stockholm/cd.nix
2015-05-19 23:15:55 +02:00

119 lines
3.8 KiB
Nix

{ config, pkgs, ... }:
{
imports =
[
<secrets/hashedPasswords.nix>
./modules/sanitize.nix
./modules/base-cac-CentOS-7-64bit.nix
./modules/exim-cd.nix
./modules/ejabberd-cd.nix # XXX echtes modul
./modules/iptables-cd.nix
./modules/networking-cd.nix
./modules/retiolum.nix
];
# "Developer 2" plan has two vCPUs.
nix.maxJobs = 2;
environment.systemPackages = with pkgs; [
htop
iftop
iotop
iptables
mutt # for mv
nethogs
rxvt_unicode.terminfo
tcpdump
];
security.rtkit.enable = false;
services.cron.enable = false;
services.ejabberd-cd = {
enable = true;
};
services.journald.extraConfig = ''
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
services.ntp.enable = false;
services.openssh = {
enable = true;
hostKeys = [
# XXX bits here make no science
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
permitRootLogin = "yes";
};
services.retiolum = {
enable = true;
hosts = ./hosts;
privateKeyFile = "/etc/nixos/secrets/cd.retiolum.rsa_key.priv";
connectTo = [
"fastpoke"
"pigstarter"
"ire"
];
};
sound.enable = false;
# TODO base
time.timeZone = "UTC";
# TODO replace by ./modules/cd-users.nix
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
# Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
# Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
# Docs: man:tmpfiles.d(5)
# man:systemd-tmpfiles(8)
# Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
# Main PID: 19272 (code=exited, status=1/FAILURE)
#
# Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
# Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
# Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
# warning: error(s) occured while switching to the new configuration
lock.gid = 10001;
};
users.extraUsers =
{
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEieAihh+o208aeCA14fAtjzyZN/nrpOJt2vZ5VYZp69 deploy@wu"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDYv5OkVrnerkzJwgi7ol7HzcWJf4oWCJTX84trFX5vgJXu1zMvSe+koY8xpnMOd7WHF2wgsjjrFlMuixTrfMPc/OjvG2N1TlnvzlFD8ivTW/AJzDwNxT//niqAYAZ9kmb8e/zE/SyNHSKZcyEKGiiW2+YW9wWHPYRP/XiNEjLP3BeTGScMwWr001V/8m7ne4SGHrE1FbHbHqaBXgqUFgnvzMY3CsfDafODZlj5xSMNGHyLGNNKvu3YR1crcAjbQrBXBdwaArThFxp+e2uWrnffshlks6WtRyR1AFVjc/gxEG74Axq1AHY6EJm2Fw/JdFNiYQ7yyQZHS9bZJYjgnWF tv@nomic"
];
};
mv = rec {
name = "mv";
uid = 1338;
group = "users";
home = "/home/${name}";
createHome = true;
useDefaultShell = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod"
];
};
};
users.mutableUsers = false;
}