Add environment file instead of hardcoding everything in makefiles

[perso/Immae/Config/Nix.git] / modules / private / system.nix

diff --git a/modules/private/system.nix b/modules/private/system.nix
index 57aeb4e1b569c21f18c766d4482f6553db6bcb1d..8c7a6f39da90c15353182d0f3e515a2e9ce6dbbd 100644 (file)
--- a/modules/private/system.nix
+++ b/modules/private/system.nix
@@ -12,11 +12,12 @@
         - /var/lib
         '';
     };
-    nixpkgs.overlays = builtins.attrValues (import ../../overlays);
-    _module.args = {
-      pkgsNext = import <nixpkgsNext> {};
-      pkgsPrevious = import <nixpkgsPrevious> {};
-    };
+    nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [
+      (self: super: {
+        postgresql = self.postgresql_pam;
+        mariadb = self.mariadb_pam;
+      }) # don’t put them as generic overlay because of home-manager
+    ];
 
     services.journald.extraConfig = ''
       MaxLevelStore="warning"
@@ -49,7 +50,7 @@
             pkgs.tcpdump
             pkgs.tshark
             pkgs.tcpflow
-            pkgs.mitmproxy
+            # pkgs.mitmproxy # failing
             pkgs.nmap
             pkgs.p0f
             pkgs.socat
@@ -71,5 +72,12 @@
       pkgs.vim
     ] ++
     (lib.optional (builtins.length (config.hostEnv.users pkgs) > 0) pkgs.home-manager);
+
+    systemd.targets.maintenance = {
+      description = "Maintenance target with only sshd";
+      after = [ "network-online.target" "sshd.service" ];
+      requires = [ "network-online.target" "sshd.service" ];
+      unitConfig.AllowIsolate = "yes";
+    };
   };
 }