[perso/Immae/Config/Nix.git] / modules / private / system.nix

{ pkgs, lib, config, name, ... }:
{
  config = {
    services.duplyBackup.profiles.system = {
      rootDir = "/var/lib";
      excludeFile = lib.mkAfter ''
        + /var/lib/nixos
        + /var/lib/udev
        + /var/lib/udisks2
        + /var/lib/systemd
        + /var/lib/private/systemd
        - /var/lib
        '';
    };
    nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [
      (self: super: {
        postgresql = self.postgresql_pam;
        mariadb = self.mariadb_pam;
      }) # don’t put them as generic overlay because of home-manager
    ];
    _module.args = {
      pkgsNext = import <nixpkgsNext> {};
      pkgsPrevious = import <nixpkgsPrevious> {};
    };

    services.journald.extraConfig = ''
      MaxLevelStore="warning"
      MaxRetentionSec="1year"
      '';

    users.users =
      builtins.listToAttrs (map (x: lib.attrsets.nameValuePair x.name ({
        isNormalUser = true;
        home = "/home/${x.name}";
        createHome = true;
        linger = true;
      } // x)) (config.hostEnv.users pkgs))
      // {
        root.packages = let
          nagios-cli = pkgs.writeScriptBin "nagios-cli" ''
            #!${pkgs.stdenv.shell}
            sudo -u naemon ${pkgs.nagios-cli}/bin/nagios-cli -c ${./monitoring/nagios-cli.cfg}
            '';
        in
          [
            pkgs.telnet
            pkgs.htop
            pkgs.iftop
            pkgs.bind.dnsutils
            pkgs.httpie
            pkgs.iotop
            pkgs.whois
            pkgs.ngrep
            pkgs.tcpdump
            pkgs.tshark
            pkgs.tcpflow
            pkgs.mitmproxy
            pkgs.nmap
            pkgs.p0f
            pkgs.socat
            pkgs.lsof
            pkgs.psmisc
            pkgs.openssl
            pkgs.wget

            pkgs.cnagios
            nagios-cli
          ];
      };

    users.mutableUsers = false;

    environment.etc.cnagios.source = "${pkgs.cnagios}/share/doc/cnagios";
    environment.systemPackages = [
      pkgs.git
      pkgs.vim
    ] ++
    (lib.optional (builtins.length (config.hostEnv.users pkgs) > 0) pkgs.home-manager);

    systemd.targets.maintenance = {
      description = "Maintenance target with only sshd";
      after = [ "network-online.target" "sshd.service" ];
      requires = [ "network-online.target" "sshd.service" ];
      unitConfig.AllowIsolate = "yes";
    };
  };
}
Commit	Line	Data
619e4f46	1	{ pkgs, lib, config, name, ... }:
8d213e2b IB	2	{
8d213e2b IB	3	config = {
d2e703c5	4	services.duplyBackup.profiles.system = {
6a8252b1 IB	5	rootDir = "/var/lib";
	6	excludeFile = lib.mkAfter ''
	7	+ /var/lib/nixos
	8	+ /var/lib/udev
	9	+ /var/lib/udisks2
	10	+ /var/lib/systemd
	11	+ /var/lib/private/systemd
	12	- /var/lib
	13	'';
	14	};
9dd3eb0b	15	nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [
4e3e4761 IB	16	(self: super: {
	17	postgresql = self.postgresql_pam;
	18	mariadb = self.mariadb_pam;
	19	}) # don’t put them as generic overlay because of home-manager
9dd3eb0b	20	];
8d213e2b IB	21	_module.args = {
	22	pkgsNext = import <nixpkgsNext> {};
	23	pkgsPrevious = import <nixpkgsPrevious> {};
8d213e2b IB	24	};
	25
	26	services.journald.extraConfig = ''
	27	MaxLevelStore="warning"
	28	MaxRetentionSec="1year"
	29	'';
	30
8a304ef4 IB	31	users.users =
	32	builtins.listToAttrs (map (x: lib.attrsets.nameValuePair x.name ({
	33	isNormalUser = true;
	34	home = "/home/${x.name}";
	35	createHome = true;
	36	linger = true;
	37	} // x)) (config.hostEnv.users pkgs))
	38	// {
	39	root.packages = let
	40	nagios-cli = pkgs.writeScriptBin "nagios-cli" ''
	41	#!${pkgs.stdenv.shell}
	42	sudo -u naemon ${pkgs.nagios-cli}/bin/nagios-cli -c ${./monitoring/nagios-cli.cfg}
	43	'';
	44	in
	45	[
	46	pkgs.telnet
	47	pkgs.htop
	48	pkgs.iftop
	49	pkgs.bind.dnsutils
	50	pkgs.httpie
	51	pkgs.iotop
	52	pkgs.whois
	53	pkgs.ngrep
	54	pkgs.tcpdump
	55	pkgs.tshark
	56	pkgs.tcpflow
	57	pkgs.mitmproxy
	58	pkgs.nmap
	59	pkgs.p0f
	60	pkgs.socat
	61	pkgs.lsof
	62	pkgs.psmisc
ca732a83	63	pkgs.openssl
8a304ef4	64	pkgs.wget
781c3202	65
8a304ef4 IB	66	pkgs.cnagios
	67	nagios-cli
	68	];
	69	};
8d213e2b	70
8a304ef4	71	users.mutableUsers = false;
8d213e2b	72
8a304ef4	73	environment.etc.cnagios.source = "${pkgs.cnagios}/share/doc/cnagios";
258dd18b IB	74	environment.systemPackages = [
	75	pkgs.git
	76	pkgs.vim
	77	] ++
	78	(lib.optional (builtins.length (config.hostEnv.users pkgs) > 0) pkgs.home-manager);
31e11cdf IB	79
	80	systemd.targets.maintenance = {
	81	description = "Maintenance target with only sshd";
	82	after = [ "network-online.target" "sshd.service" ];
	83	requires = [ "network-online.target" "sshd.service" ];
	84	unitConfig.AllowIsolate = "yes";
	85	};
8d213e2b IB	86	};
8d213e2b IB	87	}