Configuration modifications

[perso/Immae/Config/Nix.git] / modules / private / system.nix

diff --git a/modules/private/system.nix b/modules/private/system.nix
index 64fc2d972b3452ed61ec7137ec6497ee54100694..6fc0ecd367ac9b38db05fa1cadcaf19fb418c4a8 100644 (file)
--- a/modules/private/system.nix
+++ b/modules/private/system.nix
@@ -1,6 +1,12 @@
-{ pkgs, lib, config, name, ... }:
+{ pkgs, lib, config, name, nodes, ... }:
 {
   config = {
+    networking.extraHosts = builtins.concatStringsSep "\n"
+      (lib.mapAttrsToList (n: v: "${v.config.hostEnv.ips.main.ip4} ${n}") nodes);
+
+    users.extraUsers.root.openssh.authorizedKeys.keyFiles = [ "${config.myEnv.privateFiles}/id_ed25519.pub" ];
+    services.openssh.enable = true;
+
     services.duplyBackup.profiles.system = {
       rootDir = "/var/lib";
       excludeFile = lib.mkAfter ''
@@ -12,11 +18,12 @@
         - /var/lib
         '';
     };
-    nixpkgs.overlays = builtins.attrValues (import ../../overlays);
-    _module.args = {
-      pkgsNext = import <nixpkgsNext> {};
-      pkgsPrevious = import <nixpkgsPrevious> {};
-    };
+    nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [
+      (self: super: {
+        postgresql = self.postgresql_pam;
+        mariadb = self.mariadb_pam;
+      }) # don’t put them as generic overlay because of home-manager
+    ];
 
     services.journald.extraConfig = ''
       MaxLevelStore="warning"
@@ -49,37 +56,39 @@
             pkgs.tcpdump
             pkgs.tshark
             pkgs.tcpflow
-            pkgs.mitmproxy
+            # pkgs.mitmproxy # failing
             pkgs.nmap
             pkgs.p0f
             pkgs.socat
             pkgs.lsof
             pkgs.psmisc
+            pkgs.openssl
             pkgs.wget
 
             pkgs.cnagios
             nagios-cli
+
+            pkgs.pv
+            pkgs.smartmontools
           ];
       };
 
-    users.mutableUsers = false;
+    users.mutableUsers = lib.mkDefault false;
 
     environment.etc.cnagios.source = "${pkgs.cnagios}/share/doc/cnagios";
-    environment.systemPackages =
-      let
-        home-manager = builtins.fetchGit {
-          url = "https://github.com/rycee/home-manager.git";
-          rev = "ef64bc598f28818d56c86629dad98b468af9c071";
-          ref = "release-19.03";
-        };
-      in
-      [
-        pkgs.git
-        pkgs.vim
-      ] ++
-      (lib.optional
-        (builtins.length (config.hostEnv.users pkgs) > 0)
-        ((pkgs.callPackage home-manager {}).home-manager)
-      );
+    environment.systemPackages = [
+      pkgs.git
+      pkgs.vim
+      pkgs.rsync
+      pkgs.strace
+    ] ++
+    (lib.optional (builtins.length (config.hostEnv.users pkgs) > 0) pkgs.home-manager);
+
+    systemd.targets.maintenance = {
+      description = "Maintenance target with only sshd";
+      after = [ "network-online.target" "sshd.service" ];
+      requires = [ "network-online.target" "sshd.service" ];
+      unitConfig.AllowIsolate = "yes";
+    };
   };
 }