summaryrefslogtreecommitdiffstats
path: root/shared/1systems
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2015-10-25 14:07:51 +0100
committertv <tv@krebsco.de>2015-10-25 14:08:51 +0100
commita16dcf27252f4112af9d6345a0b5a91b1cff8c2b (patch)
tree7216adf7e0ef71fb707c09325c35d2750083a26c /shared/1systems
parent7c1d1a596b84f3a17461d667736a1a2d8b35810e (diff)
init users.shared.wolf
Diffstat (limited to 'shared/1systems')
-rw-r--r--shared/1systems/wolf.nix108
1 files changed, 108 insertions, 0 deletions
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
new file mode 100644
index 0000000..d4ed409
--- /dev/null
+++ b/shared/1systems/wolf.nix
@@ -0,0 +1,108 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+ imports = [
+ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.wolf;
+ # TODO rename shared user to "krebs"
+ krebs.build.user = config.krebs.users.shared;
+ krebs.build.target = "wolf";
+
+ krebs.enable = true;
+ krebs.retiolum = {
+ enable = true;
+ connectTo = [
+ # TODO remove connectTo cd, this was only used for bootstrapping
+ "cd"
+ "gum"
+ "pigstarter"
+ ];
+ };
+
+ krebs.build.source = {
+ git.nixpkgs = {
+ url = https://github.com/NixOS/nixpkgs;
+ rev = "e916273209560b302ab231606babf5ce1c481f08";
+ };
+ dir.secrets = {
+ # TODO use current-host-name to determine secrets host
+ host = config.krebs.hosts.wu;
+ path = "${getEnv "HOME"}/secrets/krebs/wolf";
+ };
+ dir.stockholm = {
+ # TODO use current-host-name to determine stockholm host
+ host = config.krebs.hosts.wu;
+ path = "${getEnv "HOME"}/stockholm";
+ };
+ };
+
+ networking.hostName = config.krebs.build.host.name;
+
+ boot.kernel.sysctl = {
+ # Enable IPv6 Privacy Extensions
+ "net.ipv6.conf.all.use_tempaddr" = 2;
+ "net.ipv6.conf.default.use_tempaddr" = 2;
+ };
+
+ boot.initrd.availableKernelModules = [
+ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk"
+ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.device = "/dev/vda";
+
+ fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; };
+
+ swapDevices = [
+ { device = "/dev/disk/by-label/swap"; }
+ ];
+
+ nix.maxJobs = 1;
+ nix.trustedBinaryCaches = [
+ "https://cache.nixos.org"
+ "http://cache.nixos.org"
+ "http://hydra.nixos.org"
+ ];
+ nix.useChroot = true;
+
+ nixpkgs.config.packageOverrides = pkgs: {
+ nano = pkgs.vim;
+ };
+
+ environment.systemPackages = with pkgs; [
+ git
+ rxvt_unicode.terminfo
+ ];
+
+ time.timeZone = "Europe/Berlin";
+
+ programs.ssh.startAgent = false;
+
+ services.openssh = {
+ enable = true;
+ hostKeys = [
+ { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ };
+ services.cron.enable = false;
+ services.nscd.enable = false;
+ services.ntp.enable = false;
+
+ users.mutableUsers = false;
+ users.extraUsers.root.openssh.authorizedKeys.keys = [
+ # TODO
+ config.krebs.users.lass.pubkey
+ config.krebs.users.makefu.pubkey
+ config.krebs.users.tv.pubkey
+ ];
+
+ # The NixOS release to be compatible with for stateful data such as databases.
+ system.stateVersion = "15.09";
+}