diff options
Diffstat (limited to 'nixops/eldiron.nix')
-rw-r--r-- | nixops/eldiron.nix | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix new file mode 100644 index 0000000..337ea2f --- /dev/null +++ b/nixops/eldiron.nix | |||
@@ -0,0 +1,92 @@ | |||
1 | { | ||
2 | network = { | ||
3 | description = "Immae's network"; | ||
4 | enableRollback = true; | ||
5 | }; | ||
6 | |||
7 | eldiron = { config, pkgs, mylibs, myconfig, ... }: | ||
8 | with mylibs; | ||
9 | { | ||
10 | _module.args = { | ||
11 | mylibs = import ../libs.nix; | ||
12 | myconfig = { | ||
13 | env = import ./environment.nix; | ||
14 | ips = { | ||
15 | main = "176.9.151.89"; | ||
16 | production = "176.9.151.154"; | ||
17 | integration = "176.9.151.155"; | ||
18 | }; | ||
19 | }; | ||
20 | }; | ||
21 | |||
22 | imports = [ | ||
23 | ./modules/certificates.nix | ||
24 | ./modules/gitolite | ||
25 | ./modules/databases | ||
26 | ./modules/websites | ||
27 | ]; | ||
28 | services.myGitolite.enable = true; | ||
29 | services.myDatabases.enable = true; | ||
30 | services.myWebsites.production.enable = true; | ||
31 | services.myWebsites.integration.enable = true; | ||
32 | services.myWebsites.tools.enable = true; | ||
33 | |||
34 | networking = { | ||
35 | firewall = { | ||
36 | enable = true; | ||
37 | allowedTCPPorts = [ 22 ]; | ||
38 | }; | ||
39 | }; | ||
40 | |||
41 | deployment = { | ||
42 | targetEnv = "hetzner"; | ||
43 | hetzner = { | ||
44 | robotUser = myconfig.env.hetzner.user; | ||
45 | robotPass = myconfig.env.hetzner.pass; | ||
46 | mainIPv4 = myconfig.ips.main; | ||
47 | partitions = '' | ||
48 | clearpart --all --initlabel --drives=sda,sdb | ||
49 | |||
50 | part swap1 --recommended --label=swap1 --fstype=swap --ondisk=sda | ||
51 | part swap2 --recommended --label=swap2 --fstype=swap --ondisk=sdb | ||
52 | |||
53 | part raid.1 --grow --ondisk=sda | ||
54 | part raid.2 --grow --ondisk=sdb | ||
55 | |||
56 | raid / --level=1 --device=md0 --fstype=ext4 --label=root raid.1 raid.2 | ||
57 | ''; | ||
58 | }; | ||
59 | }; | ||
60 | |||
61 | environment.systemPackages = [ | ||
62 | pkgs.telnet | ||
63 | pkgs.htop | ||
64 | pkgs.vim | ||
65 | ]; | ||
66 | |||
67 | services.openssh.extraConfig = '' | ||
68 | AuthorizedKeysCommand /etc/ssh/ldap_authorized_keys | ||
69 | AuthorizedKeysCommandUser nobody | ||
70 | ''; | ||
71 | |||
72 | environment.etc."ssh/ldap_authorized_keys" = let | ||
73 | ldap_authorized_keys = | ||
74 | wrap { | ||
75 | name = "ldap_authorized_keys"; | ||
76 | file = ./ldap_authorized_keys.sh; | ||
77 | vars = { | ||
78 | LDAP_PASS = myconfig.env.sshd.ldap.password; | ||
79 | GITOLITE_SHELL = "${pkgs.gitolite}/bin/gitolite-shell"; | ||
80 | ECHO = "${pkgs.coreutils}/bin/echo"; | ||
81 | }; | ||
82 | paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.gnused pkgs.coreutils ]; | ||
83 | }; | ||
84 | in { | ||
85 | enable = true; | ||
86 | mode = "0755"; | ||
87 | user = "root"; | ||
88 | source = ldap_authorized_keys; | ||
89 | }; | ||
90 | |||
91 | }; | ||
92 | } | ||