nix/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Working refactored (on a test server)

Browse Source
This commit is contained in:
Root 2021-02-25 20:45:50 +00:00
parent 372cf5fc6a
commit 42e01b0840
31 changed files with 400 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
config/common.nix Normal file
View File

@ -0,0 +1,8 @@
{ config, lib, pkgs, ... }:
# Config common to all hosts, which don't belong anywhere else
{
config = {
home-manager.users.root = import ../home-manager/root.nix { inherit config lib pkgs; };
};
}

21
config/default.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }:
{
config = {
imports = [
./bash.nix
./domains.nix
./groups.nix
./hosts.nix
./sites.nix
./users.nix
./wireless-networks.nix
];
};
imports = [
./bash.nix
./common.nix
./domains.nix
./groups.nix
./hosts.nix
./sites.nix
./users.nix
./wireless-networks.nix
];
}

16
config/domains.nix
View File

@ -2,27 +2,27 @@
{
config.fudo.domains = {
fudo.org = {
"fudo.org" = {
local-networks = [ "208.81.1.128/28" "208.81.3.112/28" ];
local-users = [ "niten" "reaper" ];
local-groups = [ "fudo" "selby" "admin" ];
admin-users = [ "niten" "reaper" ];
admin-email = "admin@fudo.org";
gssapi-realm = "FUDO.ORG";
};
sea.fudo.org = {
"sea.fudo.org" = {
local-networks = [ "10.0.0.0/24" ];
local-users = [ "niten" "reaper" "xiaoxuan" "ken" ];
local-groups = [ "fudo" "selby" "admin" ];
admin-users = [ "niten" ];
admin-email = "niten@fudo.org";
gssapi-realm = "FUDO.ORG";
local-dns = import ./networks/sea.fudo.org.nix { };
};
rus.selby.ca = {
"rus.selby.ca" = {
local-networks = [ "10.0.0.0/24" ];
local-users = [
@ -37,17 +37,17 @@
"jess"
"andrew"
];
local-groups = [ "fudo" "selby" "admin" ];
local-admins = [ "niten" ];
admin-email = "niten@fudo.org";
gssapi-realm = "FUDO.ORG";
local-dns = import ./networks/rus.selby.ca.nix { };
};
informis.land = {
"informis.land" = {
local-networks = [ ];
local-users = [ "niten" "viator" ];
local-groups = [ "admin" ];
admin-users = [ "niten" ];
admin-email = "viator@informis.land";
gssapi-realm = "INFORMIS.LAND";

4
config/domains/fudo.org.nix Normal file
View File

@ -0,0 +1,4 @@
{ config, lib, pkgs, ... }:
{
}

4
config/domains/informis.land.nix Normal file
View File

@ -0,0 +1,4 @@
{ config, lib, pkgs, ... }:
{
}

5
config/domains/rus.selby.ca.nix Normal file
View File

@ -0,0 +1,5 @@
{ config, lib, pkgs, ... }:
{
}

5
config/domains/sea.fudo.org.nix Normal file
View File

@ -0,0 +1,5 @@
{ config, lib, pkgs, ... }:
{
}

79
config/groups.nix Normal file
View File

@ -0,0 +1,79 @@
{ config, lib, pkgs, ... }:
{
config.fudo.groups = {
admin = {
gid = 1000;
description = "Admin User Group";
members = [
"niten"
"reaper"
"swaff"
];
};
fudo = {
gid = 1001;
description = "Fudo User Group";
members = [
"andrew"
"animus"
"anorthe"
"ark"
"ben"
"brian"
"chad"
"ckoo"
"dabar"
"dana"
"darryl"
"debo"
"flowchart"
"gaijin"
"gubbs"
"helen"
"jess"
"jill"
"jinny"
"joker4ever"
"jun"
"kevin"
"kevinyinjunjie"
"kris"
"laura"
"leefolio"
"niten"
"r3d3"
"reaper"
"rob"
"saphira"
"slickoil"
"splat1"
"stewartd"
"swaff"
"theblacksun"
"xiaoxuan"
"zimm"
];
};
selby = {
gid = 1002;
description = "Selby User Group";
members = [
"andrew"
"brian"
"darryl"
"helen"
"jess"
"ken"
"kevin"
"laura"
"niten"
"rob"
"vee"
"xiaoxuan"
];
};
};
}

7
config/hardware/plato.nix
View File

@ -1,5 +1,6 @@
{ config, lib, pkgs, ... }:
with lib;
{
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
@ -53,7 +54,7 @@
};
};
services.autoScrub.enable = true;
services.zfs.autoScrub.enable = true;
swapDevices = [{ device = "/dev/disk/by-label/plato-swap"; }];
@ -61,7 +62,9 @@
hardware.bluetooth.enable = false;
network = {
networking = {
hostId = substring 0 8 (fileContents /etc/machine-id);
macvlans = {
intif0 = {
interface = "enp1s0";

