{ privateFiles ? ./. }: { network = { description = "Immae's network"; enableRollback = true; }; eldiron = { config, pkgs, mylibs, myconfig, ... }: with mylibs; { _module.args = { mylibs = import ../libs.nix; mypkgs = import ../default.nix; myconfig = { inherit privateFiles; env = import "${privateFiles}/environment.nix"; ips = { main = "176.9.151.89"; production = "176.9.151.154"; integration = "176.9.151.155"; }; }; }; imports = [ ./modules/certificates.nix ./modules/gitolite ./modules/databases ./modules/mpd ./modules/websites ./modules/mail ./modules/ftp ]; services.myGitolite.enable = true; services.myDatabases.enable = true; services.myWebsites.production.enable = true; services.myWebsites.integration.enable = true; services.myWebsites.tools.enable = true; services.pure-ftpd.enable = true; services.journald.extraConfig = '' MaxLevelStore="warning" MaxRetentionSec="1year" ''; networking = { firewall = { enable = true; allowedTCPPorts = [ 22 ]; }; }; deployment = { targetEnv = "hetzner"; hetzner = { robotUser = myconfig.env.hetzner.user; robotPass = myconfig.env.hetzner.pass; mainIPv4 = myconfig.ips.main; partitions = '' clearpart --all --initlabel --drives=sda,sdb part swap1 --recommended --label=swap1 --fstype=swap --ondisk=sda part swap2 --recommended --label=swap2 --fstype=swap --ondisk=sdb part raid.1 --grow --ondisk=sda part raid.2 --grow --ondisk=sdb raid / --level=1 --device=md0 --fstype=ext4 --label=root raid.1 raid.2 ''; }; }; environment.systemPackages = [ pkgs.telnet pkgs.htop pkgs.vim ]; services.openssh.extraConfig = '' AuthorizedKeysCommand /etc/ssh/ldap_authorized_keys AuthorizedKeysCommandUser nobody ''; environment.etc."ssh/ldap_authorized_keys" = let ldap_authorized_keys = wrap { name = "ldap_authorized_keys"; file = ./ldap_authorized_keys.sh; vars = { LDAP_PASS = myconfig.env.sshd.ldap.password; GITOLITE_SHELL = "${pkgs.gitolite}/bin/gitolite-shell"; ECHO = "${pkgs.coreutils}/bin/echo"; }; paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.gnused pkgs.coreutils ]; }; in { enable = true; mode = "0755"; user = "root"; source = ldap_authorized_keys; }; services.cron = { enable = true; systemCronJobs = [ '' # The star after /var/lib/* avoids deleting all folders in case of problem 0 3,9,15,21 * * * root rsync -e "ssh -i /root/.ssh/id_charon_vpn" -aAXvz --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* immae@immae.eu: > /dev/null '' ]; }; # This value determines the NixOS release with which your system is # to be compatible, in order to avoid breaking some software such as # database servers. You should change this only after NixOS release # notes say you should. system.stateVersion = "18.09"; # Did you read the comment? }; }