diff options
author | Alex Auvolat <alex@adnab.me> | 2022-03-28 12:18:52 +0200 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-03-28 12:18:52 +0200 |
commit | fdb5210f88a751e2aea9d519520897f8574f533e (patch) | |
tree | fbd9c2e391ee7fb9b7ba66574b7232c739d5fd43 /configuration.nix | |
parent | 9709f1aed4e93ef88c12bf6b483087abb4e561af (diff) | |
download | nixcfg-fdb5210f88a751e2aea9d519520897f8574f533e.tar.gz nixcfg-fdb5210f88a751e2aea9d519520897f8574f533e.zip |
Move configuration.nix to nix/ subfolderprod
Diffstat (limited to 'configuration.nix')
-rw-r--r-- | configuration.nix | 116 |
1 files changed, 0 insertions, 116 deletions
diff --git a/configuration.nix b/configuration.nix deleted file mode 100644 index 7e32a8d..0000000 --- a/configuration.nix +++ /dev/null @@ -1,116 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... } @ args: - -# Configuration local for this cluster node (hostname, IP, etc) -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - # Include generic Deuxfleurs module - ./deuxfleurs.nix - # Configuration for this deployment (a cluster) - ./cluster.nix - # Configuration local for this Deuxfleurs site (set of nodes) - ./site.nix - # Configuration local for this cluster node (hostname, IP, etc) - ./node.nix - ]; - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.useDHCP = false; - - # Set your time zone. - time.timeZone = "Europe/Paris"; - - # Select internationalisation properties. - # i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "sun12x22"; - keyMap = "fr"; - }; - - boot.kernel.sysctl = { - "vm.max_map_count" = 262144; - }; - - services.journald.extraConfig = '' -SystemMaxUse=1G - ''; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - nmap - bind - inetutils - pciutils - vim - tmux - ncdu - iotop - jnettop - nethogs - wget - htop - smartmontools - links - git - rclone - docker - docker-compose - ]; - - programs.vim.defaultEditor = true; - - # Enable network time - services.ntp.enable = true; - - # Enable the OpenSSH daemon and disable password login. - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - - # ---- CONFIG FOR DEUXFLEURS CLUSTER ---- - - # Open ports in the firewall. - networking.firewall = { - enable = true; - - # Allow anyone to connect on SSH port - allowedTCPPorts = [ - (builtins.head ({ openssh.ports = [22]; } // config.services).openssh.ports) - ]; - - # Allow specific hosts access to specific things in the cluster - extraCommands = '' - # Allow everything from router (usefull for UPnP/IGD) - iptables -A INPUT -s 192.168.1.254 -j ACCEPT - - # Allow docker containers to access all ports - iptables -A INPUT -s 172.17.0.0/16 -j ACCEPT - - # Allow other nodes on VPN to access all ports - iptables -A INPUT -s 10.42.0.0/16 -j ACCEPT - ''; - - # When stopping firewall, delete all rules that were configured manually above - extraStopCommands = '' - iptables -D INPUT -s 192.168.1.254 -j ACCEPT - iptables -D INPUT -s 172.17.0.0/16 -j ACCEPT - iptables -D INPUT -s 10.42.0.0/16 -j ACCEPT - ''; - }; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.05"; # Did you read the comment? -} - |