2019-09-05 17:14:06 +02:00
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
|
|
|
|
{
|
|
|
|
imports = [
|
|
|
|
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
|
|
|
./adc.nix
|
|
|
|
./hydra.nix
|
|
|
|
./cache.nix
|
2019-11-09 13:59:47 +01:00
|
|
|
./../../lib/hq.nix
|
2019-10-01 18:17:30 +02:00
|
|
|
./../../lib/yggdrasil.nix
|
2019-11-16 16:25:17 +01:00
|
|
|
./../../lib/tun.nix
|
2019-09-05 17:14:06 +02:00
|
|
|
];
|
|
|
|
|
2019-11-16 16:44:40 +01:00
|
|
|
services.yggdrasil.config =
|
|
|
|
(with builtins; fromJSON (readFile /var/lib/yggdrasil/keys)) // {
|
|
|
|
Peers = [
|
|
|
|
"tcp://[2a03:3b40:fe:ab::1]:46370" # Praha
|
|
|
|
"tcp://ygg.thingylabs.io:443" # Nürnberg
|
|
|
|
"tcp://176.223.130.120:22632" # Wrocław
|
|
|
|
"tcp://[2a05:9403::8b]:7743" # Praha
|
|
|
|
];
|
|
|
|
};
|
2019-11-09 15:16:02 +01:00
|
|
|
|
2019-11-09 14:15:26 +01:00
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
2019-09-05 17:14:06 +02:00
|
|
|
security.pam.enableSSHAgentAuth = true;
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery@nixos"
|
|
|
|
];
|
2019-11-09 15:16:02 +01:00
|
|
|
|
2019-09-05 17:14:06 +02:00
|
|
|
services.openssh.enable = true;
|
2019-11-09 15:16:02 +01:00
|
|
|
programs.mosh.enable = true;
|
2019-09-05 17:14:06 +02:00
|
|
|
|
2019-11-09 15:16:02 +01:00
|
|
|
nix = {
|
|
|
|
package = pkgs.nixFlakes;
|
|
|
|
useSandbox = false;
|
|
|
|
maxJobs = lib.mkDefault 4;
|
|
|
|
autoOptimiseStore = true;
|
|
|
|
gc = {
|
|
|
|
automatic = true;
|
|
|
|
dates = "06:00";
|
|
|
|
options = "--delete-older-than 14d";
|
|
|
|
};
|
|
|
|
sshServe.enable = true;
|
|
|
|
trustedUsers = [ "root" ];
|
|
|
|
};
|
2019-09-05 17:14:06 +02:00
|
|
|
|
2019-11-09 15:16:02 +01:00
|
|
|
boot = {
|
|
|
|
tmpOnTmpfs = true;
|
|
|
|
isContainer = true;
|
|
|
|
loader.initScript.enable = true;
|
|
|
|
loader.grub.enable = false;
|
2019-11-17 21:04:44 +01:00
|
|
|
# For cross-building
|
|
|
|
binfmt.emulatedSystems = [ "aarch64-linux" ];
|
2019-11-09 15:16:02 +01:00
|
|
|
};
|
2019-09-05 17:14:06 +02:00
|
|
|
|
|
|
|
fileSystems."/" = {
|
|
|
|
fsType = "rootfs";
|
|
|
|
device = "rootfs";
|
|
|
|
};
|
|
|
|
|
2019-11-09 13:59:47 +01:00
|
|
|
networking.hostName = "hydra";
|
2019-10-01 17:52:21 +02:00
|
|
|
|
|
|
|
networking.useHostResolvConf = true;
|
|
|
|
|
2019-09-30 17:04:17 +02:00
|
|
|
# caused problems on this host -- Astro 2019-09-08
|
|
|
|
services.resolved.enable = false;
|
2019-09-05 17:14:06 +02:00
|
|
|
|
|
|
|
# Set your time zone.
|
|
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
i18n = {
|
|
|
|
defaultLocale = "en_US.UTF-8";
|
|
|
|
supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
|
|
|
|
};
|
|
|
|
|
2019-11-09 15:16:02 +01:00
|
|
|
environment.systemPackages = with pkgs; [ tmux htop vim gitMinimal ];
|
2019-09-05 17:14:06 +02:00
|
|
|
|
|
|
|
# Create a few files early before packing tarball for Proxmox
|
|
|
|
# architecture/OS detection.
|
|
|
|
system.extraSystemBuilderCmds = ''
|
|
|
|
mkdir -m 0755 -p $out/bin
|
|
|
|
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
|
|
|
|
mkdir -m 0755 -p $out/sbin
|
|
|
|
ln -s ../init $out/sbin/init
|
|
|
|
'';
|
|
|
|
|
2019-11-09 15:16:02 +01:00
|
|
|
services.collectd = {
|
|
|
|
enable = true;
|
|
|
|
autoLoadPlugin = true;
|
|
|
|
extraConfig = ''
|
|
|
|
Interval 10
|
|
|
|
<Plugin "cpu">
|
|
|
|
</Plugin>
|
|
|
|
<Plugin "memory">
|
|
|
|
</Plugin>
|
|
|
|
<Plugin "interface">
|
|
|
|
</Plugin>
|
|
|
|
<Plugin "load">
|
|
|
|
</Plugin>
|
|
|
|
<Plugin "swap">
|
|
|
|
</Plugin>
|
|
|
|
<Plugin "network">
|
|
|
|
Server "grafana.hq.c3d2.de" "25826"
|
|
|
|
</Plugin>
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2019-09-05 17:14:06 +02:00
|
|
|
# This value determines the NixOS release with which your system is to be
|
|
|
|
# compatible, in order to avoid breaking some software such as database
|
|
|
|
# servers. You should change this only after NixOS release notes say you
|
|
|
|
# should.
|
|
|
|
system.stateVersion = "19.03"; # Did you read the comment?
|
|
|
|
}
|