47
config/hosts.nix
View File

@ -4,87 +4,44 @@
config.fudo.hosts = {
atom = {
description = "Niten's toy laptop.";
domain = "sea.fudo.org";
site = "seattle";
profile = "laptop";
enable-gui = false;
hardware-config = ./hardware/atom.nix;
};
clunk = let
primary-ip = "10.0.0.1";
internal-interfaces = [ "intif0" ];
external-interface = "extif0";
dns-over-https-port = 5353;
in {
clunk = {
description = "rus.selby.ca gateway box.";
domain = "rus.selby.ca";
site = "russell";
profile = "gateway-server";
docker-server = true;
hardware-config = ./hardware/clunk.nix;
extra-config = import ./hosts/clunk.nix { };
};
france = {
description = "Primary fudo.org server.";
domain = "fudo.org";
site = "portage";
profile = "server";
docker-server = true;
hardware-config = ./hardware/france.nix;
};
lambda = {
description = "Niten's experiment server.";
domain = "sea.fudo.org";
site = "seattle";
profile = "server";
description = "sea.fudo.org experiment server.";
docker-server = true;
hardware-config = ./hardware/lambda.nix;
};
nostromo = {
description = "sea.fudo.org gateway box and primary server.";
domain = "sea.fudo.org";
site = "seattle";
profile = "gateway-server";
docker-server = true;
hardware-config = ./hardware/nostromo.nix;
};
plato = {
description = "Niten's toy server.";
domain = "rus.selby.ca";
site = "russell";
profile = "server";
hardware-config = ./hardware/plato.nix;
};
procul = {
description = "informis.land server.";
domain = "informis.land";
site = "joes-datacenter-0";
profile = "server";
docker-server = true;
hardware-config = ./hardware/procul.nix;
};
spark = {
description = "Niten's backup desktop.";
domain = "sea.fudo.org";
site = "seattle";
profile = "desktop";
hardware-config = ./hardware/spark.nix;
};
zbox = {
description = "Niten's primary desktop.";
domain = "sea.fudo.org";
site = "seattle";
profile = "desktop";
hardware-config = ./hardware/zbox.nix;
};
};
}

5
config/hosts/plato.nix
View File

@ -15,6 +15,11 @@ with lib; {
${pkgs.zfs}/bin/zfs rollback -r zroot/transient/root@blank
'';
security.sudo.extraConfig = ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never
'';
services = {
openssh = {
hostKeys = [

7
config/profiles/common-ui.nix
View File

@ -21,6 +21,13 @@ in {
windowManager.stumpwm.enable = true;
emacs = {
enable = true;
install = true;
package = pkgs.emacs;
defaultEditor = true;
};
# windowManager.session = pkgs.lib.singleton {
# name = "stumpwm";
# start = ''

9
config/profiles/common.nix
View File

@ -3,7 +3,7 @@
with lib;
let
# Available to all users on the system. Keep it minimal.
global-packages = with pkgs; [ emacs openssh_gssapi vim wget ];
global-packages = with pkgs; [ openssh_gssapi vim wget ];
in {
environment = {
@ -11,7 +11,7 @@ in {
systemPackages = global-packages;
environment.shellInit = ''
shellInit = ''
${pkgs.gnupg}/bin/gpg-connect-agent /bye
export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)
'';
@ -23,11 +23,6 @@ in {
system.autoUpgrade.enable = true;
services = {
emacs = {
enable = true;
defaultEditor = true;
};
openssh = {
enable = true;
startWhenNeeded = true;

15
config/profiles/server.nix
View File

@ -48,13 +48,13 @@ in {
emacs-nox
ldns
ldns.examples
jdk12_headless
jdk14_headless
racket-minimal
reboot-if-necessary
test-config
];
noXlibs = true;
# noXlibs = lib.mkForce true;
};
security = { hideProcessInformation = true; };
@ -63,7 +63,16 @@ in {
boot.tmpOnTmpfs = true;
services.xserver.enable = false;
services = {
xserver.enable = false;
emacs = {
enable = true;
install = true;
package = pkgs.emacs;
defaultEditor = true;
};
};
sound.enable = false;
hardware.pulseaudio.enable = false;

