infra/roles/common.nix

{ pkgs, lib, config, ... }:

{

  imports = [
    ./cachix-deploy
    ./nix-daemon.nix
    ./security.nix
    ./sshd.nix
    ./telegraf
    ./users.nix
    ./zfs.nix
    ./sops-nix.nix
  ];

  environment.systemPackages = [
    # for quick activity overview
    pkgs.htop
  ];

  # Nicer interactive shell
  programs.fish.enable = true;
  # And for the zsh peeps
  programs.zsh.enable = true;

  # Entropy gathering daemon
  services.haveged.enable = true;

  security.acme.email = "trash@nix-community.org";
  security.acme.acceptTerms = true;

  # Without configuration this unit will fail...
  # Just disable it since we are using telegraf to monitor raid health.
  systemd.services.mdmonitor.enable = false;

  # enable "sar" system activity collection
  services.sysstat.enable = true;

  # Make debugging failed units easier
  systemd.extraConfig = ''
    DefaultStandardOutput=journal
    DefaultStandardError=journal
  '';

  # The nix-community is global :)
  time.timeZone = "UTC";

  # speed-up evaluation & save disk space by disabling manpages
  documentation.enable = false;
}
Modularise setup, add hardening config 2019-08-11 19:53:02 +01:00			`{ pkgs, lib, config, ... }:`

			`{`

also deploy telegraf on build02 2021-01-21 16:28:48 +01:00			`imports = [`
add cachix deploy 2021-12-23 20:39:49 +01:00			`./cachix-deploy`
move things around a bit (#61) * keep ./services for instances ./profiles is for config-only modules ./services are like profiles, but configure a single instance of a service. Those are fronted by Nginx as the load-balancer and have a DNS entry as well. * ci: build build03 as well * move hydra to services * move matterbridge to services * move marvin-mk2 to services * build01: share the remainder profiles * build02: use the nix-community-cache * fixup kexec * rename profiles to roles * README: sync with reality 2021-03-07 16:28:44 +00:00			`./nix-daemon.nix`
also deploy telegraf on build02 2021-01-21 16:28:48 +01:00			`./security.nix`
move things around a bit (#61) * keep ./services for instances ./profiles is for config-only modules ./services are like profiles, but configure a single instance of a service. Those are fronted by Nginx as the load-balancer and have a DNS entry as well. * ci: build build03 as well * move hydra to services * move matterbridge to services * move marvin-mk2 to services * build01: share the remainder profiles * build02: use the nix-community-cache * fixup kexec * rename profiles to roles * README: sync with reality 2021-03-07 16:28:44 +00:00			`./sshd.nix`
			`./telegraf`
move users configuration to seperate profile 2021-03-04 06:24:57 +01:00			`./users.nix`
move things around a bit (#61) * keep ./services for instances ./profiles is for config-only modules ./services are like profiles, but configure a single instance of a service. Those are fronted by Nginx as the load-balancer and have a DNS entry as well. * ci: build build03 as well * move hydra to services * move matterbridge to services * move marvin-mk2 to services * build01: share the remainder profiles * build02: use the nix-community-cache * fixup kexec * rename profiles to roles * README: sync with reality 2021-03-07 16:28:44 +00:00			`./zfs.nix`
migrate to sops-nix 2021-09-25 22:35:51 +02:00			`./sops-nix.nix`
also deploy telegraf on build02 2021-01-21 16:28:48 +01:00			`];`
Modularise setup, add hardening config 2019-08-11 19:53:02 +01:00
misc changes 2019-08-12 11:33:34 +02:00			`environment.systemPackages = [`
			`# for quick activity overview`
			`pkgs.htop`
			`];`

Modularise setup, add hardening config 2019-08-11 19:53:02 +01:00			`# Nicer interactive shell`
			`programs.fish.enable = true;`
			`# And for the zsh peeps`
			`programs.zsh.enable = true;`

			`# Entropy gathering daemon`
			`services.haveged.enable = true;`

acme: move to common profile 2021-03-04 10:55:37 +01:00			`security.acme.email = "trash@nix-community.org";`
			`security.acme.acceptTerms = true;`

fix monitoring software-raids 2021-02-17 23:31:22 +01:00			`# Without configuration this unit will fail...`
			`# Just disable it since we are using telegraf to monitor raid health.`
			`systemd.services.mdmonitor.enable = false;`

misc changes 2019-08-12 11:33:34 +02:00			`# enable "sar" system activity collection`
			`services.sysstat.enable = true;`

Modularise setup, add hardening config 2019-08-11 19:53:02 +01:00			`# Make debugging failed units easier`
			`systemd.extraConfig = ''`
			`DefaultStandardOutput=journal`
			`DefaultStandardError=journal`
			`'';`

			`# The nix-community is global :)`
			`time.timeZone = "UTC";`
general: disable nixos docs 2022-01-09 15:56:36 +01:00
			`# speed-up evaluation & save disk space by disabling manpages`
			`documentation.enable = false;`
Modularise setup, add hardening config 2019-08-11 19:53:02 +01:00			`}`
No results found.