Update stateVersion

[perso/Immae/Config/Nix.git] / modules / private / system / dilion.nix

diff --git a/modules/private/system/dilion.nix b/modules/private/system/dilion.nix
index 258506b545721ed815cd38692cd18ef026643898..b9e83f3409df97535881283a9b6f795b13bf9fc6 100644 (file)
--- a/modules/private/system/dilion.nix
+++ b/modules/private/system/dilion.nix
@@ -41,6 +41,46 @@
 
   programs.zsh.enable = true;
 
+  users.users.backup = {
+    home = "/var/lib/backup";
+    createHome = true;
+    hashedPassword = "!";
+    isSystemUser = true;
+    shell = pkgs.bashInteractive;
+    openssh.authorizedKeys.keys = let
+    in
+      ["command=\"${pkgs.rrsync_sudo}/bin/rrsync /var/lib/backup/eldiron/\"  ${config.myEnv.rsync_backup.ssh_key.public}"];
+  };
+  security.sudo.extraRules = pkgs.lib.mkAfter [
+    {
+      commands = [
+        { command = "${pkgs.rsync}/bin/rsync"; options = [ "NOPASSWD" ]; }
+      ];
+      users = [ "backup" ];
+      runAs = "root";
+    }
+    {
+      commands = [
+        { command = "/home/immae/.nix-profile/root_scripts/*"; options = [ "NOPASSWD" ]; }
+      ];
+      users = [ "immae" ];
+      runAs = "root";
+    }
+  ];
+
+  boot.kernel.sysctl."vm.nr_hugepages" = 256; # for xmr-stak
+  system.activationScripts.backup_home = ''
+    chown root:root /var/lib/backup
+    install -m 0750 -o backup -g root -d /var/lib/backup/eldiron
+  '';
+
+  virtualisation.docker.enable = true;
+  virtualisation.libvirtd.enable = true;
+  users.extraUsers.immae.extraGroups = [ "libvirtd" "docker" ];
+  systemd.services.libvirtd.postStart = ''
+    install -m 0770 -g libvirtd -d /var/lib/libvirt/images
+  '';
+
   time.timeZone = "Europe/Paris";
   nix = {
     useSandbox = "relaxed";
@@ -52,17 +92,26 @@
     '';
   };
 
+  security.pki.certificateFiles = [
+    (pkgs.fetchurl {
+      url = "http://downloads.e.eriomem.net/eriomemca.pem";
+      sha256 = "1ixx4c6j3m26j8dp9a3dkvxc80v1nr5aqgmawwgs06bskasqkvvh";
+    })
+  ];
+
   # This is equivalent to setting environment.sessionVariables.NIX_PATH
   nix.nixPath = [
-    "home-manager=https://github.com/rycee/home-manager/archive/release-19.03.tar.gz"
-    "nixpkgs=https://nixos.org/channels/nixos-19.03/nixexprs.tar.xz"
+    "home-manager=https://github.com/rycee/home-manager/archive/master.tar.gz"
+    "nixpkgs=https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz"
   ];
+  nix.binaryCaches = [ "https://hydra.iohk.io" "https://cache.nixos.org" ];
+  nix.binaryCachePublicKeys = [ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ];
 
   # This value determines the NixOS release with which your system is
   # to be compatible, in order to avoid breaking some software such as
   # database servers. You should change this only after NixOS release
   # notes say you should.
   # https://nixos.org/nixos/manual/release-notes.html
-  system.stateVersion = "19.03"; # Did you read the comment?
+  system.stateVersion = "20.03"; # Did you read the comment?
 }