X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fsystem.nix;h=6b4ef6e4e4ad75e0e925bb7da29e9433b6886e6c;hb=5b42284e2039d8550ab3c38ab3abcfdaa096e238;hp=70b74d00bcd95862bcdf829d0b48e3c8a84626aa;hpb=258dd18bac4bf5dd03cf1098ffa35cb954f9e015;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/system.nix b/modules/private/system.nix
index 70b74d0..6b4ef6e 100644
--- a/modules/private/system.nix
+++ b/modules/private/system.nix
@@ -1,6 +1,12 @@
-{ pkgs, lib, config, name, ... }:
+{ pkgs, lib, config, name, nodes, ... }:
 {
   config = {
+    networking.extraHosts = builtins.concatStringsSep "\n"
+      (lib.mapAttrsToList (n: v: "${v.config.hostEnv.ips.main.ip4} ${n}") nodes);
+
+    users.extraUsers.root.openssh.authorizedKeys.keyFiles = [ "${config.myEnv.privateFiles}/id_ed25519.pub" ];
+    services.openssh.enable = true;
+
     services.duplyBackup.profiles.system = {
       rootDir = "/var/lib";
       excludeFile = lib.mkAfter ''
@@ -12,11 +18,12 @@
         - /var/lib
         '';
     };
-    nixpkgs.overlays = builtins.attrValues (import ../../overlays);
-    _module.args = {
-      pkgsNext = import <nixpkgsNext> {};
-      pkgsPrevious = import <nixpkgsPrevious> {};
-    };
+    nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [
+      (self: super: {
+        postgresql = self.postgresql_pam;
+        mariadb = self.mariadb_pam;
+      }) # donât put them as generic overlay because of home-manager
+    ];
 
     services.journald.extraConfig = ''
       MaxLevelStore="warning"
@@ -49,16 +56,20 @@
             pkgs.tcpdump
             pkgs.tshark
             pkgs.tcpflow
-            pkgs.mitmproxy
+            # pkgs.mitmproxy # failing
             pkgs.nmap
             pkgs.p0f
             pkgs.socat
             pkgs.lsof
             pkgs.psmisc
+            pkgs.openssl
             pkgs.wget
 
             pkgs.cnagios
             nagios-cli
+
+            pkgs.pv
+            pkgs.smartmontools
           ];
       };
 
@@ -68,7 +79,16 @@
     environment.systemPackages = [
       pkgs.git
       pkgs.vim
+      pkgs.rsync
+      pkgs.strace
     ] ++
     (lib.optional (builtins.length (config.hostEnv.users pkgs) > 0) pkgs.home-manager);
+
+    systemd.targets.maintenance = {
+      description = "Maintenance target with only sshd";
+      after = [ "network-online.target" "sshd.service" ];
+      requires = [ "network-online.target" "sshd.service" ];
+      unitConfig.AllowIsolate = "yes";
+    };
   };
 }
