nix/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b415eb0550
nixos-config/config/host-config/lambda.nix
Root b415eb0550 Fixed conflicts
2021-07-20 18:39:07 -07:00

151 lines
4.2 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
let
shinobi-port = "7080";
shinobi-od-port = "7082";
state-dir = /state;
in {
boot.loader.grub.copyKernels = true;
networking = {
interfaces = {
enp3s0f0.useDHCP = false;
enp3s0f1.useDHCP = false;
enp4s0f0.useDHCP = false;
enp4s0f1.useDHCP = false;
intif0.useDHCP = true;
};
};
fudo.secrets = {
host-secrets.lambda = {
host-keytab = {
source-file = /state/secrets/kerberos/lambda.keytab;
target-file = "/etc/krb5.keytab";
user = "root";
};
};
secret-group = "fudo-secrets";
secret-users = [ "niten" ];
secret-paths = [ "/state/secrets" ];
};
systemd.tmpfiles.rules = [
"L /root/.gnupg - - - - ${state-dir}/user/root/gnupg"
# "L /root/.emacs.d - - - - ${state-dir}/user/root/emacs.d"
"L /root/.ssh/id_rsa - - - - ${state-dir}/user/root/ssh/id_rsa"
"L /root/.ssh/id_rsa.pub - - - - ${state-dir}/state/root/ssh/id_rsa.pub"
"L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts"
];
environment.etc = {
"ssh/ssh_host_rsa_key" = {
source = "${state-dir}/ssh/ssh_host_rsa_key";
user = "root";
group = "root";
mode = "0400";
};
"ssh/ssh_host_rsa_key.pub" = {
source = "${state-dir}/ssh/ssh_host_rsa_key.pub";
user = "root";
group = "root";
mode = "0444";
};
"ssh/ssh_host_ed25519_key" = {
source = "${state-dir}/ssh/ssh_host_ed25519_key";
user = "root";
group = "root";
mode = "0400";
};
"ssh/ssh_host_ed25519_key.pub" = {
source = "${state-dir}/ssh/ssh_host_ed25519_key.pub";
user = "root";
group = "root";
mode = "0444";
};
"machine-id".source = "${state-dir}/host/machine-id";
};
security.sudo.extraConfig = ''
# Due to rollback, sudo will lecture after every reboot
Defaults lecture = never
'';
# virtualisation = {
# docker = {
# enable = true;
# enableOnBoot = true;
# autoPrune = { enable = true; };
# };
# oci-containers = {
# containers = {
# shinobi = {
# image = "shinobisystems/shinobi:latest";
# ports = [ "${shinobi-port}:8080" ];
# volumes = [
# "/state/shinobi/plugins:/home/Shinobi/plugins"
# "/state/shinobi/config:/home/Shinobi/config"
# "/state/shinobi/videos:/home/Shinobi/videos"
# "/state/shinobi/db-data:/var/lib/mysql"
# "/etc/localtime:/etc/localtime:ro"
# ];
# };
# # shinobi-od = {
# # image = "shinobisystems/shinobi-tensorflow:latest";
# # volumes =
# # [ "/srv/shinobi/od-config:/home/Shinobi/docker-plugins/tensorflow" ];
# # ports = [ "${shinobi-od-port}:8082" ];
# # environment = {
# # PLUGIN_HOST = "panopticon.sea.fudo.org";
# # PLUGIN_PORT = shinobi-port;
# # PLUGIN_KEY = "30sWllylOxsDcE4vQXEPaXNfe5DiB3";
# # };
# # };
# # photoprism = { image = "photoprism/photoprism"; };
# };
# };
# };
# services.nginx = {
# enable = true;
# recommendedGzipSettings = true;
# recommendedOptimisation = true;
# recommendedProxySettings = true;
# virtualHosts = {
# "panopticon.sea.fudo.org" = {
# locations."/" = {
# proxyPass = "http://localhost:${shinobi-port}";
# extraConfig = ''
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-By $server_addr:$server_port;
# proxy_set_header X-Forwarded-For $remote_addr;
# proxy_set_header X-Forwarded-Proto $scheme;
# '';
# };
# };
# # "panopticon-od.sea.fudo.org" = {
# # locations."/" = {
# # proxyPass = "http://localhost:${shinobi-od-port}";
# # extraConfig = ''
# # proxy_http_version 1.1;
# # proxy_set_header Upgrade $http_upgrade;
# # proxy_set_header Connection "Upgrade";
# # '';
# # };
# # };
# };
# };
}
Reference in New Issue View Git Blame Copy Permalink