Currently broken config...
This commit is contained in:
root
@@ -77,6 +77,10 @@
|
||||
|
||||
services.dbus.socketActivated = true;
|
||||
|
||||
services.openssh.forwardX11 = true;
|
||||
|
||||
programs.ssh.forwardX11 = true;
|
||||
|
||||
sound.enable = true;
|
||||
|
||||
hardware.pulseaudio.enable = true;
|
||||
|
||||
@@ -1,8 +1,14 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
];
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
];
|
||||
|
||||
noXlibs = true;
|
||||
};
|
||||
|
||||
security.hideProcessInformation = true;
|
||||
|
||||
boot.tmpOnTmpfs = true;
|
||||
|
||||
|
||||
@@ -1,34 +0,0 @@
|
||||
{ config, pkgs, environment, ... }:
|
||||
|
||||
let
|
||||
databasePath = /var/heimdal/heimdal;
|
||||
|
||||
in {
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
heimdalFull
|
||||
];
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
heimdal-kdc = {
|
||||
enable = true;
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
description = "Heimdal Kerberos Key Distribution Center (ticket server)";
|
||||
serviceConfig = {
|
||||
ExecStart = ''${pkgs.heimdalFull}/libexec/heimdal/kdc'';
|
||||
};
|
||||
};
|
||||
|
||||
heimdal-admin-server = {
|
||||
enable = true;
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
description = "Heimdal Kerberos Remote Administration Server";
|
||||
serviceConfig = {
|
||||
ExecStart = ''${pkgs.heimdalFull}/libexec/heimdal/kadmind'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,19 +0,0 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
dataDir = /srv/minecraft/data;
|
||||
in {
|
||||
services.minecraft-server = {
|
||||
enable = true;
|
||||
package = pkgs.minecraft-server_1_15_1;
|
||||
dataDir = dataDir;
|
||||
eula = true;
|
||||
declarative = true;
|
||||
serverProperties = {
|
||||
level-name = "selbyland";
|
||||
motd = "Welcome to the Selby Minecraft Server";
|
||||
difficulty = 2;
|
||||
gamemode = "survival";
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,65 +0,0 @@
|
||||
{ config, pkgs, environment, ... }:
|
||||
|
||||
let
|
||||
dataPath = /srv + ("/" + config.networking.hostName);
|
||||
|
||||
in {
|
||||
|
||||
environment = {
|
||||
|
||||
systemPackages = with pkgs; [
|
||||
postgresql_11_gssapi
|
||||
];
|
||||
|
||||
etc = {
|
||||
"postgresql/private/privkey.pem" = {
|
||||
mode = "0400";
|
||||
user = "postgres";
|
||||
group = "postgres";
|
||||
source = dataPath + "/certs/private/privkey.pem";
|
||||
};
|
||||
|
||||
"postgresql/cert.pem" = {
|
||||
mode = "0444";
|
||||
user = "postgres";
|
||||
group = "postgres";
|
||||
source = dataPath + "/certs/cert.pem";
|
||||
};
|
||||
|
||||
"postgresql/private/postgres.keytab" = {
|
||||
mode = "0400";
|
||||
user = "postgres";
|
||||
group = "postgres";
|
||||
source = dataPath + "/keytabs/postgres.keytab";
|
||||
};
|
||||
};
|
||||
};
|
||||
<
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql_11_gssapi;
|
||||
enableTCPIP = true;
|
||||
|
||||
extraConfig =
|
||||
''
|
||||
krb_server_keyfile = '/etc/postgresql/private/postgres.keytab'
|
||||
|
||||
ssl = true
|
||||
ssl_cert_file = '/etc/postgresql/cert.pem'
|
||||
ssl_key_file = '/etc/postgresql/private/privkey.pem'
|
||||
'';
|
||||
|
||||
authentication =
|
||||
''
|
||||
local all all ident
|
||||
|
||||
# host-local
|
||||
host all all 127.0.0.1/32 gss include_realm=0 krb_realm=FUDO.ORG
|
||||
host all all ::1/128 gss include_realm=0 krb_realm=FUDO.ORG
|
||||
|
||||
# local network
|
||||
host all all 10.0.0.1/24 gss include_realm=0 krb_realm=FUDO.ORG
|
||||
host all all 2601:600:997f:fc00::/60 gss include_realm=0 krb_realm=FUDO.ORG
|
||||
'';
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user