X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=modules%2Fprivate%2Fsystem%2Feldiron.nix;h=bf4cefb14cf9a291530274caed746843d4aa89e5;hp=b71df33d41020e1d5ab6cf1ccae77b764e00a918;hb=4227853a03923e04daf3dd511a4b5a1ab5d527e7;hpb=f807d9177bb795f034bfd11932e4fbfa6671805f diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix index b71df33..bf4cefb 100644 --- a/modules/private/system/eldiron.nix +++ b/modules/private/system/eldiron.nix @@ -3,6 +3,7 @@ { boot.kernelPackages = pkgs.linuxPackages_latest; _module.args.privateFiles = privateFiles; + _module.args.hostFQDN = "eldiron.immae.eu"; networking = { firewall.enable = true; @@ -17,13 +18,24 @@ imports = builtins.attrValues (import ../..); + boot.kernel.sysctl = { + # https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md + "net.ipv4.tcp_sack" = 0; + }; myServices.buildbot.enable = true; myServices.databases.enable = true; myServices.gitolite.enable = true; + myServices.monitoring.enable = true; myServices.irc.enable = true; myServices.pub.enable = true; myServices.tasks.enable = true; + myServices.mpd.enable = true; + myServices.dns.enable = true; + myServices.certificates.enable = true; + myServices.websites.enable = true; + myServices.mail.enable = true; services.pure-ftpd.enable = true; + services.duplyBackup.enable = true; deployment = { targetEnv = "hetzner"; @@ -47,6 +59,7 @@ services.cron = { enable = true; + mailto = "cron@immae.eu"; systemCronJobs = [ '' # The star after /var/lib/* avoids deleting all folders in case of problem @@ -59,5 +72,6 @@ # to be compatible, in order to avoid breaking some software such as # database servers. You should change this only after NixOS release # notes say you should. - system.stateVersion = "18.09"; # Did you read the comment? + # https://nixos.org/nixos/manual/release-notes.html + system.stateVersion = "19.03"; # Did you read the comment? }