modules/private/system.nix

   1 { pkgs, lib, config, name, ... }:
   2 {
   3   config = {
   4     services.duplyBackup.profiles.system = {
   5       rootDir = "/var/lib";
   6       excludeFile = lib.mkAfter ''
   7         + /var/lib/nixos
   8         + /var/lib/udev
   9         + /var/lib/udisks2
  10         + /var/lib/systemd
  11         + /var/lib/private/systemd
  12         - /var/lib
  13         '';
  14     };
  15     nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [
  16       (self: super: {
  17         postgresql = self.postgresql_pam;
  18         mariadb = self.mariadb_pam;
  19       }) # don’t put them as generic overlay because of home-manager
  20     ];
  21     _module.args = {
  22       pkgsNext = import <nixpkgsNext> {};
  23       pkgsPrevious = import <nixpkgsPrevious> {};
  24     };
  25
  26     services.journald.extraConfig = ''
  27       MaxLevelStore="warning"
  28       MaxRetentionSec="1year"
  29       '';
  30
  31     users.users =
  32       builtins.listToAttrs (map (x: lib.attrsets.nameValuePair x.name ({
  33         isNormalUser = true;
  34         home = "/home/${x.name}";
  35         createHome = true;
  36         linger = true;
  37       } // x)) (config.hostEnv.users pkgs))
  38       // {
  39         root.packages = let
  40           nagios-cli = pkgs.writeScriptBin "nagios-cli" ''
  41             #!${pkgs.stdenv.shell}
  42             sudo -u naemon ${pkgs.nagios-cli}/bin/nagios-cli -c ${./monitoring/nagios-cli.cfg}
  43             '';
  44         in
  45           [
  46             pkgs.telnet
  47             pkgs.htop
  48             pkgs.iftop
  49             pkgs.bind.dnsutils
  50             pkgs.httpie
  51             pkgs.iotop
  52             pkgs.whois
  53             pkgs.ngrep
  54             pkgs.tcpdump
  55             pkgs.tshark
  56             pkgs.tcpflow
  57             # pkgs.mitmproxy # failing
  58             pkgs.nmap
  59             pkgs.p0f
  60             pkgs.socat
  61             pkgs.lsof
  62             pkgs.psmisc
  63             pkgs.openssl
  64             pkgs.wget
  65
  66             pkgs.cnagios
  67             nagios-cli
  68           ];
  69       };
  70
  71     users.mutableUsers = false;
  72
  73     environment.etc.cnagios.source = "${pkgs.cnagios}/share/doc/cnagios";
  74     environment.systemPackages = [
  75       pkgs.git
  76       pkgs.vim
  77     ] ++
  78     (lib.optional (builtins.length (config.hostEnv.users pkgs) > 0) pkgs.home-manager);
  79
  80     systemd.targets.maintenance = {
  81       description = "Maintenance target with only sshd";
  82       after = [ "network-online.target" "sshd.service" ];
  83       requires = [ "network-online.target" "sshd.service" ];
  84       unitConfig.AllowIsolate = "yes";
  85     };
  86   };
  87 }