{ network = { description = "Immae's network"; enableRollback = true; }; eldiron = { config, pkgs, mylibs, myconfig, ... }: with mylibs; { _module.args = { mylibs = import ../libs.nix; myconfig = { env = import ./environment.nix; ips = { main = "176.9.151.89"; production = "176.9.151.154"; integration = "176.9.151.155"; }; }; }; imports = [ ./modules/certificates.nix ./modules/gitolite ./modules/databases ./modules/websites ]; services.myGitolite.enable = true; services.myDatabases.enable = true; services.myWebsites.production.enable = true; services.myWebsites.integration.enable = true; services.myWebsites.tools.enable = true; networking = { firewall = { enable = true; allowedTCPPorts = [ 22 ]; }; }; deployment = { targetEnv = "hetzner"; hetzner = { robotUser = myconfig.env.hetzner.user; robotPass = myconfig.env.hetzner.pass; mainIPv4 = myconfig.ips.main; partitions = '' clearpart --all --initlabel --drives=sda,sdb part swap1 --recommended --label=swap1 --fstype=swap --ondisk=sda part swap2 --recommended --label=swap2 --fstype=swap --ondisk=sdb part raid.1 --grow --ondisk=sda part raid.2 --grow --ondisk=sdb raid / --level=1 --device=md0 --fstype=ext4 --label=root raid.1 raid.2 ''; }; }; environment.systemPackages = [ pkgs.telnet pkgs.htop pkgs.vim ]; services.openssh.extraConfig = '' AuthorizedKeysCommand /etc/ssh/ldap_authorized_keys AuthorizedKeysCommandUser nobody ''; environment.etc."ssh/ldap_authorized_keys" = let ldap_authorized_keys = wrap { name = "ldap_authorized_keys"; file = ./ldap_authorized_keys.sh; vars = { LDAP_PASS = myconfig.env.sshd.ldap.password; GITOLITE_SHELL = "${pkgs.gitolite}/bin/gitolite-shell"; ECHO = "${pkgs.coreutils}/bin/echo"; }; paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.gnused pkgs.coreutils ]; }; in { enable = true; mode = "0755"; user = "root"; source = ldap_authorized_keys; }; }; }