5
config/sites/joes-datacenter-0.nix Normal file
View File

@ -0,0 +1,5 @@
{ config, lib, pkgs, ... }:
{
}

5
config/sites/portage.nix Normal file
View File

@ -0,0 +1,5 @@
{ config, lib, pkgs, ... }:
{
}

5
config/sites/russell.nix Normal file
View File

@ -0,0 +1,5 @@
{ config, lib, pkgs, ... }:
{
}

5
config/sites/seattle.nix Normal file
View File

@ -0,0 +1,5 @@
{ config, lib, pkgs, ... }:
{
}

139
config/users.nix
View File

@ -6,84 +6,85 @@
uid = 10000;
primary-group = "admin";
common-name = "Peter Selby";
ldap-hashed-password = "{SSHA}dF/5NGkafL8M1kpa3LYZKdh0Pc7a02gA";
login-hashed-password =
ldap-hashed-passwd = "{SSHA}dF/5NGkafL8M1kpa3LYZKdh0Pc7a02gA";
login-hashed-passwd =
"$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
ssh-authorized-keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDoWkjyeIfgwm0b78weToVYOQSD0RQ0qbNzpsN5NokbIFv2/980kLtnYrQEgIJ/JwMLlT3uJYacbCT5/a6Fb8oLxNpj0AF1EKaWZ3Rrlg72Sq+9SEwJwWWmZizX83sovMwUBMaUp6jWLhAhPpzBW5pfc5YWoc89wxGbELSwzgt5EgHbSJgvDnaHSp3fVaY01wfDXbL/oO160iNe7wv2HLMZu/FkWBkIjz6HmoGJJzYM89bUpHbyYG28lmCHB/8UPog5/BsjOn3/qupgf4zh6mMdMsXLvbR2jVwVjxcEMj9N5nCvc+Y3oi7Mij6VNrWbhkaAJMEzeMhWYrF3/pFQxUqG37aK3d0gw9kp5tMDLIlAPX4y1lfA87pIzoa0+Alql0CJQA1IJvp9SFG7lBmSthWQLmZvwwfoGg/ZjF6rOgsVoZ8TizpQnydWJDr6NboU9LL9Oa64OM5Rs0AU3cR2UbOF4QIcWFJ/7oDe3dOnfZ8QYqx9eXJyxoAUpDanaaTHYBiAKkeOBwQU+MVLKCcONKw9FZclf/1TpDB5b3/JeUFANjHQTv0UXA4YYU7iCx6H7XB4qwwtU9O19CGQYYfCfULX12/fRpYJw6VJaQWyyU4Bn5dk/dcB2nGI36jwbLMfhbUTIApujioAnd/GQIMakHEZ1+syPhMx9BxMkZb99B0A1Q== openpgp:0x4EC95B64"
];
home = "/home/niten";
home-directory = "/home/niten";
home-manager-config = import ../home-manager/niten.nix { inherit config lib pkgs; };
};
andrew = {
uid = 10001;
primary-group = "selby";
common-name = "Andrew Selby";
ldap-hashed-password = "";
ldap-hashed-passwd = "";
};
animus = {
uid = 10002;
primary-group = "fudo";
common-name = "James Frazer";
ldap-hashed-password = "";
ldap-hashed-passwd = "";
};
ark = {
uid = 10005;
primary-group = "fudo";
common-name = "Roger Wong";
ldap-hashed-password = "";
ldap-hashed-passwd = "";
};
ben = {
uid = 10007;
primary-group = "fudo";
common-name = "Ben";
ldap-hashed-password = "{MD5}v0jY5bADu30cAR1Uu/eWYQ==";
ldap-hashed-passwd = "{MD5}v0jY5bADu30cAR1Uu/eWYQ==";
};
chad = {
uid = 10011;
primary-group = "fudo";
common-name = "Chad Isbister";
ldap-hashed-password = "{MD5}fQ309GUF2DvHlJ3R+5wNuA==";
ldap-hashed-passwd = "{MD5}fQ309GUF2DvHlJ3R+5wNuA==";
};
ckoo = {
uid = 10014;
primary-group = "fudo";
common-name = "Jason Bush";
ldap-hashed-password = "{MD5}KMFeaBc7e/gVzL/QUT0mYw==";
ldap-hashed-passwd = "{MD5}KMFeaBc7e/gVzL/QUT0mYw==";
};
dana = {
uid = 10015;
primary-group = "fudo";
common-name = "Dana Eftodie";
ldap-hashed-password = "{MD5}+ijTylKau4uot2kGMqKSTA==";
ldap-hashed-passwd = "{MD5}+ijTylKau4uot2kGMqKSTA==";
};
jill = {
uid = 10030;
primary-group = "fudo";
common-name = "Jill Isbister";
ldap-hashed-password = "{MD5}fQ309GUF2DvHlJ3R+5wNuA==";
ldap-hashed-passwd = "{MD5}fQ309GUF2DvHlJ3R+5wNuA==";
};
joker4ever = {
uid = 10033;
primary-group = "fudo";
common-name = "Jack Clarke";
ldap-hashed-password = "{SSHA}w78XwSax9WywIDujMxEoO7o87d2LDJRo";
ldap-hashed-passwd = "{SSHA}w78XwSax9WywIDujMxEoO7o87d2LDJRo";
};
ken = {
uid = 10035;
primary-group = "selby";
common-name = "Ken Selby";
ldap-hashed-password = "{SSHA}YvtkEpqsReXcMdrzlui/ZmhIUKN42YO1";
login-hashed-password =
ldap-hashed-passwd = "{SSHA}YvtkEpqsReXcMdrzlui/ZmhIUKN42YO1";
login-hashed-passwd =
"$6$EwK9fpbH8$gYVzYY1IYw2/G0wCeUxXrZZqvjWCkCZbBqCOhxowbMuYtC5G0vp.AoYhVKWOJcHJM2c7TdPmAdnhLIe2KYStf.";
};
@ -91,88 +92,88 @@
uid = 10049;
