diff options
Diffstat (limited to 'old/modules/rmdir')
-rw-r--r-- | old/modules/rmdir/default.nix | 87 | ||||
-rw-r--r-- | old/modules/rmdir/networking.nix | 15 | ||||
-rw-r--r-- | old/modules/rmdir/paths.nix | 12 | ||||
-rw-r--r-- | old/modules/rmdir/users.nix | 19 |
4 files changed, 133 insertions, 0 deletions
diff --git a/old/modules/rmdir/default.nix b/old/modules/rmdir/default.nix new file mode 100644 index 000000000..7279df778 --- /dev/null +++ b/old/modules/rmdir/default.nix @@ -0,0 +1,87 @@ +{ config, pkgs, ... }: + +let + inherit (builtins) readFile; +in + +{ + imports = + [ + { users.extraUsers = import <secrets/extraUsers.nix>; } + ./networking.nix + ./users.nix + ../tv/base.nix + ../tv/base-cac-CentOS-7-64bit.nix + ../tv/config/consul-server.nix + ../tv/exim-smarthost.nix + ../tv/git/public.nix + ../tv/sanitize.nix + { + imports = [ ../tv/identity ]; + tv.identity = { + enable = true; + self = config.tv.identity.hosts.rmdir; + }; + } + { + imports = [ ../tv/iptables ]; + tv.iptables = { + enable = true; + input-internet-accept-new-tcp = [ + "ssh" + "tinc" + "smtp" + "xmpp-client" + "xmpp-server" + ]; + input-retiolum-accept-new-tcp = [ + "http" + ]; + }; + } + { + imports = [ ../tv/retiolum ]; + tv.retiolum = { + enable = true; + hosts = <retiolum-hosts>; + connectTo = [ + "cd" + "mkdir" + "fastpoke" + "pigstarter" + "ire" + ]; + }; + } + ]; + + nix.maxJobs = 1; + + environment.systemPackages = with pkgs; [ + git # required for ./deploy, clone_or_update + htop + iftop + iotop + iptables + mutt # for mv + nethogs + rxvt_unicode.terminfo + tcpdump + ]; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + + services.openssh = { + enable = true; + hostKeys = [ + # XXX bits here make no science + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + permitRootLogin = "yes"; + }; + + sound.enable = false; +} diff --git a/old/modules/rmdir/networking.nix b/old/modules/rmdir/networking.nix new file mode 100644 index 000000000..fb39c5dd5 --- /dev/null +++ b/old/modules/rmdir/networking.nix @@ -0,0 +1,15 @@ +_: + +{ + networking.hostName = "rmdir"; + networking.interfaces.enp2s1.ip4 = [ + { + address = "167.88.44.94"; + prefixLength = 24; + } + ]; + networking.defaultGateway = "167.88.44.1"; + networking.nameservers = [ + "8.8.8.8" + ]; +} diff --git a/old/modules/rmdir/paths.nix b/old/modules/rmdir/paths.nix new file mode 100644 index 000000000..f873912fb --- /dev/null +++ b/old/modules/rmdir/paths.nix @@ -0,0 +1,12 @@ +{ + lib.file.url = ../../lib; + modules.file.url = ../../modules; + nixpkgs.git = { + url = https://github.com/NixOS/nixpkgs; + rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; + cache = ../../tmp/git-cache; + }; + pubkeys.file.url = ../../pubkeys; + retiolum-hosts.file.url = ../../hosts; + secrets.file.url = ../../secrets/cd/nix; +} diff --git a/old/modules/rmdir/users.nix b/old/modules/rmdir/users.nix new file mode 100644 index 000000000..82f078b4e --- /dev/null +++ b/old/modules/rmdir/users.nix @@ -0,0 +1,19 @@ +{ ... }: + +let + inherit (builtins) readFile; +in + +{ + users.extraUsers = + { + root = { + openssh.authorizedKeys.keys = [ + (readFile <pubkeys/deploy_wu.ssh.pub>) + (readFile <pubkeys/tv_wu.ssh.pub>) + ]; + }; + }; + + users.mutableUsers = false; +} |