blob: 0e72d9962fec977563a3607002aa44910cc42f89 (
plain) (
tree)
|
|
{ pkgs, lib, config, name, nodes, ... }:
{
config = {
networking.extraHosts = builtins.concatStringsSep "\n"
(lib.mapAttrsToList (n: v: "${v.config.hostEnv.ips.main.ip4} ${n}") nodes);
users.extraUsers.root.openssh.authorizedKeys.keyFiles = [ "${config.myEnv.privateFiles}/id_ed25519.pub" ];
services.openssh.enable = true;
services.duplyBackup.profiles.system = {
rootDir = "/var/lib";
excludeFile = lib.mkAfter ''
+ /var/lib/nixos
+ /var/lib/udev
+ /var/lib/udisks2
+ /var/lib/systemd
+ /var/lib/private/systemd
- /var/lib
'';
};
nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [
(self: super: {
postgresql = self.postgresql_pam;
mariadb = self.mariadb_pam;
}) # don’t put them as generic overlay because of home-manager
];
services.journald.extraConfig = ''
#Should be "warning" but disabled for now, it prevents anything from being stored
MaxLevelStore=info
MaxRetentionSec=1year
'';
users.users =
builtins.listToAttrs (map (x: lib.attrsets.nameValuePair x.name ({
isNormalUser = true;
home = "/home/${x.name}";
createHome = true;
linger = true;
} // x)) (config.hostEnv.users pkgs))
// {
root.packages = let
nagios-cli = pkgs.writeScriptBin "nagios-cli" ''
#!${pkgs.stdenv.shell}
sudo -u naemon ${pkgs.nagios-cli}/bin/nagios-cli -c ${./monitoring/nagios-cli.cfg}
'';
in
[
pkgs.telnet
pkgs.htop
pkgs.iftop
pkgs.bind.dnsutils
pkgs.httpie
pkgs.iotop
pkgs.whois
pkgs.ngrep
pkgs.tcpdump
pkgs.tshark
pkgs.tcpflow
# pkgs.mitmproxy # failing
pkgs.nmap
pkgs.p0f
pkgs.socat
pkgs.lsof
pkgs.psmisc
pkgs.openssl
pkgs.wget
pkgs.cnagios
nagios-cli
pkgs.pv
pkgs.smartmontools
];
};
users.mutableUsers = lib.mkDefault false;
environment.etc.cnagios.source = "${pkgs.cnagios}/share/doc/cnagios";
environment.systemPackages = [
pkgs.git
pkgs.vim
pkgs.rsync
pkgs.strace
] ++
(lib.optional (builtins.length (config.hostEnv.users pkgs) > 0) pkgs.home-manager);
systemd.targets.maintenance = {
description = "Maintenance target with only sshd";
after = [ "network-online.target" "sshd.service" ];
requires = [ "network-online.target" "sshd.service" ];
unitConfig.AllowIsolate = "yes";
};
};
}
|