diff options
Diffstat (limited to 'modules/private/system.nix')
-rw-r--r-- | modules/private/system.nix | 98 |
1 files changed, 0 insertions, 98 deletions
diff --git a/modules/private/system.nix b/modules/private/system.nix deleted file mode 100644 index 5f3d79e..0000000 --- a/modules/private/system.nix +++ /dev/null | |||
@@ -1,98 +0,0 @@ | |||
1 | { pkgs, lib, config, name, nodes, ... }: | ||
2 | { | ||
3 | config = { | ||
4 | deployment.secrets."secret_vars.yml" = { | ||
5 | source = builtins.toString ../../nixops/secrets/vars.yml; | ||
6 | destination = config.secrets.secretsVars; | ||
7 | owner.user = "root"; | ||
8 | owner.group = "root"; | ||
9 | permissions = "0400"; | ||
10 | }; | ||
11 | |||
12 | networking.extraHosts = builtins.concatStringsSep "\n" | ||
13 | (lib.mapAttrsToList (n: v: "${v.config.hostEnv.ips.main.ip4} ${n}") nodes); | ||
14 | |||
15 | users.extraUsers.root.openssh.authorizedKeys.keys = [ config.myEnv.sshd.rootKeys.nix_repository ]; | ||
16 | secrets.deleteSecretsVars = true; | ||
17 | secrets.gpgKeys = [ | ||
18 | ../../nixops/public_keys/Immae.pub | ||
19 | ]; | ||
20 | secrets.secretsVars = "/run/keys/vars.yml"; | ||
21 | |||
22 | services.openssh.enable = true; | ||
23 | |||
24 | nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [ | ||
25 | (self: super: { | ||
26 | postgresql = self.postgresql_pam; | ||
27 | mariadb = self.mariadb_pam; | ||
28 | }) # don’t put them as generic overlay because of home-manager | ||
29 | ]; | ||
30 | |||
31 | services.journald.extraConfig = '' | ||
32 | #Should be "warning" but disabled for now, it prevents anything from being stored | ||
33 | MaxLevelStore=info | ||
34 | MaxRetentionSec=1year | ||
35 | ''; | ||
36 | |||
37 | users.users = | ||
38 | builtins.listToAttrs (map (x: lib.attrsets.nameValuePair x.name ({ | ||
39 | isNormalUser = true; | ||
40 | home = "/home/${x.name}"; | ||
41 | createHome = true; | ||
42 | linger = true; | ||
43 | } // x)) (config.hostEnv.users pkgs)) | ||
44 | // { | ||
45 | root.packages = let | ||
46 | nagios-cli = pkgs.writeScriptBin "nagios-cli" '' | ||
47 | #!${pkgs.stdenv.shell} | ||
48 | sudo -u naemon ${pkgs.nagios-cli}/bin/nagios-cli -c ${./monitoring/nagios-cli.cfg} | ||
49 | ''; | ||
50 | in | ||
51 | [ | ||
52 | pkgs.telnet | ||
53 | pkgs.htop | ||
54 | pkgs.iftop | ||
55 | pkgs.bind.dnsutils | ||
56 | pkgs.httpie | ||
57 | pkgs.iotop | ||
58 | pkgs.whois | ||
59 | pkgs.ngrep | ||
60 | pkgs.tcpdump | ||
61 | pkgs.tshark | ||
62 | pkgs.tcpflow | ||
63 | # pkgs.mitmproxy # failing | ||
64 | pkgs.nmap | ||
65 | pkgs.p0f | ||
66 | pkgs.socat | ||
67 | pkgs.lsof | ||
68 | pkgs.psmisc | ||
69 | pkgs.openssl | ||
70 | pkgs.wget | ||
71 | |||
72 | pkgs.cnagios | ||
73 | nagios-cli | ||
74 | |||
75 | pkgs.pv | ||
76 | pkgs.smartmontools | ||
77 | ]; | ||
78 | }; | ||
79 | |||
80 | users.mutableUsers = lib.mkDefault false; | ||
81 | |||
82 | environment.etc.cnagios.source = "${pkgs.cnagios}/share/doc/cnagios"; | ||
83 | environment.systemPackages = [ | ||
84 | pkgs.git | ||
85 | pkgs.vim | ||
86 | pkgs.rsync | ||
87 | pkgs.strace | ||
88 | ] ++ | ||
89 | (lib.optional (builtins.length (config.hostEnv.users pkgs) > 0) pkgs.home-manager); | ||
90 | |||
91 | systemd.targets.maintenance = { | ||
92 | description = "Maintenance target with only sshd"; | ||
93 | after = [ "network-online.target" "sshd.service" ]; | ||
94 | requires = [ "network-online.target" "sshd.service" ]; | ||
95 | unitConfig.AllowIsolate = "yes"; | ||
96 | }; | ||
97 | }; | ||
98 | } | ||