infra/roles/common.nix

{ lib, config, ... }:

{
  imports = [
    ./auto-upgrade.nix
    ./nix-daemon.nix
    ./security.nix
    ./sops-nix.nix
    ./users.nix
  ];

  # Nicer interactive shell
  programs.fish.enable = true;
  # And for the zsh peeps
  programs.zsh.enable = true;

  security.acme.defaults.email = "trash@nix-community.org";
  security.acme.acceptTerms = true;

  # Without configuration this unit will fail...
  # Just disable it since we are using telegraf to monitor raid health.
  systemd.services.mdmonitor.enable = false;

  # speed-up evaluation & save disk space by disabling manpages
  documentation.enable = false;

  networking.domain = "nix-community.org";

  # HACK: NixOS does not let us using a hostname that has the domain part included include domain part in hostname
  boot.kernel.sysctl."kernel.hostname" = config.networking.fqdn;

  # don't override host set by sysctl
  system.activationScripts.hostname = lib.mkForce "";
  system.activationScripts.domain = lib.mkForce "";
}
apply treefmt to codebase 2022-12-31 07:24:17 +01:00			`{ lib, config, ... }:`
Modularise setup, add hardening config 2019-08-11 19:53:02 +01:00
			`{`
also deploy telegraf on build02 2021-01-21 16:28:48 +01:00			`imports = [`
roles/common: sort imports 2022-12-03 12:45:45 +10:00			`./auto-upgrade.nix`
move things around a bit (#61) * keep ./services for instances ./profiles is for config-only modules ./services are like profiles, but configure a single instance of a service. Those are fronted by Nginx as the load-balancer and have a DNS entry as well. * ci: build build03 as well * move hydra to services * move matterbridge to services * move marvin-mk2 to services * build01: share the remainder profiles * build02: use the nix-community-cache * fixup kexec * rename profiles to roles * README: sync with reality 2021-03-07 16:28:44 +00:00			`./nix-daemon.nix`
also deploy telegraf on build02 2021-01-21 16:28:48 +01:00			`./security.nix`
roles/common: sort imports 2022-12-03 12:45:45 +10:00			`./sops-nix.nix`
move users configuration to seperate profile 2021-03-04 06:24:57 +01:00			`./users.nix`
misc changes 2019-08-12 11:33:34 +02:00			`];`

Modularise setup, add hardening config 2019-08-11 19:53:02 +01:00			`# Nicer interactive shell`
			`programs.fish.enable = true;`
			`# And for the zsh peeps`
			`programs.zsh.enable = true;`

acme: migrate to new default option schema 2022-01-09 15:57:46 +01:00			`security.acme.defaults.email = "trash@nix-community.org";`
acme: move to common profile 2021-03-04 10:55:37 +01:00			`security.acme.acceptTerms = true;`

fix monitoring software-raids 2021-02-17 23:31:22 +01:00			`# Without configuration this unit will fail...`
			`# Just disable it since we are using telegraf to monitor raid health.`
			`systemd.services.mdmonitor.enable = false;`

general: disable nixos docs 2022-01-09 15:56:36 +01:00			`# speed-up evaluation & save disk space by disabling manpages`
			`documentation.enable = false;`
implement nixos deploy for all hosts 2022-08-13 11:13:06 +02:00
			`networking.domain = "nix-community.org";`

			`# HACK: NixOS does not let us using a hostname that has the domain part included include domain part in hostname`
			`boot.kernel.sysctl."kernel.hostname" = config.networking.fqdn;`

			`# don't override host set by sysctl`
			`system.activationScripts.hostname = lib.mkForce "";`
			`system.activationScripts.domain = lib.mkForce "";`
Modularise setup, add hardening config 2019-08-11 19:53:02 +01:00			`}`
No results found.