-{ pkgs, privateFiles, ... }:
+{ pkgs, lib, config, name, nodes, ... }:
{
config = {
- nixpkgs.overlays = builtins.attrValues (import ../../overlays);
- _module.args = {
- pkgsNext = import <nixpkgsNext> {};
- pkgsPrevious = import <nixpkgsPrevious> {};
- myconfig = {
- inherit privateFiles;
- env = import "${privateFiles}/environment.nix";
- };
+ networking.extraHosts = builtins.concatStringsSep "\n"
+ (lib.mapAttrsToList (n: v: "${v.config.hostEnv.ips.main.ip4} ${n}") nodes);
+
+ users.extraUsers.root.openssh.authorizedKeys.keyFiles = [ "${config.myEnv.privateFiles}/id_ed25519.pub" ];
+ services.openssh.enable = true;
+
+ services.duplyBackup.profiles.system = {
+ rootDir = "/var/lib";
+ excludeFile = lib.mkAfter ''
+ + /var/lib/nixos
+ + /var/lib/udev
+ + /var/lib/udisks2
+ + /var/lib/systemd
+ + /var/lib/private/systemd
+ - /var/lib
+ '';
};
+ nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [
+ (self: super: {
+ postgresql = self.postgresql_pam;
+ mariadb = self.mariadb_pam;
+ }) # don’t put them as generic overlay because of home-manager
+ ];
services.journald.extraConfig = ''
- MaxLevelStore="warning"
- MaxRetentionSec="1year"
+ #Should be "warning" but disabled for now, it prevents anything from being stored
+ MaxLevelStore=info
+ MaxRetentionSec=1year
'';
- users.users.root.packages = [
- pkgs.telnet
- pkgs.htop
- pkgs.iftop
- ];
+ users.users =
+ builtins.listToAttrs (map (x: lib.attrsets.nameValuePair x.name ({
+ isNormalUser = true;
+ home = "/home/${x.name}";
+ createHome = true;
+ linger = true;
+ } // x)) (config.hostEnv.users pkgs))
+ // {
+ root.packages = let
+ nagios-cli = pkgs.writeScriptBin "nagios-cli" ''
+ #!${pkgs.stdenv.shell}
+ sudo -u naemon ${pkgs.nagios-cli}/bin/nagios-cli -c ${./monitoring/nagios-cli.cfg}
+ '';
+ in
+ [
+ pkgs.telnet
+ pkgs.htop
+ pkgs.iftop
+ pkgs.bind.dnsutils
+ pkgs.httpie
+ pkgs.iotop
+ pkgs.whois
+ pkgs.ngrep
+ pkgs.tcpdump
+ pkgs.tshark
+ pkgs.tcpflow
+ # pkgs.mitmproxy # failing
+ pkgs.nmap
+ pkgs.p0f
+ pkgs.socat
+ pkgs.lsof
+ pkgs.psmisc
+ pkgs.openssl
+ pkgs.wget
+
+ pkgs.cnagios
+ nagios-cli
+ pkgs.pv
+ pkgs.smartmontools
+ ];
+ };
+
+ users.mutableUsers = lib.mkDefault false;
+
+ environment.etc.cnagios.source = "${pkgs.cnagios}/share/doc/cnagios";
environment.systemPackages = [
+ pkgs.git
pkgs.vim
- ];
+ pkgs.rsync
+ pkgs.strace
+ ] ++
+ (lib.optional (builtins.length (config.hostEnv.users pkgs) > 0) pkgs.home-manager);
+ systemd.targets.maintenance = {
+ description = "Maintenance target with only sshd";
+ after = [ "network-online.target" "sshd.service" ];
+ requires = [ "network-online.target" "sshd.service" ];
+ unitConfig.AllowIsolate = "yes";
+ };
};
}