primary-group = "admin";
common-name = "Jonathan Stewart";
ldap-hashed-password = "{MD5}EBvifhJ6z9dIDx0KWkAPoQ==";
login-hashed-password =
ldap-hashed-passwd = "{MD5}EBvifhJ6z9dIDx0KWkAPoQ==";
login-hashed-passwd =
"$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
home = "/home/reaper";
home-directory = "/home/reaper";
};
slickoil = {
uid = 10052;
primary-group = "fudo";
common-name = "Connor Cooley";
ldap-hashed-password = "{MD5}8Qrpagi8TYnZQdFoYe02rA==";
ldap-hashed-passwd = "{MD5}8Qrpagi8TYnZQdFoYe02rA==";
};
splat1 = {
uid = 10053;
primary-group = "fudo";
common-name = "Matt Evans";
ldap-hashed-password = "{MD5}JeHNutGTBMHOqFgVlYjfpw==";
ldap-hashed-passwd = "{MD5}JeHNutGTBMHOqFgVlYjfpw==";
};
swaff = {
uid = 10055;
primary-group = "fudo";
common-name = "Mark Swaffer";
ldap-hashed-password = "{MD5}C5gIsLsaKSvIPydu4uzhNg==";
ldap-hashed-passwd = "{MD5}C5gIsLsaKSvIPydu4uzhNg==";
};
brian = {
uid = 10056;
primary-group = "selby";
common-name = "Brian Selby";
ldap-hashed-password = "{crypt}$1$npZLTPEO$p2bTx8TTlCg7XNiivTJsC1";
ldap-hashed-passwd = "{crypt}$1$npZLTPEO$p2bTx8TTlCg7XNiivTJsC1";
};
rob = {
uid = 10057;
primary-group = "selby";
common-name = "Robert Selby";
ldap-hashed-password = "{crypt}HD1ESf1hAGdks";
ldap-hashed-passwd = "{crypt}HD1ESf1hAGdks";
};
tarbash = {
uid = 10059;
primary-group = "fudo";
common-name = "Neville";
ldap-hashed-password = "{crypt}$1$cE6lVNbC$PLjlE9vK77SKNKwJBKiT//";
ldap-hashed-passwd = "{crypt}$1$cE6lVNbC$PLjlE9vK77SKNKwJBKiT//";
};
darryl = {
uid = 10060;
primary-group = "selby";
common-name = "Darryl Kissick";
ldap-hashed-password = "{crypt}$1$oUNTMyKU$oUs6JqBRTPKE9A/sEzlSY0";
ldap-hashed-passwd = "{crypt}$1$oUNTMyKU$oUs6JqBRTPKE9A/sEzlSY0";
};
ayumi = {
uid = 10061;
primary-group = "fudo";
common-name = "Ayumi Kira";
ldap-hashed-password = "{MD5}5OkpooOLxw94nF1lOfn/ZQ==";
ldap-hashed-passwd = "{MD5}5OkpooOLxw94nF1lOfn/ZQ==";
};
saphira = {
uid = 10063;
primary-group = "fudo";
common-name = "Elizabeth Stewart";
ldap-hashed-password = "{crypt}$1$cQ/Zq25x$fUQfUtpMB.f3rBWzttPns.";
ldap-hashed-passwd = "{crypt}$1$cQ/Zq25x$fUQfUtpMB.f3rBWzttPns.";
};
banen = {
uid = 10064;
primary-group = "fudo";
common-name = "Travis Neis";
ldap-hashed-password = "{crypt}$1$cyfM/Vni$vIuirRln.MnWActOR6t8S.";
ldap-hashed-passwd = "{crypt}$1$cyfM/Vni$vIuirRln.MnWActOR6t8S.";
};
xiaoxuan = {
uid = 10065;
primary-group = "fudo";
common-name = "Xiaoxuan Jin";
ldap-hashed-password = "{MD5}iecbyMpyVkmOaMBzSFy58Q==";
login-hashed-password =
ldap-hashed-passwd = "{MD5}iecbyMpyVkmOaMBzSFy58Q==";
login-hashed-passwd =
"$6$C8lYHrK7KvdKm/RE$cHZ2hg5gEOEjTV8Zoayik8sz5h.Vh0.ClCgOlQn8l/2Qx/qdxqZ7xCsAZ1GZ.IEyESfhJeJbjLpykXDwPpfVF0";
};
@ -180,232 +181,232 @@
uid = 10066;
primary-group = "fudo";
common-name = "";
ldap-hashed-password = "{crypt}$1$HzQOn3zV$ogkeS5ByWrFstYo0FhXB/.";
ldap-hashed-passwd = "{crypt}$1$HzQOn3zV$ogkeS5ByWrFstYo0FhXB/.";
};
flowchart = {
uid = 10067;
primary-group = "fudo";
common-name = "BH Bieterse";
ldap-hashed-password = "{crypt}$1$lQMZ42RZ$aAOsLHP0i.yfvD1a1EVsA/";
ldap-hashed-passwd = "{crypt}$1$lQMZ42RZ$aAOsLHP0i.yfvD1a1EVsA/";
};
gubbs = {
uid = 10068;
primary-group = "fudo";
common-name = "Lorcan Gavin";
ldap-hashed-password = "{MD5}AIf4bJZyHCnvJVL3YHRnIg==";
ldap-hashed-passwd = "{MD5}AIf4bJZyHCnvJVL3YHRnIg==";
};
debo = {
uid = 10069;
primary-group = "fudo";
common-name = "Deborah Osti";
ldap-hashed-password = "{crypt}$1$5wEBGh/8$Ggp2JAI/rQiBXxJ89G0iq1";
ldap-hashed-passwd = "{crypt}$1$5wEBGh/8$Ggp2JAI/rQiBXxJ89G0iq1";
};
leefolio = {
uid = 10070;
primary-group = "fudo";
common-name = "Ze Artiste";
