host nomic: init

This commit is contained in:
tv 2015-07-07 06:20:50 +02:00
parent 36d7524038
commit 0e3cf4d393
4 changed files with 172 additions and 0 deletions

69
modules/nomic/default.nix Normal file
View File

@ -0,0 +1,69 @@
{ config, pkgs, ... }:
let
location = pkgs.lib.nameValuePair; # TODO this is also in modules/tv/git/cgit.nix
in
{
imports = [
./hardware-configuration.nix
./users.nix
../tv/base.nix
../tv/exim-retiolum.nix
../tv/git/public.nix
../tv/sanitize.nix
../tv/smartd.nix
{
imports = [ ../tv/iptables ];
tv.iptables = {
enable = true;
input-internet-accept-new-tcp = [
"ssh"
"http"
"tinc"
"smtp"
];
};
}
{
imports = [ ../tv/nginx ];
tv.nginx = {
enable = true;
retiolum-locations = [
(location "~ ^/~(.+?)(/.*)?\$" ''
alias /home/$1/public_html$2;
'')
];
};
}
{
imports = [ ../tv/retiolum ];
tv.retiolum = {
enable = true;
hosts = <retiolum-hosts>;
connectTo = [
"gum"
"pigstarter"
];
};
}
];
boot.kernel.sysctl = {
# Enable IPv6 Privacy Extensions
"net.ipv6.conf.all.use_tempaddr" = 2;
"net.ipv6.conf.default.use_tempaddr" = 2;
};
networking = {
hostName = "nomic";
wireless.enable = true;
};
services.openssh = {
enable = true;
hostKeys = [
{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
}

View File

@ -0,0 +1,49 @@
{ config, ... }:
{
boot.initrd.luks = {
cryptoModules = [ "aes" "sha1" "xts" ];
devices = [
{
name = "luks1";
device = "/dev/disk/by-uuid/cac73902-1023-4906-8e95-3a8b245337d4";
}
];
};
boot.initrd.availableKernelModules = [ "ahci" ];
boot.kernelModules = [ "kvm-intel" "wl" ];
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
boot.loader.grub = {
device = "/dev/sda";
splashImage = null;
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/de4780fc-0473-4708-81df-299b7383274c";
fsType = "btrfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/be3a1d80-3157-4d7c-86cc-ef01b64eff5e";
fsType = "ext4";
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/9db9c8ff-51da-4cbd-9f0a-0cd3333bbaff";
fsType = "btrfs";
};
swapDevices = [ ];
nix = {
buildCores = 2;
maxJobs = 2;
daemonIONiceLevel = 1;
daemonNiceLevel = 1;
};
# For config.boot.kernelPackages.broadcom_sta
nixpkgs.config.allowUnfree = true;
}

12
modules/nomic/paths.nix Normal file
View File

@ -0,0 +1,12 @@
{
lib.file.url = ../../lib;
modules.file.url = ../../modules;
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
rev = "e1af50c4c4c0332136283e9231f0a32ac11f2b90";
cache = ../../tmp/git-cache;
};
pubkeys.file.url = ../../pubkeys;
retiolum-hosts.file.url = ../../hosts;
secrets.file.url = ../../secrets/nomic/nix;
}

42
modules/nomic/users.nix Normal file
View File

@ -0,0 +1,42 @@
{ pkgs, ... }:
{
imports = [
{ users = import <secrets/users.nix>; }
{
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [
(pkgs.lib.readFile <pubkeys/tv_wu.ssh.pub>)
];
};
tv = {
uid = 1337;
group = "users";
home = "/home/tv";
createHome = true;
useDefaultShell = true;
extraGroups = [
"audio"
"video"
"wheel"
];
openssh.authorizedKeys.keys = [
(pkgs.lib.readFile <pubkeys/tv_wu.ssh.pub>)
];
};
};
}
];
users.defaultUserShell = "/run/current-system/sw/bin/bash";
users.mutableUsers = false;
security.setuidPrograms = [
"sendmail" # for sudo
];
security.sudo.extraConfig = ''
Defaults mailto="tv@wu.retiolum"
'';
}