diff options
author | tv <tv@shackspace.de> | 2015-06-19 21:59:27 +0200 |
---|---|---|
committer | tv <tv@shackspace.de> | 2015-06-19 21:59:27 +0200 |
commit | e5b14a9ed69a75f57a2184f85f5b4f24cb50da51 (patch) | |
tree | 8bfd22f9ac2cf0037e930a9b0ee98f4be67e5f49 /modules/mkdir/default.nix | |
parent | f98ab8ec7e531fc0e33d67ca4624ac431eb7f753 (diff) |
host mkdir: initial commit
Diffstat (limited to 'modules/mkdir/default.nix')
-rw-r--r-- | modules/mkdir/default.nix | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/modules/mkdir/default.nix b/modules/mkdir/default.nix new file mode 100644 index 000000000..d52579771 --- /dev/null +++ b/modules/mkdir/default.nix @@ -0,0 +1,75 @@ +{ pkgs, ... }: + +let + inherit (builtins) readFile; +in + +{ + imports = + [ + <secrets/hashedPasswords.nix> + ./iptables.nix + ./networking.nix + ./users.nix + ../common/nixpkgs.nix + ../tv/base.nix + ../tv/base-cac-CentOS-7-64bit.nix + ../tv/exim-smarthost.nix + ../tv/git/public.nix + ../tv/retiolum.nix + ../tv/sanitize.nix + ]; + + nix.maxJobs = 1; + + nixpkgs = { + url = "https://github.com/NixOS/nixpkgs"; + rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; + }; + + environment.systemPackages = with pkgs; [ + git # required for ./deploy, clone_or_update + htop + iftop + iotop + iptables + mutt # for mv + nethogs + rxvt_unicode.terminfo + tcpdump + ]; + + security.rtkit.enable = false; + + services.cron.enable = false; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + + services.ntp.enable = false; + + services.openssh = { + enable = true; + hostKeys = [ + # XXX bits here make no science + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + permitRootLogin = "yes"; + }; + + services.retiolum = { + enable = true; + hosts = <retiolum-hosts>; + privateKeyFile = "/etc/tinc/retiolum/rsa_key.priv"; + connectTo = [ + "cd" + "fastpoke" + "pigstarter" + "ire" + ]; + }; + + sound.enable = false; +} |