diff options
Diffstat (limited to 'old/modules/nomic')
| -rw-r--r-- | old/modules/nomic/default.nix | 105 | ||||
| -rw-r--r-- | old/modules/nomic/hardware-configuration.nix | 49 | ||||
| -rw-r--r-- | old/modules/nomic/paths.nix | 12 | ||||
| -rw-r--r-- | old/modules/nomic/users.nix | 42 |
4 files changed, 208 insertions, 0 deletions
diff --git a/old/modules/nomic/default.nix b/old/modules/nomic/default.nix new file mode 100644 index 000000000..f61f97a89 --- /dev/null +++ b/old/modules/nomic/default.nix @@ -0,0 +1,105 @@ +{ config, pkgs, ... }: + +let + location = pkgs.lib.nameValuePair; # TODO this is also in modules/tv/git/cgit.nix +in + +{ + imports = [ + ./hardware-configuration.nix + ./users.nix + ../tv/base.nix + ../tv/config/consul-server.nix + ../tv/environment.nix + ../tv/exim-retiolum.nix + ../tv/git/public.nix + ../tv/sanitize.nix + ../tv/smartd.nix + { + imports = [ ../tv/identity ]; + tv.identity = { + enable = true; + self = config.tv.identity.hosts.nomic; + }; + } + { + imports = [ ../tv/iptables ]; + tv.iptables = { + enable = true; + input-internet-accept-new-tcp = [ + "ssh" + "http" + "tinc" + "smtp" + ]; + }; + } + { + imports = [ ../tv/nginx ]; + tv.nginx = { + enable = true; + retiolum-locations = [ + (location "~ ^/~(.+?)(/.*)?\$" '' + alias /home/$1/public_html$2; + '') + ]; + }; + } + { + imports = [ ../tv/retiolum ]; + tv.retiolum = { + enable = true; + hosts = <retiolum-hosts>; + connectTo = [ + "gum" + "pigstarter" + ]; + }; + } + ]; + + boot.kernel.sysctl = { + # Enable IPv6 Privacy Extensions + "net.ipv6.conf.all.use_tempaddr" = 2; + "net.ipv6.conf.default.use_tempaddr" = 2; + }; + + boot.tmpOnTmpfs = true; + + environment.systemPackages = with pkgs; [ + (writeScriptBin "play" '' + #! /bin/sh + set -euf + mpv() { exec ${mpv}/bin/mpv "$@"; } + case $1 in + deepmix) mpv http://deepmix.ru/deepmix128.pls;; + groovesalad) mpv http://somafm.com/play/groovesalad;; + ntslive) mpv http://listen2.ntslive.co.uk/listen.pls;; + *) + echo "$0: bad argument: $*" >&2 + exit 23 + esac + '') + rxvt_unicode.terminfo + tmux + ]; + + networking = { + hostName = "nomic"; + wireless.enable = true; + }; + + services.logind.extraConfig = '' + HandleHibernateKey=ignore + HandleLidSwitch=ignore + HandlePowerKey=ignore + HandleSuspendKey=ignore + ''; + + services.openssh = { + enable = true; + hostKeys = [ + { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; +} diff --git a/old/modules/nomic/hardware-configuration.nix b/old/modules/nomic/hardware-configuration.nix new file mode 100644 index 000000000..8a00730f1 --- /dev/null +++ b/old/modules/nomic/hardware-configuration.nix @@ -0,0 +1,49 @@ +{ config, ... }: + +{ + boot.initrd.luks = { + cryptoModules = [ "aes" "sha1" "xts" ]; + devices = [ + { + name = "luks1"; + device = "/dev/disk/by-uuid/cac73902-1023-4906-8e95-3a8b245337d4"; + } + ]; + }; + + boot.initrd.availableKernelModules = [ "ahci" ]; + boot.kernelModules = [ "kvm-intel" "wl" ]; + boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; + + boot.loader.grub = { + device = "/dev/sda"; + splashImage = null; + }; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/de4780fc-0473-4708-81df-299b7383274c"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/be3a1d80-3157-4d7c-86cc-ef01b64eff5e"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/9db9c8ff-51da-4cbd-9f0a-0cd3333bbaff"; + fsType = "btrfs"; + }; + + swapDevices = [ ]; + + nix = { + buildCores = 2; + maxJobs = 2; + daemonIONiceLevel = 1; + daemonNiceLevel = 1; + }; + + # For config.boot.kernelPackages.broadcom_sta + nixpkgs.config.allowUnfree = true; +} diff --git a/old/modules/nomic/paths.nix b/old/modules/nomic/paths.nix new file mode 100644 index 000000000..0bcf1d36d --- /dev/null +++ b/old/modules/nomic/paths.nix @@ -0,0 +1,12 @@ +{ + lib.file.url = ../../lib; + modules.file.url = ../../modules; + nixpkgs.git = { + url = https://github.com/NixOS/nixpkgs; + rev = "4e5e441"; + cache = ../../tmp/git-cache; + }; + pubkeys.file.url = ../../pubkeys; + retiolum-hosts.file.url = ../../hosts; + secrets.file.url = ../../secrets/nomic/nix; +} diff --git a/old/modules/nomic/users.nix b/old/modules/nomic/users.nix new file mode 100644 index 000000000..70e1d8dcd --- /dev/null +++ b/old/modules/nomic/users.nix @@ -0,0 +1,42 @@ +{ pkgs, ... }: + +{ + imports = [ + { users = import <secrets/users.nix>; } + { + users.extraUsers = { + root = { + openssh.authorizedKeys.keys = [ + (pkgs.lib.readFile <pubkeys/tv_wu.ssh.pub>) + ]; + }; + tv = { + uid = 1337; + group = "users"; + home = "/home/tv"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + "audio" + "video" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + (pkgs.lib.readFile <pubkeys/tv_wu.ssh.pub>) + ]; + }; + }; + } + ]; + + users.defaultUserShell = "/run/current-system/sw/bin/bash"; + users.mutableUsers = false; + + security.setuidPrograms = [ + "sendmail" # for sudo + ]; + + security.sudo.extraConfig = '' + Defaults mailto="tv@wu.retiolum" + ''; +} |