infra/profiles/common.nix

{ pkgs, lib, config, ... }:

{

  imports = [
    ./security.nix
    ../services/telegraf
    ../services/sshd.nix
    ./zfs.nix
    ./users.nix
  ];

  environment.systemPackages = [
    # for quick activity overview
    pkgs.htop
    # for users with TERM=xterm-termite
    pkgs.termite.terminfo
  ];

  # Nicer interactive shell
  programs.fish.enable = true;
  # And for the zsh peeps
  programs.zsh.enable = true;

  # Entropy gathering daemon
  services.haveged.enable = true;

  nix =
    let asGB = size: toString (size * 1024 * 1024); in
    {
      binaryCachePublicKeys = [
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
      binaryCaches = [
        "https://nix-community.cachix.org"
      ];

      extraOptions = ''
        # auto-free the /nix/store
        min-free = ${asGB 10}
        max-free = ${asGB 200}

        # avoid copying unecessary stuff over SSH
        builders-use-substitutes = true

        # allow flakes
        experimental-features = nix-command flakes
      '';
      # Hard-link duplicated files
      autoOptimiseStore = true;

      # Add support for flakes
      package = pkgs.nixUnstable;
    };

  # Without configuration this unit will fail...
  # Just disable it since we are using telegraf to monitor raid health.
  systemd.services.mdmonitor.enable = false;

  # enable "sar" system activity collection
  services.sysstat.enable = true;

  # Make debugging failed units easier
  systemd.extraConfig = ''
    DefaultStandardOutput=journal
    DefaultStandardError=journal
  '';

  # The nix-community is global :)
  time.timeZone = "UTC";
}
Modularise setup, add hardening config 2019-08-11 19:53:02 +01:00			`{ pkgs, lib, config, ... }:`

			`{`

also deploy telegraf on build02 2021-01-21 16:28:48 +01:00			`imports = [`
			`./security.nix`
move docker/telegraf to services 2021-02-25 09:08:18 +01:00			`../services/telegraf`
add sshd service 2021-03-04 09:33:51 +01:00			`../services/sshd.nix`
add zfs profile 2021-02-25 09:05:50 +01:00			`./zfs.nix`
move users configuration to seperate profile 2021-03-04 06:24:57 +01:00			`./users.nix`
also deploy telegraf on build02 2021-01-21 16:28:48 +01:00			`];`
Modularise setup, add hardening config 2019-08-11 19:53:02 +01:00
misc changes 2019-08-12 11:33:34 +02:00			`environment.systemPackages = [`
			`# for quick activity overview`
			`pkgs.htop`
			`# for users with TERM=xterm-termite`
			`pkgs.termite.terminfo`
			`];`

Modularise setup, add hardening config 2019-08-11 19:53:02 +01:00			`# Nicer interactive shell`
			`programs.fish.enable = true;`
			`# And for the zsh peeps`
			`programs.zsh.enable = true;`

			`# Entropy gathering daemon`
			`services.haveged.enable = true;`

ci: add basic nix and cachix support (#15) 2020-04-07 13:31:11 +00:00			`nix =`
			`let asGB = size: toString (size * 1024 * 1024); in`
format wiht nixpkgs-fmt 2020-01-22 12:37:13 +01:00			`{`
ci: add basic nix and cachix support (#15) 2020-04-07 13:31:11 +00:00			`binaryCachePublicKeys = [`
			`"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="`
			`];`
			`binaryCaches = [`
			`"https://nix-community.cachix.org"`
			`];`

format wiht nixpkgs-fmt 2020-01-22 12:37:13 +01:00			`extraOptions = ''`
			`# auto-free the /nix/store`
			`min-free = ${asGB 10}`
			`max-free = ${asGB 200}`
misc changes 2019-08-12 11:33:34 +02:00
format wiht nixpkgs-fmt 2020-01-22 12:37:13 +01:00			`# avoid copying unecessary stuff over SSH`
			`builders-use-substitutes = true`
build01: use nixUnstable (#44) 2020-12-12 16:05:36 +00:00
			`# allow flakes`
			`experimental-features = nix-command flakes`
format wiht nixpkgs-fmt 2020-01-22 12:37:13 +01:00			`'';`
			`# Hard-link duplicated files`
			`autoOptimiseStore = true;`
build01: use nixUnstable (#44) 2020-12-12 16:05:36 +00:00
			`# Add support for flakes`
			`package = pkgs.nixUnstable;`
format wiht nixpkgs-fmt 2020-01-22 12:37:13 +01:00			`};`
Modularise setup, add hardening config 2019-08-11 19:53:02 +01:00
fix monitoring software-raids 2021-02-17 23:31:22 +01:00			`# Without configuration this unit will fail...`
			`# Just disable it since we are using telegraf to monitor raid health.`
			`systemd.services.mdmonitor.enable = false;`

misc changes 2019-08-12 11:33:34 +02:00			`# enable "sar" system activity collection`
			`services.sysstat.enable = true;`

Modularise setup, add hardening config 2019-08-11 19:53:02 +01:00			`# Make debugging failed units easier`
			`systemd.extraConfig = ''`
			`DefaultStandardOutput=journal`
			`DefaultStandardError=journal`
			`'';`

			`# The nix-community is global :)`
			`time.timeZone = "UTC";`
			`}`
No results found.