diff options
| author | tv <tv@krebsco.de> | 2016-08-07 09:54:10 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2016-08-07 09:54:10 +0200 |
| commit | 3288d6848f774e00a5fbc2ba060f2df695af8e55 (patch) | |
| tree | 971a8ae4fd7b64d2c5b9374d6707d7dc2bb79beb /shared/2configs/default.nix | |
| parent | 3a760096f6b3b49d4bf32465c860ccfd23d174fa (diff) | |
| parent | cbf66556afed7220bc95d1716f06cede5a7a8b09 (diff) | |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'shared/2configs/default.nix')
| -rw-r--r-- | shared/2configs/default.nix | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix new file mode 100644 index 000000000..31f786d1d --- /dev/null +++ b/shared/2configs/default.nix @@ -0,0 +1,68 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; +{ + krebs.enable = true; + krebs.tinc.retiolum.enable = true; + + # TODO rename shared user to "krebs" + krebs.build.user = mkDefault config.krebs.users.shared; + krebs.build.source = let inherit (config.krebs.build) host user; in { + nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; + nixpkgs.git = { + url = https://github.com/NixOS/nixpkgs; + ref = "9cb194cfa449c43f63185a25c8d10307aea3b358"; # nixos-16.03 @ 2016-08-05 + }; + secrets.file = + if getEnv "dummy_secrets" == "true" + then toString <stockholm/shared/6tests/data/secrets> + else "${getEnv "HOME"}/secrets/krebs/${host.name}"; + stockholm.file = getEnv "PWD"; + }; + + networking.hostName = config.krebs.build.host.name; + + nix.maxJobs = 1; + nix.trustedBinaryCaches = [ + "https://cache.nixos.org" + "http://cache.nixos.org" + "http://hydra.nixos.org" + ]; + nix.useChroot = true; + + nixpkgs.config.packageOverrides = pkgs: { + nano = pkgs.vim; + }; + + environment.systemPackages = with pkgs; [ + git + rxvt_unicode.terminfo + ]; + + programs.ssh.startAgent = false; + + services.openssh = { + enable = true; + hostKeys = [ + { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + services.cron.enable = false; + services.nscd.enable = false; + services.ntp.enable = false; + + users.mutableUsers = false; + users.extraUsers.root.openssh.authorizedKeys.keys = [ + # TODO + config.krebs.users.lass.pubkey + config.krebs.users.makefu.pubkey + # TODO HARDER: + config.krebs.users.makefu-omo.pubkey + config.krebs.users.tv.pubkey + ]; + + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "15.09"; + +} |