};
eldiron = { config, pkgs, mylibs, myconfig, ... }:
- with mylibs;
{
_module.args = {
+ pkgsNext = import <nixpkgsNext> {};
+ pkgsPrevious = import <nixpkgsPrevious> {};
mylibs = import ../libs.nix { nixpkgs = pkgs; };
mypkgs = import ../default.nix;
myconfig = {
};
imports = [
+ ./modules/ssh
./modules/certificates.nix
./modules/gitolite
./modules/databases
./modules/ftp
./modules/pub
./modules/task
+ ./modules/irc
+ ./modules/buildbot
+ ./modules/dns
];
services.myGitolite.enable = true;
services.myDatabases.enable = true;
services.myWebsites.integration.enable = true;
services.myWebsites.tools.enable = true;
services.pure-ftpd.enable = true;
+ services.irc.enable = true;
services.pub.enable = true;
services.myTasks.enable = true;
+ services.buildbot.enable = true;
services.journald.extraConfig = ''
MaxLevelStore="warning"
MaxRetentionSec="1year"
'';
- networking = {
- firewall = {
- enable = true;
- allowedTCPPorts = [ 22 ];
- };
- };
+ networking.firewall.enable = true;
deployment = {
targetEnv = "hetzner";
pkgs.vim
];
- services.openssh.extraConfig = ''
- AuthorizedKeysCommand /etc/ssh/ldap_authorized_keys
- AuthorizedKeysCommandUser nobody
- '';
-
- environment.etc."ssh/ldap_authorized_keys" = let
- ldap_authorized_keys =
- wrap {
- name = "ldap_authorized_keys";
- file = ./ldap_authorized_keys.sh;
- vars = {
- LDAP_PASS = myconfig.env.sshd.ldap.password;
- GITOLITE_SHELL = "${pkgs.gitolite}/bin/gitolite-shell";
- ECHO = "${pkgs.coreutils}/bin/echo";
- };
- paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.gnused pkgs.coreutils ];
- };
- in {
- enable = true;
- mode = "0755";
- user = "root";
- source = ldap_authorized_keys;
- };
-
services.cron = {
enable = true;
systemCronJobs = [