]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - modules/private/system.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Squash changes containing private information
[perso/Immae/Config/Nix.git] / modules / private / system.nix
diff --git a/modules/private/system.nix b/modules/private/system.nix
deleted file mode 100644 (file)
index 5f3d79e..0000000
--- a/modules/private/system.nix
+++ /dev/null
@@ -1,98 +0,0 @@
-{ pkgs, lib, config, name, nodes, ... }:
-{
-  config = {
-    deployment.secrets."secret_vars.yml" = {
-      source = builtins.toString ../../nixops/secrets/vars.yml;
-      destination = config.secrets.secretsVars;
-      owner.user = "root";
-      owner.group = "root";
-      permissions = "0400";
-    };
-
-    networking.extraHosts = builtins.concatStringsSep "\n"
-      (lib.mapAttrsToList (n: v: "${v.config.hostEnv.ips.main.ip4} ${n}") nodes);
-
-    users.extraUsers.root.openssh.authorizedKeys.keys = [ config.myEnv.sshd.rootKeys.nix_repository ];
-    secrets.deleteSecretsVars = true;
-    secrets.gpgKeys = [
-      ../../nixops/public_keys/Immae.pub
-    ];
-    secrets.secretsVars = "/run/keys/vars.yml";
-
-    services.openssh.enable = true;
-
-    nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [
-      (self: super: {
-        postgresql = self.postgresql_pam;
-        mariadb = self.mariadb_pam;
-      }) # don’t put them as generic overlay because of home-manager
-    ];
-
-    services.journald.extraConfig = ''
-      #Should be "warning" but disabled for now, it prevents anything from being stored
-      MaxLevelStore=info
-      MaxRetentionSec=1year
-      '';
-
-    users.users =
-      builtins.listToAttrs (map (x: lib.attrsets.nameValuePair x.name ({
-        isNormalUser = true;
-        home = "/home/${x.name}";
-        createHome = true;
-        linger = true;
-      } // x)) (config.hostEnv.users pkgs))
-      // {
-        root.packages = let
-          nagios-cli = pkgs.writeScriptBin "nagios-cli" ''
-            #!${pkgs.stdenv.shell}
-            sudo -u naemon ${pkgs.nagios-cli}/bin/nagios-cli -c ${./monitoring/nagios-cli.cfg}
-            '';
-        in
-          [
-            pkgs.telnet
-            pkgs.htop
-            pkgs.iftop
-            pkgs.bind.dnsutils
-            pkgs.httpie
-            pkgs.iotop
-            pkgs.whois
-            pkgs.ngrep
-            pkgs.tcpdump
-            pkgs.tshark
-            pkgs.tcpflow
-            # pkgs.mitmproxy # failing
-            pkgs.nmap
-            pkgs.p0f
-            pkgs.socat
-            pkgs.lsof
-            pkgs.psmisc
-            pkgs.openssl
-            pkgs.wget
-
-            pkgs.cnagios
-            nagios-cli
-
-            pkgs.pv
-            pkgs.smartmontools
-          ];
-      };
-
-    users.mutableUsers = lib.mkDefault false;
-
-    environment.etc.cnagios.source = "${pkgs.cnagios}/share/doc/cnagios";
-    environment.systemPackages = [
-      pkgs.git
-      pkgs.vim
-      pkgs.rsync
-      pkgs.strace
-    ] ++
-    (lib.optional (builtins.length (config.hostEnv.users pkgs) > 0) pkgs.home-manager);
-
-    systemd.targets.maintenance = {
-      description = "Maintenance target with only sshd";
-      after = [ "network-online.target" "sshd.service" ];
-      requires = [ "network-online.target" "sshd.service" ];
-      unitConfig.AllowIsolate = "yes";
-    };
-  };
-}
My infrastructure configuration