summaryrefslogtreecommitdiffstats
path: root/old/modules/mkdir
diff options
context:
space:
mode:
Diffstat (limited to 'old/modules/mkdir')
-rw-r--r--old/modules/mkdir/default.nix86
-rw-r--r--old/modules/mkdir/networking.nix14
-rw-r--r--old/modules/mkdir/paths.nix12
-rw-r--r--old/modules/mkdir/users.nix19
4 files changed, 131 insertions, 0 deletions
diff --git a/old/modules/mkdir/default.nix b/old/modules/mkdir/default.nix
new file mode 100644
index 0000000..76f0bb6
--- /dev/null
+++ b/old/modules/mkdir/default.nix
@@ -0,0 +1,86 @@
+{ config, pkgs, ... }:
+
+let
+ inherit (builtins) readFile;
+in
+
+{
+ imports =
+ [
+ { users.extraUsers = import <secrets/extraUsers.nix>; }
+ ./networking.nix
+ ./users.nix
+ ../tv/base.nix
+ ../tv/base-cac-CentOS-7-64bit.nix
+ ../tv/config/consul-server.nix
+ ../tv/exim-smarthost.nix
+ ../tv/git/public.nix
+ ../tv/sanitize.nix
+ {
+ imports = [ ../tv/identity ];
+ tv.identity = {
+ enable = true;
+ self = config.tv.identity.hosts.mkdir;
+ };
+ }
+ {
+ imports = [ ../tv/iptables ];
+ tv.iptables = {
+ enable = true;
+ input-internet-accept-new-tcp = [
+ "ssh"
+ "tinc"
+ "smtp"
+ "xmpp-client"
+ "xmpp-server"
+ ];
+ input-retiolum-accept-new-tcp = [
+ "http"
+ ];
+ };
+ }
+ {
+ imports = [ ../tv/retiolum ];
+ tv.retiolum = {
+ enable = true;
+ hosts = <retiolum-hosts>;
+ connectTo = [
+ "cd"
+ "fastpoke"
+ "pigstarter"
+ "ire"
+ ];
+ };
+ }
+ ];
+
+ nix.maxJobs = 1;
+
+ environment.systemPackages = with pkgs; [
+ git # required for ./deploy, clone_or_update
+ htop
+ iftop
+ iotop
+ iptables
+ mutt # for mv
+ nethogs
+ rxvt_unicode.terminfo
+ tcpdump
+ ];
+
+ services.journald.extraConfig = ''
+ SystemMaxUse=1G
+ RuntimeMaxUse=128M
+ '';
+
+ services.openssh = {
+ enable = true;
+ hostKeys = [
+ # XXX bits here make no science
+ { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ permitRootLogin = "yes";
+ };
+
+ sound.enable = false;
+}
diff --git a/old/modules/mkdir/networking.nix b/old/modules/mkdir/networking.nix
new file mode 100644
index 0000000..c75e33a
--- /dev/null
+++ b/old/modules/mkdir/networking.nix
@@ -0,0 +1,14 @@
+{...}:
+{
+ networking.hostName = "mkdir";
+ networking.interfaces.enp2s1.ip4 = [
+ {
+ address = "162.248.167.241";
+ prefixLength = 24;
+ }
+ ];
+ networking.defaultGateway = "162.248.167.1";
+ networking.nameservers = [
+ "8.8.8.8"
+ ];
+}
diff --git a/old/modules/mkdir/paths.nix b/old/modules/mkdir/paths.nix
new file mode 100644
index 0000000..f873912
--- /dev/null
+++ b/old/modules/mkdir/paths.nix
@@ -0,0 +1,12 @@
+{
+ lib.file.url = ../../lib;
+ modules.file.url = ../../modules;
+ nixpkgs.git = {
+ url = https://github.com/NixOS/nixpkgs;
+ rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
+ cache = ../../tmp/git-cache;
+ };
+ pubkeys.file.url = ../../pubkeys;
+ retiolum-hosts.file.url = ../../hosts;
+ secrets.file.url = ../../secrets/cd/nix;
+}
diff --git a/old/modules/mkdir/users.nix b/old/modules/mkdir/users.nix
new file mode 100644
index 0000000..82f078b
--- /dev/null
+++ b/old/modules/mkdir/users.nix
@@ -0,0 +1,19 @@
+{ ... }:
+
+let
+ inherit (builtins) readFile;
+in
+
+{
+ users.extraUsers =
+ {
+ root = {
+ openssh.authorizedKeys.keys = [
+ (readFile <pubkeys/deploy_wu.ssh.pub>)
+ (readFile <pubkeys/tv_wu.ssh.pub>)
+ ];
+ };
+ };
+
+ users.mutableUsers = false;
+}