modules/private/system.nix

   1 { pkgs, lib, config, name, ... }:
   2 {
   3   config = {
   4     services.duplyBackup.profiles.system = {
   5       rootDir = "/var/lib";
   6       excludeFile = lib.mkAfter ''
   7         + /var/lib/nixos
   8         + /var/lib/udev
   9         + /var/lib/udisks2
  10         + /var/lib/systemd
  11         + /var/lib/private/systemd
  12         - /var/lib
  13         '';
  14     };
  15     nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [
  16       (self: super: {
  17         postgresql = self.postgresql_pam;
  18         mariadb = self.mariadb_pam;
  19       }) # don’t put them as generic overlay because of home-manager
  20     ];
  21
  22     services.journald.extraConfig = ''
  23       MaxLevelStore="warning"
  24       MaxRetentionSec="1year"
  25       '';
  26
  27     users.users =
  28       builtins.listToAttrs (map (x: lib.attrsets.nameValuePair x.name ({
  29         isNormalUser = true;
  30         home = "/home/${x.name}";
  31         createHome = true;
  32         linger = true;
  33       } // x)) (config.hostEnv.users pkgs))
  34       // {
  35         root.packages = let
  36           nagios-cli = pkgs.writeScriptBin "nagios-cli" ''
  37             #!${pkgs.stdenv.shell}
  38             sudo -u naemon ${pkgs.nagios-cli}/bin/nagios-cli -c ${./monitoring/nagios-cli.cfg}
  39             '';
  40         in
  41           [
  42             pkgs.telnet
  43             pkgs.htop
  44             pkgs.iftop
  45             pkgs.bind.dnsutils
  46             pkgs.httpie
  47             pkgs.iotop
  48             pkgs.whois
  49             pkgs.ngrep
  50             pkgs.tcpdump
  51             pkgs.tshark
  52             pkgs.tcpflow
  53             # pkgs.mitmproxy # failing
  54             pkgs.nmap
  55             pkgs.p0f
  56             pkgs.socat
  57             pkgs.lsof
  58             pkgs.psmisc
  59             pkgs.openssl
  60             pkgs.wget
  61
  62             pkgs.cnagios
  63             nagios-cli
  64           ];
  65       };
  66
  67     users.mutableUsers = false;
  68
  69     environment.etc.cnagios.source = "${pkgs.cnagios}/share/doc/cnagios";
  70     environment.systemPackages = [
  71       pkgs.git
  72       pkgs.vim
  73     ] ++
  74     (lib.optional (builtins.length (config.hostEnv.users pkgs) > 0) pkgs.home-manager);
  75
  76     systemd.targets.maintenance = {
  77       description = "Maintenance target with only sshd";
  78       after = [ "network-online.target" "sshd.service" ];
  79       requires = [ "network-online.target" "sshd.service" ];
  80       unitConfig.AllowIsolate = "yes";
  81     };
  82   };
  83 }