2015-03-19 23:04:35 +01:00
{ config , pkgs , . . . }:
{
imports =
[
<secrets/hashedPasswords.nix>
2015-03-27 21:11:01 +01:00
./modules/sanitize.nix
2015-03-19 23:04:35 +01:00
./modules/base-cac-CentOS-7-64bit.nix
./modules/exim-cd.nix
2015-03-24 18:30:57 +01:00
./modules/ejabberd-cd.nix # XXX echtes modul
2015-03-19 23:04:35 +01:00
./modules/iptables-cd.nix
./modules/networking-cd.nix
./modules/retiolum.nix
] ;
# "Developer 2" plan has two vCPUs.
nix . maxJobs = 2 ;
environment . systemPackages = with pkgs ; [
htop
iftop
iotop
2015-04-02 19:08:42 +02:00
iptables
2015-03-24 18:31:39 +01:00
mutt # for mv
2015-03-19 23:04:35 +01:00
nethogs
rxvt_unicode . terminfo
tcpdump
] ;
security . rtkit . enable = false ;
services . cron . enable = false ;
2015-03-24 18:30:57 +01:00
services . ejabberd-cd = {
enable = true ;
} ;
2015-03-19 23:04:35 +01:00
services . journald . extraConfig = ''
SystemMaxUse = 1 G
RuntimeMaxUse = 1 2 8 M
'' ;
services . ntp . enable = false ;
services . openssh = {
enable = true ;
hostKeys = [
# XXX bits here make no science
{ bits = 8192 ; type = " e d 2 5 5 1 9 " ; path = " / e t c / s s h / s s h _ h o s t _ e d 2 5 5 1 9 _ k e y " ; }
] ;
permitRootLogin = " y e s " ;
} ;
services . retiolum = {
enable = true ;
hosts = ./hosts ;
privateKeyFile = " / e t c / n i x o s / s e c r e t s / c d . r e t i o l u m . r s a _ k e y . p r i v " ;
connectTo = [
" f a s t p o k e "
" p i g s t a r t e r "
" i r e "
] ;
} ;
sound . enable = false ;
# TODO base
time . timeZone = " U T C " ;
# TODO replace by ./modules/cd-users.nix
users . extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
# Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
# Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
# Docs: man:tmpfiles.d(5)
# man:systemd-tmpfiles(8)
# Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
# Main PID: 19272 (code=exited, status=1/FAILURE)
#
# Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
# Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
# Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
# warning: error(s) occured while switching to the new configuration
lock . gid = 10001 ;
} ;
users . extraUsers =
{
root = {
openssh . authorizedKeys . keys = [
" s s h - e d 2 5 5 1 9 A A A A C 3 N z a C 1 l Z D I 1 N T E 5 A A A A I E i e A i h h + o 2 0 8 a e C A 1 4 f A t j z y Z N / n r p O J t 2 v Z 5 V Y Z p 6 9 d e p l o y @ w u "
" s s h - r s a A A A A B 3 N z a C 1 y c 2 E A A A A D A Q A B A A A B A Q D D Y v 5 O k V r n e r k z J w g i 7 o l 7 H z c W J f 4 o W C J T X 8 4 t r F X 5 v g J X u 1 z M v S e + k o Y 8 x p n M O d 7 W H F 2 w g s j j r F l M u i x T r f M P c / O j v G 2 N 1 T l n v z l F D 8 i v T W / A J z D w N x T / / n i q A Y A Z 9 k m b 8 e / z E / S y N H S K Z c y E K G i i W 2 + Y W 9 w W H P Y R P / X i N E j L P 3 B e T G S c M w W r 0 0 1 V / 8 m 7 n e 4 S G H r E 1 F b H b H q a B X g q U F g n v z M Y 3 C s f D a f O D Z l j 5 x S M N G H y L G N N K v u 3 Y R 1 c r c A j b Q r B X B d w a A r T h F x p + e 2 u W r n f f s h l k s 6 W t R y R 1 A F V j c / g x E G 7 4 A x q 1 A H Y 6 E J m 2 F w / J d F N i Y Q 7 y y Q Z H S 9 b Z J Y j g n W F t v @ n o m i c "
] ;
} ;
2015-03-24 18:31:39 +01:00
mv = rec {
name = " m v " ;
uid = 1338 ;
group = " u s e r s " ;
home = " / h o m e / ${ name } " ;
createHome = true ;
useDefaultShell = true ;
openssh . authorizedKeys . keys = [
" s s h - e d 2 5 5 1 9 A A A A C 3 N z a C 1 l Z D I 1 N T E 5 A A A A I G e r 9 e 2 + L e w 7 v n i s g B b s F N E C E I k p N J g E a q Q q g b 9 i n W k Q m v @ v o d "
] ;
} ;
2015-03-19 23:04:35 +01:00
} ;
2015-03-24 18:31:39 +01:00
2015-03-19 23:04:35 +01:00
users . mutableUsers = false ;
}