[perso/Immae/Config/Nix.git] / modules / private / system.nix

{ pkgs, lib, config, name, ... }:
{
  config = {
    services.duplyBackup.profiles.system = {
      rootDir = "/var/lib";
      excludeFile = lib.mkAfter ''
        + /var/lib/nixos
        + /var/lib/udev
        + /var/lib/udisks2
        + /var/lib/systemd
        + /var/lib/private/systemd
        - /var/lib
        '';
    };
    nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [
      (self: super: {
        postgresql = self.postgresql_pam;
        mariadb = self.mariadb_pam;
      }) # don’t put them as generic overlay because of home-manager
    ];
    _module.args = {
      pkgsNext = import <nixpkgsNext> {};
      pkgsPrevious = import <nixpkgsPrevious> {};
    };

    services.journald.extraConfig = ''
      MaxLevelStore="warning"
      MaxRetentionSec="1year"
      '';

    users.users =
      builtins.listToAttrs (map (x: lib.attrsets.nameValuePair x.name ({
        isNormalUser = true;
        home = "/home/${x.name}";
        createHome = true;
        linger = true;
      } // x)) (config.hostEnv.users pkgs))
      // {
        root.packages = let
          nagios-cli = pkgs.writeScriptBin "nagios-cli" ''
            #!${pkgs.stdenv.shell}
            sudo -u naemon ${pkgs.nagios-cli}/bin/nagios-cli -c ${./monitoring/nagios-cli.cfg}
            '';
        in
          [
            pkgs.telnet
            pkgs.htop
            pkgs.iftop
            pkgs.bind.dnsutils
            pkgs.httpie
            pkgs.iotop
            pkgs.whois
            pkgs.ngrep
            pkgs.tcpdump
            pkgs.tshark
            pkgs.tcpflow
            # pkgs.mitmproxy # failing
            pkgs.nmap
            pkgs.p0f
            pkgs.socat
            pkgs.lsof
            pkgs.psmisc
            pkgs.openssl
            pkgs.wget

            pkgs.cnagios
            nagios-cli
          ];
      };

    users.mutableUsers = false;

    environment.etc.cnagios.source = "${pkgs.cnagios}/share/doc/cnagios";
    environment.systemPackages = [
      pkgs.git
      pkgs.vim
    ] ++
    (lib.optional (builtins.length (config.hostEnv.users pkgs) > 0) pkgs.home-manager);

    systemd.targets.maintenance = {
      description = "Maintenance target with only sshd";
      after = [ "network-online.target" "sshd.service" ];
      requires = [ "network-online.target" "sshd.service" ];
      unitConfig.AllowIsolate = "yes";
    };
  };
}
Commit	Line	Data
619e4f46	1	{ pkgs, lib, config, name, ... }:
8d213e2b IB	2	{
8d213e2b IB	3	config = {
d2e703c5	4	services.duplyBackup.profiles.system = {
6a8252b1 IB	5	rootDir = "/var/lib";
	6	excludeFile = lib.mkAfter ''
	7	+ /var/lib/nixos
	8	+ /var/lib/udev
	9	+ /var/lib/udisks2
	10	+ /var/lib/systemd
	11	+ /var/lib/private/systemd
	12	- /var/lib
	13	'';
	14	};
9dd3eb0b	15	nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [
4e3e4761 IB	16	(self: super: {
	17	postgresql = self.postgresql_pam;
	18	mariadb = self.mariadb_pam;
	19	}) # don’t put them as generic overlay because of home-manager
9dd3eb0b	20	];
8d213e2b IB	21	_module.args = {
	22	pkgsNext = import <nixpkgsNext> {};
	23	pkgsPrevious = import <nixpkgsPrevious> {};
8d213e2b IB	24	};
	25
	26	services.journald.extraConfig = ''
	27	MaxLevelStore="warning"
	28	MaxRetentionSec="1year"
	29	'';
	30
8a304ef4 IB	31	users.users =
	32	builtins.listToAttrs (map (x: lib.attrsets.nameValuePair x.name ({
	33	isNormalUser = true;
	34	home = "/home/${x.name}";
	35	createHome = true;
	36	linger = true;
	37	} // x)) (config.hostEnv.users pkgs))
	38	// {
	39	root.packages = let
	40	nagios-cli = pkgs.writeScriptBin "nagios-cli" ''
	41	#!${pkgs.stdenv.shell}
	42	sudo -u naemon ${pkgs.nagios-cli}/bin/nagios-cli -c ${./monitoring/nagios-cli.cfg}
	43	'';
	44	in
	45	[
	46	pkgs.telnet
	47	pkgs.htop
	48	pkgs.iftop
	49	pkgs.bind.dnsutils
	50	pkgs.httpie
	51	pkgs.iotop
	52	pkgs.whois
	53	pkgs.ngrep
	54	pkgs.tcpdump
	55	pkgs.tshark
	56	pkgs.tcpflow
2053ddac	57	# pkgs.mitmproxy # failing
8a304ef4 IB	58	pkgs.nmap
	59	pkgs.p0f
	60	pkgs.socat
	61	pkgs.lsof
	62	pkgs.psmisc
ca732a83	63	pkgs.openssl
8a304ef4	64	pkgs.wget
781c3202	65
8a304ef4 IB	66	pkgs.cnagios
	67	nagios-cli
	68	];
	69	};
8d213e2b	70
8a304ef4	71	users.mutableUsers = false;
8d213e2b	72
8a304ef4	73	environment.etc.cnagios.source = "${pkgs.cnagios}/share/doc/cnagios";
258dd18b IB	74	environment.systemPackages = [
	75	pkgs.git
	76	pkgs.vim
	77	] ++
	78	(lib.optional (builtins.length (config.hostEnv.users pkgs) > 0) pkgs.home-manager);
31e11cdf IB	79
	80	systemd.targets.maintenance = {
	81	description = "Maintenance target with only sshd";
	82	after = [ "network-online.target" "sshd.service" ];
	83	requires = [ "network-online.target" "sshd.service" ];
	84	unitConfig.AllowIsolate = "yes";
	85	};
8d213e2b IB	86	};
8d213e2b IB	87	}