modules/private/system.nix

   1 { pkgs, lib, config, name, ... }:
   2 {
   3   config = {
   4     services.duplyBackup.profiles.system = {
   5       rootDir = "/var/lib";
   6       excludeFile = lib.mkAfter ''
   7         + /var/lib/nixos
   8         + /var/lib/udev
   9         + /var/lib/udisks2
  10         + /var/lib/systemd
  11         + /var/lib/private/systemd
  12         - /var/lib
  13         '';
  14     };
  15     nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [
  16       (self: super: {
  17         postgresql = self.postgresql_pam;
  18         mariadb = self.mariadb_pam;
  19       }) # don’t put them as generic overlay because of home-manager
  20     ];
  21     _module.args = {
  22       pkgsNext = import <nixpkgsNext> {};
  23       pkgsPrevious = import <nixpkgsPrevious> {};
  24     };
  25
  26     services.journald.extraConfig = ''
  27       MaxLevelStore="warning"
  28       MaxRetentionSec="1year"
  29       '';
  30
  31     users.users =
  32       builtins.listToAttrs (map (x: lib.attrsets.nameValuePair x.name ({
  33         isNormalUser = true;
  34         home = "/home/${x.name}";
  35         createHome = true;
  36         linger = true;
  37       } // x)) (config.hostEnv.users pkgs))
  38       // {
  39         root.packages = let
  40           nagios-cli = pkgs.writeScriptBin "nagios-cli" ''
  41             #!${pkgs.stdenv.shell}
  42             sudo -u naemon ${pkgs.nagios-cli}/bin/nagios-cli -c ${./monitoring/nagios-cli.cfg}
  43             '';
  44         in
  45           [
  46             pkgs.telnet
  47             pkgs.htop
  48             pkgs.iftop
  49             pkgs.bind.dnsutils
  50             pkgs.httpie
  51             pkgs.iotop
  52             pkgs.whois
  53             pkgs.ngrep
  54             pkgs.tcpdump
  55             pkgs.tshark
  56             pkgs.tcpflow
  57             pkgs.mitmproxy
  58             pkgs.nmap
  59             pkgs.p0f
  60             pkgs.socat
  61             pkgs.lsof
  62             pkgs.psmisc
  63             pkgs.openssl
  64             pkgs.wget
  65
  66             pkgs.cnagios
  67             nagios-cli
  68           ];
  69       };
  70
  71     users.mutableUsers = false;
  72
  73     environment.etc.cnagios.source = "${pkgs.cnagios}/share/doc/cnagios";
  74     environment.systemPackages = [
  75       pkgs.git
  76       pkgs.vim
  77     ] ++
  78     (lib.optional (builtins.length (config.hostEnv.users pkgs) > 0) pkgs.home-manager);
  79
  80     systemd.targets.maintenance = {
  81       description = "Maintenance target with only sshd";
  82       after = [ "network-online.target" "sshd.service" ];
  83       requires = [ "network-online.target" "sshd.service" ];
  84       unitConfig.AllowIsolate = "yes";
  85     };
  86   };
  87 }