ldap-hashed-password = "{crypt}$1$LRlAYBst$sS1bPu8yEPrdYkQhoZhAq1";
ldap-hashed-passwd = "{crypt}$1$LRlAYBst$sS1bPu8yEPrdYkQhoZhAq1";
};
zimm = {
uid = 10071;
primary-group = "fudo";
common-name = "Ross Drinkwater";
ldap-hashed-password = "{SSHA}er1cgYDNPJsfLwtqYLopKMGMxiZZRGdY";
ldap-hashed-passwd = "{SSHA}er1cgYDNPJsfLwtqYLopKMGMxiZZRGdY";
};
gaijin = {
uid = 10072;
primary-group = "fudo";
common-name = "Tetsuo Torigai";
ldap-hashed-password = "{crypt}$1$bw8hyDXm$pMLLUtlDlVLwBTZiC0Lzf0";
ldap-hashed-passwd = "{crypt}$1$bw8hyDXm$pMLLUtlDlVLwBTZiC0Lzf0";
};
anorthe = {
uid = 10073;
primary-group = "fudo";
common-name = "Bonnie Wong";
ldap-hashed-password = "{crypt}$1$DORfHzbp$nJkk0OXd7WzYDxx8LbdMK.";
ldap-hashed-passwd = "{crypt}$1$DORfHzbp$nJkk0OXd7WzYDxx8LbdMK.";
};
stewartd = {
uid = 10076;
primary-group = "fudo";
common-name = "Dwight Stewart";
ldap-hashed-password = "{MD5}e2GSmH+l4ZZ808snWsFNYw==";
ldap-hashed-passwd = "{MD5}e2GSmH+l4ZZ808snWsFNYw==";
};
jess = {
uid = 10078;
primary-group = "selby";
common-name = "Jessica Selby";
ldap-hashed-password = "{MD5}2tbtZre16apUTNtRIK98nQ==";
ldap-hashed-passwd = "{MD5}2tbtZre16apUTNtRIK98nQ==";
};
kevin = {
uid = 10079;
primary-group = "selby";
common-name = "Kevin Selby";
ldap-hashed-password = "{crypt}$1$UYKrkMEe$SAABgc1pCBYgPFIMepNrM.";
ldap-hashed-passwd = "{crypt}$1$UYKrkMEe$SAABgc1pCBYgPFIMepNrM.";
};
theblacksun = {
uid = 10080;
primary-group = "fudo";
common-name = "Brendan Goodfellow";
ldap-hashed-password = "{MD5}Hmw6pFYYT87nmpLp0QxcQw==";
ldap-hashed-passwd = "{MD5}Hmw6pFYYT87nmpLp0QxcQw==";
};
kris = {
uid = 10082;
primary-group = "selby";
common-name = "Kris Huberdeau";
ldap-hashed-password = "{SSHA}RUYeAEUyblnCWa9uBzY9nwsmoksy8P3Y";
ldap-hashed-passwd = "{SSHA}RUYeAEUyblnCWa9uBzY9nwsmoksy8P3Y";
};
jun = {
uid = 10083;
primary-group = "fudo";
common-name = "Junichi Suzuki";
ldap-hashed-password = "{crypt}$1$ExfgQXb8$b1ihvMRbG2dWbnlmzzI/h.";
ldap-hashed-passwd = "{crypt}$1$ExfgQXb8$b1ihvMRbG2dWbnlmzzI/h.";
};
jinny = {
uid = 10084;
primary-group = "fudo";
common-name = "Hye-jin Kim";
ldap-hashed-password = "{crypt}$1$6cld82N8$5a9ovCPXSacDmK3TWDaF30";
ldap-hashed-passwd = "{crypt}$1$6cld82N8$5a9ovCPXSacDmK3TWDaF30";
};
helen = {
uid = 10086;
primary-group = "selby";
common-name = "Helen Selby";
ldap-hashed-password = "{SSHA}uckUXX09MjYq9++sF3f9b2IY8a9UBIxm";
ldap-hashed-passwd = "{SSHA}uckUXX09MjYq9++sF3f9b2IY8a9UBIxm";
};
vee = {
uid = 10087;
primary-group = "selby";
common-name = "Vee Selby";
ldap-hashed-password = "snoinuer";
ldap-hashed-passwd = "snoinuer";
};
dabar = {
uid = 10088;
primary-group = "fudo";
common-name = "Dan Bernardic";
ldap-hashed-password = "{MD5}ULrk46YUeUZQrl0+wAQiWA==";
ldap-hashed-passwd = "{MD5}ULrk46YUeUZQrl0+wAQiWA==";
};
r3d3 = {
uid = 10089;
primary-group = "fudo";
common-name = "Derek Veroni";
ldap-hashed-password = "{SHA}2XyijGDovUhA1/Z/XR+9h9Ia4fY=";
ldap-hashed-passwd = "{SHA}2XyijGDovUhA1/Z/XR+9h9Ia4fY=";
};
laura = {
uid = 10090;
primary-group = "selby";
common-name = "Laura Selby";
ldap-hashed-password = "{MD5}MI65czN0duIudMhYH+BU9Q==";
ldap-hashed-passwd = "{MD5}MI65czN0duIudMhYH+BU9Q==";
};
tuk = {
uid = 10091;
primary-group = "fudo";
common-name = "Taku Koba";
ldap-hashed-password = "{MD5}DQuoQluy50128r8MxAmFkQ==";
ldap-hashed-passwd = "{MD5}DQuoQluy50128r8MxAmFkQ==";
};
aki = {
uid = 10092;
primary-group = "fudo";
common-name = "Akihito Mori";
ldap-hashed-password = "{MD5}oGAt2kJGKMqX+CmfV1w/GA==";
ldap-hashed-passwd = "{MD5}oGAt2kJGKMqX+CmfV1w/GA==";
};
ansyg = {
uid = 10095;
primary-group = "fudo";
common-name = "Anseok Joo";
