From 1a64deeb894dc95e2645a75771732c6cc53a79ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 4 Oct 2023 01:35:06 +0200 Subject: Squash changes containing private information There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository --- modules/private/system.nix | 98 ---------------------------------------------- 1 file changed, 98 deletions(-) delete mode 100644 modules/private/system.nix (limited to 'modules/private/system.nix') diff --git a/modules/private/system.nix b/modules/private/system.nix deleted file mode 100644 index 5f3d79e..0000000 --- a/modules/private/system.nix +++ /dev/null @@ -1,98 +0,0 @@ -{ pkgs, lib, config, name, nodes, ... }: -{ - config = { - deployment.secrets."secret_vars.yml" = { - source = builtins.toString ../../nixops/secrets/vars.yml; - destination = config.secrets.secretsVars; - owner.user = "root"; - owner.group = "root"; - permissions = "0400"; - }; - - networking.extraHosts = builtins.concatStringsSep "\n" - (lib.mapAttrsToList (n: v: "${v.config.hostEnv.ips.main.ip4} ${n}") nodes); - - users.extraUsers.root.openssh.authorizedKeys.keys = [ config.myEnv.sshd.rootKeys.nix_repository ]; - secrets.deleteSecretsVars = true; - secrets.gpgKeys = [ - ../../nixops/public_keys/Immae.pub - ]; - secrets.secretsVars = "/run/keys/vars.yml"; - - services.openssh.enable = true; - - nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [ - (self: super: { - postgresql = self.postgresql_pam; - mariadb = self.mariadb_pam; - }) # don’t put them as generic overlay because of home-manager - ]; - - services.journald.extraConfig = '' - #Should be "warning" but disabled for now, it prevents anything from being stored - MaxLevelStore=info - MaxRetentionSec=1year - ''; - - users.users = - builtins.listToAttrs (map (x: lib.attrsets.nameValuePair x.name ({ - isNormalUser = true; - home = "/home/${x.name}"; - createHome = true; - linger = true; - } // x)) (config.hostEnv.users pkgs)) - // { - root.packages = let - nagios-cli = pkgs.writeScriptBin "nagios-cli" '' - #!${pkgs.stdenv.shell} - sudo -u naemon ${pkgs.nagios-cli}/bin/nagios-cli -c ${./monitoring/nagios-cli.cfg} - ''; - in - [ - pkgs.telnet - pkgs.htop - pkgs.iftop - pkgs.bind.dnsutils - pkgs.httpie - pkgs.iotop - pkgs.whois - pkgs.ngrep - pkgs.tcpdump - pkgs.tshark - pkgs.tcpflow - # pkgs.mitmproxy # failing - pkgs.nmap - pkgs.p0f - pkgs.socat - pkgs.lsof - pkgs.psmisc - pkgs.openssl - pkgs.wget - - pkgs.cnagios - nagios-cli - - pkgs.pv - pkgs.smartmontools - ]; - }; - - users.mutableUsers = lib.mkDefault false; - - environment.etc.cnagios.source = "${pkgs.cnagios}/share/doc/cnagios"; - environment.systemPackages = [ - pkgs.git - pkgs.vim - pkgs.rsync - pkgs.strace - ] ++ - (lib.optional (builtins.length (config.hostEnv.users pkgs) > 0) pkgs.home-manager); - - systemd.targets.maintenance = { - description = "Maintenance target with only sshd"; - after = [ "network-online.target" "sshd.service" ]; - requires = [ "network-online.target" "sshd.service" ]; - unitConfig.AllowIsolate = "yes"; - }; - }; -} -- cgit v1.2.3