Add environment file instead of hardcoding everything in makefiles

[perso/Immae/Config/Nix.git] / modules / private / system.nix

diff --git a/modules/private/system.nix b/modules/private/system.nix
index 1ddfd2eb645807d5cfa47a19f0348c58535aaf39..8c7a6f39da90c15353182d0f3e515a2e9ce6dbbd 100644 (file)
--- a/modules/private/system.nix
+++ b/modules/private/system.nix
@@ -1,4 +1,4 @@
-{ pkgs, privateFiles, lib, ... }:
+{ pkgs, lib, config, name, ... }:
 {
   config = {
     services.duplyBackup.profiles.system = {
@@ -12,30 +12,72 @@
         - /var/lib
         '';
     };
-    nixpkgs.overlays = builtins.attrValues (import ../../overlays);
-    _module.args = {
-      pkgsNext = import <nixpkgsNext> {};
-      pkgsPrevious = import <nixpkgsPrevious> {};
-      myconfig = {
-        inherit privateFiles;
-        env = import "${privateFiles}/environment.nix";
-      };
-    };
+    nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [
+      (self: super: {
+        postgresql = self.postgresql_pam;
+        mariadb = self.mariadb_pam;
+      }) # don’t put them as generic overlay because of home-manager
+    ];
 
     services.journald.extraConfig = ''
       MaxLevelStore="warning"
       MaxRetentionSec="1year"
       '';
 
-    users.users.root.packages = [
-      pkgs.telnet
-      pkgs.htop
-      pkgs.iftop
-    ];
+    users.users =
+      builtins.listToAttrs (map (x: lib.attrsets.nameValuePair x.name ({
+        isNormalUser = true;
+        home = "/home/${x.name}";
+        createHome = true;
+        linger = true;
+      } // x)) (config.hostEnv.users pkgs))
+      // {
+        root.packages = let
+          nagios-cli = pkgs.writeScriptBin "nagios-cli" ''
+            #!${pkgs.stdenv.shell}
+            sudo -u naemon ${pkgs.nagios-cli}/bin/nagios-cli -c ${./monitoring/nagios-cli.cfg}
+            '';
+        in
+          [
+            pkgs.telnet
+            pkgs.htop
+            pkgs.iftop
+            pkgs.bind.dnsutils
+            pkgs.httpie
+            pkgs.iotop
+            pkgs.whois
+            pkgs.ngrep
+            pkgs.tcpdump
+            pkgs.tshark
+            pkgs.tcpflow
+            # pkgs.mitmproxy # failing
+            pkgs.nmap
+            pkgs.p0f
+            pkgs.socat
+            pkgs.lsof
+            pkgs.psmisc
+            pkgs.openssl
+            pkgs.wget
 
+            pkgs.cnagios
+            nagios-cli
+          ];
+      };
+
+    users.mutableUsers = false;
+
+    environment.etc.cnagios.source = "${pkgs.cnagios}/share/doc/cnagios";
     environment.systemPackages = [
+      pkgs.git
       pkgs.vim
-    ];
+    ] ++
+    (lib.optional (builtins.length (config.hostEnv.users pkgs) > 0) pkgs.home-manager);
 
+    systemd.targets.maintenance = {
+      description = "Maintenance target with only sshd";
+      after = [ "network-online.target" "sshd.service" ];
+      requires = [ "network-online.target" "sshd.service" ];
+      unitConfig.AllowIsolate = "yes";
+    };
   };
 }