ldap-hashed-password = "{MD5}AHhHl02D3uDmWhPJZ6QPOw==";
ldap-hashed-passwd = "{MD5}AHhHl02D3uDmWhPJZ6QPOw==";
};
jackie = {
uid = 10097;
primary-group = "selby";
common-name = "Jackie Selby";
ldap-hashed-password = "{MD5}fa6JfWySlH63sITsxrTt0Q==";
ldap-hashed-passwd = "{MD5}fa6JfWySlH63sITsxrTt0Q==";
};
mtopf = {
uid = 10100;
primary-group = "fudo";
common-name = "Michael Topf";
ldap-hashed-password = "{MD5}/pleD8SiLhmnRr1RVspNcA==";
ldap-hashed-passwd = "{MD5}/pleD8SiLhmnRr1RVspNcA==";
};
tat = {
uid = 10101;
primary-group = "fudo";
common-name = "Tatsuro Akano";
ldap-hashed-password = "{MD5}fAV5GX8UdjsXIFjU0Ex4SA==";
ldap-hashed-passwd = "{MD5}fAV5GX8UdjsXIFjU0Ex4SA==";
};
blatzkrieg = {
uid = 10102;
primary-group = "fudo";
common-name = "Brendan Blatz";
ldap-hashed-password = "{MD5}1nE/ndFwGbfH/wLagxvt8w==";
ldap-hashed-passwd = "{MD5}1nE/ndFwGbfH/wLagxvt8w==";
};
ellie = {
uid = 10103;
primary-group = "fudo";
common-name = "Ellie Lee";
ldap-hashed-password = "{MD5}gzjwt+kw2nmvJ1FKFTpSZA==";
ldap-hashed-passwd = "{MD5}gzjwt+kw2nmvJ1FKFTpSZA==";
};
alan = {
uid = 10104;
primary-group = "fudo";
common-name = "Alan Wong";
ldap-hashed-password = "{MD5}WhohVE4xfo9RIOw1kG3s1Q==";
ldap-hashed-passwd = "{MD5}WhohVE4xfo9RIOw1kG3s1Q==";
};
omefire = {
uid = 10105;
primary-group = "fudo";
common-name = "Omar Mefire";
ldap-hashed-password = "{SSHA}W6KWo26wl/nawpV++wMqsKdwrIwrait5";
ldap-hashed-passwd = "{SSHA}W6KWo26wl/nawpV++wMqsKdwrIwrait5";
};
gordon = {
uid = 10106;
primary-group = "fudo";
common-name = "Gordon Stewart";
ldap-hashed-password = "{SSHA}jaCOc1ZjCI9klVR+v676lIBOidEg7/u0";
ldap-hashed-passwd = "{SSHA}jaCOc1ZjCI9klVR+v676lIBOidEg7/u0";
};
jeramy = {
uid = 10107;
primary-group = "selby";
common-name = "Jeramy Ewbank";
ldap-hashed-password = "{MD5}8j8vTniyRzylmeTNUoRwWA==";
ldap-hashed-passwd = "{MD5}8j8vTniyRzylmeTNUoRwWA==";
};
lauren = {
uid = 10108;
primary-group = "selby";
common-name = "Lauren Hotel";
ldap-hashed-password = "{SSHA}1q/MC5LKROlIT1nDrKrMvcFAXFtcQXIR";
# ldap-hashed-password = "{SSHA}DKnhrycmXSu4HKWFPeBXA9xvZ0ytgXIpZA10tg==";
ldap-hashed-passwd = "{SSHA}1q/MC5LKROlIT1nDrKrMvcFAXFtcQXIR";
# ldap-hashed-passwd = "{SSHA}DKnhrycmXSu4HKWFPeBXA9xvZ0ytgXIpZA10tg==";
};
# Used to send alerts from grafana
@ -413,14 +414,14 @@
uid = 10109;
primary-group = "fudo";
common-name = "Fudo Metrics";
ldap-hashed-password = "{SSHA}FveEVy6kljQZey0xp0nF62SMlO5nATJ1";
ldap-hashed-passwd = "{SSHA}FveEVy6kljQZey0xp0nF62SMlO5nATJ1";
};
testuser = {
uid = 10110;
primary-group = "fudo";
common-name = "Test User";
ldap-hashed-password = "{SSHA}LSz1WjWfjRwAM3xm+QZ71vFj997dnZC6";
ldap-hashed-passwd = "{SSHA}LSz1WjWfjRwAM3xm+QZ71vFj997dnZC6";
};
# Used to send messages from the chat server
@ -428,28 +429,28 @@
uid = 10111;
primary-group = "fudo";
common-name = "Fudo Chat";
ldap-hashed-password = "{SSHA}XDYAM2JE4PXssywRzO4tVSbn5lUZOgg7";
ldap-hashed-passwd = "{SSHA}XDYAM2JE4PXssywRzO4tVSbn5lUZOgg7";
};
kevinyinjunjie = {
uid = 10112;
primary-group = "fudo";
common-name = "Kevin";
ldap-hashed-password = "{SSHA}1onx6HPMKCJvmLnRf1tiWFJ1D92DEtnl";
ldap-hashed-passwd = "{SSHA}1onx6HPMKCJvmLnRf1tiWFJ1D92DEtnl";
};
netinfo = {
uid = 10113;
primary-group = "fudo";
common-name = "Network Info Mailer";
ldap-hashed-password = "{SSHA}UQHfW0IzjIbRU6VV+DraxvZFWt0to3oc";
ldap-hashed-passwd = "{SSHA}UQHfW0IzjIbRU6VV+DraxvZFWt0to3oc";
};
selby-forum = {
uid = 10114;
primary-group = "selby";
common-name = "Selby Forum";
ldap-hashed-password = "{SSHA}f7eDNuwFXRhvants5cJJ/FGtkCKheY2Q";
ldap-hashed-passwd = "{SSHA}f7eDNuwFXRhvants5cJJ/FGtkCKheY2Q";
};
};
}

