aboutsummaryrefslogtreecommitdiff
path: root/configuration.nix
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-03-28 12:18:52 +0200
committerAlex Auvolat <alex@adnab.me>2022-03-28 12:18:52 +0200
commitfdb5210f88a751e2aea9d519520897f8574f533e (patch)
treefbd9c2e391ee7fb9b7ba66574b7232c739d5fd43 /configuration.nix
parent9709f1aed4e93ef88c12bf6b483087abb4e561af (diff)
downloadnixcfg-fdb5210f88a751e2aea9d519520897f8574f533e.tar.gz
nixcfg-fdb5210f88a751e2aea9d519520897f8574f533e.zip
Move configuration.nix to nix/ subfolderprod
Diffstat (limited to 'configuration.nix')
-rw-r--r--configuration.nix116
1 files changed, 0 insertions, 116 deletions
diff --git a/configuration.nix b/configuration.nix
deleted file mode 100644
index 7e32a8d..0000000
--- a/configuration.nix
+++ /dev/null
@@ -1,116 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... } @ args:
-
-# Configuration local for this cluster node (hostname, IP, etc)
-{
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- # Include generic Deuxfleurs module
- ./deuxfleurs.nix
- # Configuration for this deployment (a cluster)
- ./cluster.nix
- # Configuration local for this Deuxfleurs site (set of nodes)
- ./site.nix
- # Configuration local for this cluster node (hostname, IP, etc)
- ./node.nix
- ];
-
- # The global useDHCP flag is deprecated, therefore explicitly set to false here.
- # Per-interface useDHCP will be mandatory in the future, so this generated config
- # replicates the default behaviour.
- networking.useDHCP = false;
-
- # Set your time zone.
- time.timeZone = "Europe/Paris";
-
- # Select internationalisation properties.
- # i18n.defaultLocale = "en_US.UTF-8";
- console = {
- font = "sun12x22";
- keyMap = "fr";
- };
-
- boot.kernel.sysctl = {
- "vm.max_map_count" = 262144;
- };
-
- services.journald.extraConfig = ''
-SystemMaxUse=1G
- '';
-
- # List packages installed in system profile. To search, run:
- # $ nix search wget
- environment.systemPackages = with pkgs; [
- nmap
- bind
- inetutils
- pciutils
- vim
- tmux
- ncdu
- iotop
- jnettop
- nethogs
- wget
- htop
- smartmontools
- links
- git
- rclone
- docker
- docker-compose
- ];
-
- programs.vim.defaultEditor = true;
-
- # Enable network time
- services.ntp.enable = true;
-
- # Enable the OpenSSH daemon and disable password login.
- services.openssh.enable = true;
- services.openssh.passwordAuthentication = false;
-
- # ---- CONFIG FOR DEUXFLEURS CLUSTER ----
-
- # Open ports in the firewall.
- networking.firewall = {
- enable = true;
-
- # Allow anyone to connect on SSH port
- allowedTCPPorts = [
- (builtins.head ({ openssh.ports = [22]; } // config.services).openssh.ports)
- ];
-
- # Allow specific hosts access to specific things in the cluster
- extraCommands = ''
- # Allow everything from router (usefull for UPnP/IGD)
- iptables -A INPUT -s 192.168.1.254 -j ACCEPT
-
- # Allow docker containers to access all ports
- iptables -A INPUT -s 172.17.0.0/16 -j ACCEPT
-
- # Allow other nodes on VPN to access all ports
- iptables -A INPUT -s 10.42.0.0/16 -j ACCEPT
- '';
-
- # When stopping firewall, delete all rules that were configured manually above
- extraStopCommands = ''
- iptables -D INPUT -s 192.168.1.254 -j ACCEPT
- iptables -D INPUT -s 172.17.0.0/16 -j ACCEPT
- iptables -D INPUT -s 10.42.0.0/16 -j ACCEPT
- '';
- };
-
- # This value determines the NixOS release from which the default
- # settings for stateful data, like file locations and database versions
- # on your system were taken. It‘s perfectly fine and recommended to leave
- # this value at the release version of the first install of this system.
- # Before changing this value read the documentation for this option
- # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
- system.stateVersion = "21.05"; # Did you read the comment?
-}
-