups = [ "keys" ];
+ shell = pkgs.bashInteractive;
+ openssh.authorizedKeys.keys = let
+ zreplConfig = config.secrets.fullPaths."zrepl/zrepl.yml";
+ in
+ ["command=\"${pkgs.zrepl}/bin/zrepl stdinserver --config ${zreplConfig} eldiron\",restrict ${config.myEnv.zrepl_backup.ssh_key.public}"];
+ };
+ security.sudo.extraRules = pkgs.lib.mkAfter [
+ {
+ commands = [
+ { command = "/home/immae/.nix-profile/root_scripts/*"; options = [ "NOPASSWD" ]; }
+ ];
+ users = [ "immae" ];
+ runAs = "root";
+ }
+ ];
+
+ boot.kernel.sysctl."vm.nr_hugepages" = 256; # for xmr-stak
+ system.activationScripts.libvirtd_exports = ''
+ install -m 0755 -o root -g root -d /var/lib/caldance
+ '';
+ virtualisation.docker.enable = true;
+ virtualisation.docker.storageDriver = "zfs";
+ virtualisation.libvirtd.enable = true;
+ users.extraUsers.immae.extraGroups = [ "libvirtd" "docker" ];
+ systemd.services.libvirtd.postStart = ''
+ install -m 0770 -g libvirtd -d /var/lib/libvirt/images
+ '';
+ systemd.services.socat-caldance = {
+ description = "Forward ssh port to caldance";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+
+ serviceConfig = {
+ ExecStart = "${pkgs.socat}/bin/socat TCP-LISTEN:8022,fork TCP:nixops-99a7e1ba-54dc-11ea-a965-10bf487fe63b-caldance:22";
+ };
+ };
+