10
default.nix
View File

@ -1,10 +0,0 @@
{ config, lib, pkgs, local-hostname ? builtins.readFile ./instance-hostname.txt
, ... }:
let local-hostname = builtins.readFile ./instance-hostname.txt;
in {
lib = lib // { fudo = import ./lib/fudolib.nix { }; };
instance.hostname = local-hostname;
imports = [ ./lib ./config ./hardware.nix ];
}

12
hardware.nix
View File

@ -1,6 +1,14 @@
{ config, ... }:
{
let
current-hostname = config.instance.hostname;
hardware-config = config.fudo.hosts.${current-hostname}.hardware-config;
import-hardware-config = hostname: {
imports = [ hardware-config ];
};
in {
imports =
[ config.fudo.hosts."${config.fudo.instance.hostname}".hardware-config ];
[ (import-hardware-config current-hostname) ];
}

30
initialize.nix Normal file
View File

@ -0,0 +1,30 @@
{ hostname, profile, domain, site, home-manager-package, ... }:
{
imports = [
./lib
./config
./packages
(import "${home-manager-package}/nixos")
(./. + "/config/hardware/${hostname}.nix")
(./. + "/config/hosts/${hostname}.nix")
(./. + "/config/profiles/${profile}.nix")
(./. + "/config/domains/${domain}.nix")
(./. + "/config/sites/${site}.nix")
];
config = {
instance = {
hostname = hostname;
};
fudo.hosts."${hostname}" = {
domain = domain;
hostname = hostname;
site = site;
profile = profile;
};
};
}

7
lib/default.nix
View File

@ -1,6 +1,8 @@
{ lib, config, pkgs, ... }:
with lib; {
lib = lib // { fudo = import ./lib/fudolib.nix { }; };
imports = [
./instance.nix
@ -10,9 +12,11 @@ with lib; {
./fudo/chat.nix
./fudo/client/dns.nix
./fudo/dns.nix
./fudo/domains.nix
./fudo/garbage-collector.nix
./fudo/git.nix
./fudo/grafana.nix
./fudo/hosts.nix
./fudo/ipfs.nix
./fudo/kdc.nix
./fudo/ldap.nix
@ -26,10 +30,13 @@ with lib; {
./fudo/postgres.nix
./fudo/prometheus.nix
./fudo/secure-dns-proxy.nix
./fudo/sites.nix
./fudo/slynk.nix
./fudo/system.nix
./fudo/users.nix
./fudo/vpn.nix
./fudo/webmail.nix
./fudo/wireless-networks.nix
./informis/cl-gemini.nix
];

7
lib/fudo/domains.nix
View File

@ -1,5 +1,6 @@
{ config, lib, pkgs, ... }:
with lib;
let
domainOpts = { domain, ... }: {
options = {
@ -30,6 +31,12 @@ let
default = [ ];
};
local-groups = mkOption {
type = with types; listOf str;
description = "List of groups which should exist within this domain.";
default = [ ];
};
admin-email = mkOption {
type = types.str;
description = "Email for the administrator of this domain.";

30
lib/fudo/hosts.nix
View File

@ -17,6 +17,11 @@ let
default = "fudo.org";
};
site = mkOption {
type = types.str;
description = "Site at which the host is located.";
};
local-networks = mkOption {
type = with types; listof str;
description =
@ -51,6 +56,12 @@ let
default = [ ];
};
description = mkOption {
type = types.str;
description = "Description of this host.";
default = "Another Fudo Host.";
};
local-admins = mkOption {
type = with types; listOf str;
description =
@ -58,6 +69,17 @@ let
default = [ ];
};
local-groups = mkOption {
type = with types; listOf str;
description = "List of groups which should exist on this host.";
default = [ ];
};
hardware-config = mkOption {
type = types.str;
description = "Path to the hardware configuration for this host.";
};
enable-gui = mkEnableOption "Install desktop GUI software.";
docker-server = mkEnableOption "Enable Docker on the current host.";
@ -75,7 +97,7 @@ in {
hostname = config.instance.hostname;
host-cfg = config.fudo.hosts.${hostname};
site-name = host-cfg.site;
site = config.fudo.site.${site-name};
site = config.fudo.sites.${site-name};
domain-name = host-cfg.domain;
domain = config.fudo.domain.${domain-name};
@ -96,12 +118,12 @@ in {
services.cron.mailto = domain.admin-email;
environment.systemPackages = with pkgs;
mkIf (cfg.docker-server) [ docker nix-prefetch-docker ];
mkIf (host-cfg.docker-server) [ docker nix-prefetch-docker ];
virtualisation.docker = mkIf (cfg.docker-server) {
virtualisation.docker = mkIf (host-cfg.docker-server) {
enable = true;
enableOnBoot = true;
autoprune.enable = true;
autoPrune.enable = true;
};
};
}

5
lib/fudo/ldap.nix
View File

@ -3,7 +3,7 @@
with lib;
let
cfg = config.fudo.auth.server;
cfg = config.fudo.auth.ldap-server;
ldapSystemUserOpts = { name, ... }: {
options = {
@ -172,7 +172,7 @@ in {
options = {
fudo = {
auth = {
server = {
ldap-server = {
enable = mkEnableOption "Fudo Authentication";
kerberos-host = mkOption {
@ -297,6 +297,7 @@ in {
mode = "0400";
user = "openldap";
group = "openldap";
# FIXME: take arguments!
text = ''
mech_list: gssapi external
keytab: /etc/ldap/ldap.keytab

27
lib/fudo/sites.nix
View File

@ -1,5 +1,6 @@
{ config, lib, pkgs, ... }:
with lib;
let
siteOpts = { site, ... }: {
options = {
@ -27,6 +28,24 @@ let
default = null;
};
local-groups = mkOption {
type = with types; listOf str;
description = "List of groups which should exist at this site.";
default = [ ];
};
local-users = mkOption {
type = with types; listOf str;
description = "List of users which should exist on all hosts at this site.";
default = [ ];
};
local-admins = mkOption {
type = with types; listOf str;
description = "List of admin users which should exist on all hosts at this site.";
default = [ ];
};
enable-monitoring =
mkEnableOption "Enable site-wide monitoring with prometheus.";
@ -35,12 +54,18 @@ let
description = "List of nameservers to be used by hosts at this site.";
default = [ ];
};
timezone = mkOption {
type = types.str;
description = "Timezone of the site.";
example = "America/Winnipeg";
};
};
};
in {
options.fudo.sites = mkOption {
type = with types; attrsOf (submodule domainOpts);
type = with types; attrsOf (submodule siteOpts);
description = "Site configurations for all sites known to the system.";
default = { };
};

