-{ config, pkgs, lib, php, name, secrets, ... }:
+{ config, pkgs, lib, ports, name, secrets, ... }:
{
# ssh-keyscan eldiron | nix-shell -p ssh-to-age --run ssh-to-age
secrets.ageKeys = [ "age1dxr5lhvtnjssfaqpnf6qx80h8gfwkxg3tdf35m6n9wljmk7wadfs3kmahj" ];
"nodejs-16.20.2" # for landing page building
];
- nixpkgs.overlays = [
- php.overlays.php
- ];
+ nixpkgs.overlays = builtins.attrValues ports.overlays;
powerManagement.cpuFreqGovernor = "powersave";
security.acme.certs."${name}".postRun = builtins.concatStringsSep "\n" [
};
};
- services.netdata.enable = true;
- services.netdata.config.global."memory mode" = "none";
- services.netdata.config.health."enabled" = "no";
- services.netdata.config.web.mode = "none";
- users.users."${config.services.netdata.user}".extraGroups = [ "keys" ];
- services.netdata.configDir."stream.conf" = config.secrets.fullPaths."netdata-stream.conf";
secrets.keys = {
"ldap/pam_pgsql" = {
user = "root";
table = ldap_users
user_column = login
pw_type = function
- auth_query = SELECT (mechanism = 'SSHA' AND password = encode(digest( %p || salt, 'sha1'), 'hex')) FROM ldap_users WHERE login = %u OR login || '@' || realm = %u
+ auth_query = SELECT ((mechanism = 'SSHA' AND password = encode(digest( %p || salt, 'sha1'), 'hex')) OR (mechanism = 'PLAIN' AND password = %p)) FROM ldap_users WHERE login = %u OR login || '@' || realm = %u
#pwd_query = WITH newsalt as (select gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( %p || (SELECT * FROM newsalt), 'sha1'), 'hex'), salt = (SELECT * FROM newsalt), mechanism = 'SSHA' WHERE login = %u OR login || '@' || realm = %u
'';
};
- "netdata-stream.conf" = {
- user = config.services.netdata.user;
- group = config.services.netdata.group;
- permissions = "0400";
- text = ''
- [stream]
- enabled = yes
- destination = ${config.myEnv.monitoring.netdata_aggregator}
- api key = ${config.myEnv.monitoring.netdata_keys.eldiron}
- '';
- };
"zrepl_backup/identity" = {
user = "root";
group = "root";