diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/private/environment.nix | 16 | ||||
-rw-r--r-- | modules/private/system.nix | 88 | ||||
-rw-r--r-- | modules/private/system/dilion.nix | 68 |
3 files changed, 139 insertions, 33 deletions
diff --git a/modules/private/environment.nix b/modules/private/environment.nix index c4c32c8..3b51f37 100644 --- a/modules/private/environment.nix +++ b/modules/private/environment.nix | |||
@@ -114,6 +114,14 @@ let | |||
114 | description = "Host FQDN"; | 114 | description = "Host FQDN"; |
115 | type = str; | 115 | type = str; |
116 | }; | 116 | }; |
117 | users = mkOption { | ||
118 | type = unspecified; | ||
119 | default = pkgs: []; | ||
120 | description = '' | ||
121 | Sublist of users from realUsers. Function that takes pkgs as | ||
122 | argument and gives an array as a result | ||
123 | ''; | ||
124 | }; | ||
117 | emails = mkOption { | 125 | emails = mkOption { |
118 | default = []; | 126 | default = []; |
119 | description = "List of e-mails that the server can be a sender of"; | 127 | description = "List of e-mails that the server can be a sender of"; |
@@ -287,6 +295,14 @@ in | |||
287 | }; | 295 | }; |
288 | }; | 296 | }; |
289 | }; | 297 | }; |
298 | realUsers = mkOption { | ||
299 | description = '' | ||
300 | Attrset of function taking pkgs as argument. | ||
301 | Real users settings, should provide a subattr of users.users.<name> | ||
302 | with at least: name, (hashed)Password, shell | ||
303 | ''; | ||
304 | type = attrsOf unspecified; | ||
305 | }; | ||
290 | users = mkOption { | 306 | users = mkOption { |
291 | description = "System and regular users uid/gid"; | 307 | description = "System and regular users uid/gid"; |
292 | type = attrsOf (submodule { | 308 | type = attrsOf (submodule { |
diff --git a/modules/private/system.nix b/modules/private/system.nix index 66208c4..64fc2d9 100644 --- a/modules/private/system.nix +++ b/modules/private/system.nix | |||
@@ -23,41 +23,63 @@ | |||
23 | MaxRetentionSec="1year" | 23 | MaxRetentionSec="1year" |
24 | ''; | 24 | ''; |
25 | 25 | ||
26 | users.mutableUsers = false; | 26 | users.users = |
27 | users.users.root.packages = let | 27 | builtins.listToAttrs (map (x: lib.attrsets.nameValuePair x.name ({ |
28 | nagios-cli = pkgs.writeScriptBin "nagios-cli" '' | 28 | isNormalUser = true; |
29 | #!${pkgs.stdenv.shell} | 29 | home = "/home/${x.name}"; |
30 | sudo -u naemon ${pkgs.nagios-cli}/bin/nagios-cli -c ${./monitoring/nagios-cli.cfg} | 30 | createHome = true; |
31 | ''; | 31 | linger = true; |
32 | in | 32 | } // x)) (config.hostEnv.users pkgs)) |
33 | [ | 33 | // { |
34 | pkgs.telnet | 34 | root.packages = let |
35 | pkgs.htop | 35 | nagios-cli = pkgs.writeScriptBin "nagios-cli" '' |
36 | pkgs.iftop | 36 | #!${pkgs.stdenv.shell} |
37 | pkgs.bind.dnsutils | 37 | sudo -u naemon ${pkgs.nagios-cli}/bin/nagios-cli -c ${./monitoring/nagios-cli.cfg} |
38 | pkgs.httpie | 38 | ''; |
39 | pkgs.iotop | 39 | in |
40 | pkgs.whois | 40 | [ |
41 | pkgs.ngrep | 41 | pkgs.telnet |
42 | pkgs.tcpdump | 42 | pkgs.htop |
43 | pkgs.tshark | 43 | pkgs.iftop |
44 | pkgs.tcpflow | 44 | pkgs.bind.dnsutils |
45 | pkgs.mitmproxy | 45 | pkgs.httpie |
46 | pkgs.nmap | 46 | pkgs.iotop |
47 | pkgs.p0f | 47 | pkgs.whois |
48 | pkgs.socat | 48 | pkgs.ngrep |
49 | pkgs.lsof | 49 | pkgs.tcpdump |
50 | pkgs.psmisc | 50 | pkgs.tshark |
51 | pkgs.wget | 51 | pkgs.tcpflow |
52 | pkgs.mitmproxy | ||
53 | pkgs.nmap | ||
54 | pkgs.p0f | ||
55 | pkgs.socat | ||
56 | pkgs.lsof | ||
57 | pkgs.psmisc | ||
58 | pkgs.wget | ||
52 | 59 | ||
53 | pkgs.cnagios | 60 | pkgs.cnagios |
54 | nagios-cli | 61 | nagios-cli |
55 | ]; | 62 | ]; |
63 | }; | ||
56 | 64 | ||