66
lib/fudo/users.nix
View File

@ -2,8 +2,6 @@
with lib;
let
cfg = config.fudo.users;
systemUserOpts = { username, ... }: {
options = {
username = mkOption {
@ -33,7 +31,7 @@ let
default = username;
};
uidNumber = mkOption {
uid = mkOption {
type = types.int;
description = "Unique UID number for the user.";
};
@ -86,8 +84,9 @@ let
};
home-directory = mkOption {
type = types.str;
type = with types; nullOr str;
description = "Default home directory for the given user.";
default = null;
};
};
};
@ -111,13 +110,19 @@ let
description = "A list of users who are members of the current group.";
};
gidNumber = mkOption {
gid = mkOption {
type = types.int;
description = "GID number of the group.";
};
};
};
list-includes = list: el: isNull (findFirst (this: this == el) null list);
filterExistingUsers = users: group-members:
let user-list = attrNames users;
in filter (username: list-includes user-list username) group-members;
in {
options.fudo = {
users = mkOption {
@ -140,27 +145,28 @@ in {
};
config = let
local-host = config.fudo.common.hostname;
local-domain = config.fudo.common.domain;
local-host = config.instance.hostname;
local-domain = config.fudo.hosts.${local-host}.domain;
local-site = config.fudo.hosts.${local-host}.site;
local-user-list = config.fudo.hosts."${local-host}".local-users;
host-user-list = config.fudo.hosts."${local-host}".local-users;
domain-user-list = config.fudo.domains."${local-domain}".local-users;
local-users = getAttrs (local-user-list ++ domain-user-list) cfg.users;
local-users = getAttrs (host-user-list ++ domain-user-list) config.fudo.users;
local-group-list = config.fudo.hosts."${local-host}".local-groups;
host-admin-list = config.fudo.hosts."${local-host}".local-admins;
domain-admin-list = config.fudo.domains."${local-domain}".local-admins;
site-admin-list = config.fudo.sites."${local-site}".local-admins;
local-admins = host-admin-list ++ domain-admin-list ++ site-admin-list;
host-group-list = config.fudo.hosts."${local-host}".local-groups;
domain-group-list = config.fudo.domains."${local-domain}".local-groups;
local-groups = getAttrs (local-group-list ++ domain-group-list) cfg.groups;
site-group-list = config.fudo.sites."${local-site}".local-groups;
local-groups = getAttrs (host-group-list ++ domain-group-list ++ site-group-list) config.fudo.groups;
in {
fudo.auth.ldap = let
fudo.auth.ldap-server = let
ldapUsers = (filterAttrs
(username: userOpts: userOpts.ldap-hashed-password != null)) cfg.users;
list-includes = list: el: isNull (findFirst (this: this == el) list null);
filterExistingUsers = users: group-members:
let user-list = attrNames users;
in filter (username: list-includes user-list username) users;
(username: userOpts: userOpts.ldap-hashed-password != null)) config.fudo.users;
in {
users = mapAttrs (username: userOpts: {
@ -174,31 +180,35 @@ in {
gid = groupOpts.gid-number;
description = groupOpts.description;
members = filterExistingUsers ldapUsers groupOpts.members;
}) cfg.groups;
}) config.fudo.groups;
system-users = mapAttrs (username: userOpts: {
description = userOpts.description;
hashed-password = userOpts.ldap-hashed-passwd;
}) cfg.system-users;
}) config.fudo.system-users;
};
users = {
users = mapAttrs (username: userOpts: {
isNormalUser = true;
uid = userOpts.uidNumber;
uid = userOpts.uid;
createHome = true;
description = userOpts.common-name;
group = userOpts.primary-group;
home = userOpts.home;
home = if (userOpts.home-directory != null) then userOpts.home-directory else "/home/${userOpts.primary-group}/${username}";
hashedPassword = userOpts.login-hashed-passwd;
openssh.authorizedKeys.keys = userOpts.ssh-authorized-keys;
}) local-users;
groups = mapAttrs (groupname: groupOpts: {
gid = groupOpts.gidNumber;
description = groupOpts.description;
members = filterExistingUsers localUsers groupOpts.members;
}) local-groups;
groups = (mapAttrs (groupname: groupOpts: {
gid = groupOpts.gid;
members = filterExistingUsers local-users groupOpts.members;
}) local-groups) //
{
wheel = {
members = local-admins;
};
};
};
home-manager.users = let

4
lib/fudo/wireless-networks.nix
View File

@ -18,14 +18,14 @@ let
};
in {
option.fudo.wireless-networks = mkOption {
options.fudo.wireless-networks = mkOption {
type = with types; listOf (submodule networkOpts);
description = "A map of wireless networks to attributes (including key).";
default = { };
};
config = {
wireless.networks =
networking.wireless.networks =
mapAttrs (network: networkOpts: { psk = networkOpts.key; })
config.fudo.wireless-networks;
};

1
lib/instance.nix
View File

@ -1,5 +1,6 @@
{ config, lib, pkgs, ... }:
with lib;
{
options.instance = {
hostname = mkOption {

4
packages/local.nix → packages/default.nix
View File

@ -66,6 +66,10 @@ in {
buildInputs = oldAttrs.buildInputs ++ [ pkgs.krb5 ];
});
gtk3-x11 = pkgs.gtk3.overrideAttrs (oldAttrs: rec {
buildInputs = oldAttrs.buildInputs ++ [ pkgs.cmake ];
});
hll2380dw-cups = import ./hll2380dw-cups.nix {
inherit (pkgs)
stdenv fetchurl makeWrapper cups dpkg a2ps ghostscript gnugrep gnused