-{ privateFiles ? ./., nixpkgsNext ? null }:
+{ privateFiles ? ./. }:
{
network = {
description = "Immae's network";
};
eldiron = { config, pkgs, mylibs, myconfig, ... }:
- with mylibs;
{
_module.args = {
- pkgsNext = if builtins.isNull nixpkgsNext then pkgs else import nixpkgsNext {};
+ pkgsNext = import <nixpkgsNext> {};
+ pkgsPrevious = import <nixpkgsPrevious> {};
mylibs = import ../libs.nix { nixpkgs = pkgs; };
mypkgs = import ../default.nix;
myconfig = {
};
imports = [
+ ./modules/ssh
./modules/certificates.nix
./modules/gitolite
./modules/databases
MaxLevelStore="warning"
MaxRetentionSec="1year"
'';
- networking = {
- firewall = {
- enable = true;
- allowedTCPPorts = [ 22 ];
- };
- };
+ networking.firewall.enable = true;
deployment = {
targetEnv = "hetzner";
pkgs.vim
];
- services.openssh.extraConfig = ''
- AuthorizedKeysCommand /etc/ssh/ldap_authorized_keys
- AuthorizedKeysCommandUser nobody
- '';
-
- environment.etc."ssh/ldap_authorized_keys" = let
- ldap_authorized_keys =
- wrap {
- name = "ldap_authorized_keys";
- file = ./ldap_authorized_keys.sh;
- vars = {
- LDAP_PASS = myconfig.env.sshd.ldap.password;
- GITOLITE_SHELL = "${pkgs.gitolite}/bin/gitolite-shell";
- ECHO = "${pkgs.coreutils}/bin/echo";
- };
- paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.gnused pkgs.coreutils ];
- };
- in {
- enable = true;
- mode = "0755";
- user = "root";
- source = ldap_authorized_keys;
- };
-
services.cron = {
enable = true;
systemCronJobs = [