57 | environment.etc.cnagios.source = "${pkgs.cnagios}/share/doc/cnagios"; | 65 | users.mutableUsers = false; |
58 | environment.systemPackages = [ | ||
59 | pkgs.vim | ||
60 | ]; | ||
61 | 66 | ||
67 | environment.etc.cnagios.source = "${pkgs.cnagios}/share/doc/cnagios"; | ||
68 | environment.systemPackages = | ||
69 | let | ||
70 | home-manager = builtins.fetchGit { | ||
71 | url = "https://github.com/rycee/home-manager.git"; | ||
72 | rev = "ef64bc598f28818d56c86629dad98b468af9c071"; | ||
73 | ref = "release-19.03"; | ||
74 | }; | ||
75 | in | ||
76 | [ | ||
77 | pkgs.git | ||
78 | pkgs.vim | ||
79 | ] ++ | ||
80 | (lib.optional | ||
81 | (builtins.length (config.hostEnv.users pkgs) > 0) | ||
82 | ((pkgs.callPackage home-manager {}).home-manager) | ||
83 | ); | ||
62 | }; | 84 | }; |
63 | } | 85 | } |
diff --git a/modules/private/system/dilion.nix b/modules/private/system/dilion.nix new file mode 100644 index 0000000..258506b --- /dev/null +++ b/modules/private/system/dilion.nix | |||
@@ -0,0 +1,68 @@ | |||
1 | { privateFiles }: | ||
2 | { config, pkgs, ... }: | ||
3 | { | ||
4 | boot.kernelPackages = pkgs.linuxPackages_latest; | ||
5 | myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; }; | ||
6 | |||
7 | networking = { | ||
8 | firewall.enable = false; | ||
9 | interfaces."eth0".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList | ||
10 | (n: ips: { address = ips.ip4; prefixLength = 32; }) | ||
11 | (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.hostEnv.ips); | ||
12 | interfaces."eth0".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList | ||
13 | (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or [])) | ||
14 | config.hostEnv.ips); | ||
15 | }; | ||
16 | |||
17 | myServices.ssh.modules = [ config.myServices.ssh.predefinedModules.regular ]; | ||
18 | imports = builtins.attrValues (import ../..); | ||
19 | |||
20 | deployment = { | ||
21 | targetEnv = "hetzner"; | ||
22 | hetzner = { | ||
23 | robotUser = config.myEnv.hetzner.user; | ||
24 | robotPass = config.myEnv.hetzner.pass; | ||
25 | mainIPv4 = config.hostEnv.ips.main.ip4; | ||
26 | partitions = '' | ||
27 | clearpart --all --initlabel --drives=sda,sdb,sdc,sdd | ||
28 | |||
29 | part swap --recommended --label=swap --fstype=swap --ondisk=sda | ||
30 | |||
31 | part raid.1 --grow --ondisk=sdc | ||
32 | part raid.2 --grow --ondisk=sdd | ||
33 | |||
34 | raid / --level=1 --device=md0 --fstype=ext4 --label=root raid.1 raid.2 | ||
35 | |||
36 | part /nix --grow --label=nix --ondisk=sda | ||
37 | part /data --grow --label=data --ondisk=sdb | ||
38 | ''; | ||
39 | }; | ||
40 | }; | ||
41 | |||
42 | programs.zsh.enable = true; | ||
43 | |||
44 | time.timeZone = "Europe/Paris"; | ||
45 | nix = { | ||
46 | useSandbox = "relaxed"; | ||
47 | extraOptions = '' | ||
48 | keep-outputs = true | ||
49 | keep-derivations = true | ||
50 | #Assumed in NUR | ||
51 | allow-import-from-derivation = true | ||
52 | ''; | ||
53 | }; | ||
54 | |||
55 | # This is equivalent to setting environment.sessionVariables.NIX_PATH | ||
56 | nix.nixPath = [ | ||
57 | "home-manager=https://github.com/rycee/home-manager/archive/release-19.03.tar.gz" | ||
58 | "nixpkgs=https://nixos.org/channels/nixos-19.03/nixexprs.tar.xz" | ||
59 | ]; | ||
60 | |||
61 | # This value determines the NixOS release with which your system is | ||
62 | # to be compatible, in order to avoid breaking some software such as | ||
63 | # database servers. You should change this only after NixOS release | ||
64 | # notes say you should. | ||
65 | # https://nixos.org/nixos/manual/release-notes.html | ||
66 | system.stateVersion = "19.03"; # Did you read the comment? | ||
67 | } | ||
68 | |||