From a7e171392f9ca073e1cb33f4c8d049262f25981e Mon Sep 17 00:00:00 2001 From: Miguel Date: Wed, 10 Nov 2021 14:50:33 +0100 Subject: various --- nix/nixops/comet/configuration.nix | 34 ++++++++++++++++------------------ nix/nixops/config-iso.nix | 13 +++++++++---- nix/nixops/miguel-quick-install.sh | 2 +- 3 files changed, 26 insertions(+), 23 deletions(-) (limited to 'nix/nixops') diff --git a/nix/nixops/comet/configuration.nix b/nix/nixops/comet/configuration.nix index 9f5a255..78ceaa6 100644 --- a/nix/nixops/comet/configuration.nix +++ b/nix/nixops/comet/configuration.nix @@ -1,6 +1,4 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). +# Consult "man 5 configuration.nix" & "nixos-help" { config, pkgs, ... }: @@ -9,19 +7,14 @@ in { # HARDWARE SCAN RESULTS - imports = - [ - ./hardware-configuration.nix - ]; - + imports = [ ./hardware-configuration.nix ]; # SYS PACKAGES - environment.systemPackages = with pkgs; [mc highlight adminer icinga2 monitoring-plugins tmux]; - + environment.systemPackages = with pkgs; [mc highlight adminer icinga2 monitoring-plugins tmux htop]; - # compare with nginx etc and publish this shit (along instructions how to run with mariadb+icingaweb2 admin + # compare with nginx etc and consider publishing this shit (along instructions how to run with mariadb+icingaweb2 admin..) environment.etc = with pkgs; - let defaultIcinga2Const= builtins.readFile "${icinga2}/etc/icinga2/constants.conf"; + let defaultIcinga2Const = builtins.readFile "${icinga2}/etc/icinga2/constants.conf"; in { "icinga2/features-available".source="${icinga2}/etc/icinga2/features-available"; @@ -58,14 +51,14 @@ in wantedBy=[ "multi-user.target" ]; }; - # AUTOMATIC uPGRADES - system.autoUpgrade.enable = true; - system.autoUpgrade.allowReboot = true; + # AUTOMATIC UPGRADES + # system.autoUpgrade.enable = true; + # system.autoUpgrade.allowReboot = true; # USERS / GROUPS / SSH services.openssh = { enable = true; - permitRootLogin = "yes"; + permitRootLogin = "prohibit-password"; passwordAuthentication = false; }; @@ -149,7 +142,7 @@ in root = "/var/www/comet.softwarefools.com"; }; - # ICINGA + # ICINGAWEB2 services.icingaweb2.enable = true; services.icingaweb2.modules.monitoring.enable = false; services.icingaweb2.virtualHost = "icinga.softwarefools.com"; @@ -190,11 +183,11 @@ in # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only # boot.loader.grub.efiSupport = true; # boot.loader.grub.efiInstallAsRemovable = true; # boot.loader.efi.efiSysMountPoint = "/boot/efi"; # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only networking.hostName = "comet"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. @@ -204,6 +197,11 @@ in # replicates the default behaviour. networking.useDHCP = false; networking.interfaces.ens3.useDHCP = true; + networking.interfaces.ens3.ipv6.addresses = [ { "address" = "2a01:4f8:121:4322::5"; + "prefixLength" = 64; + } + ]; + networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; }; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; diff --git a/nix/nixops/config-iso.nix b/nix/nixops/config-iso.nix index e31915b..c24719a 100644 --- a/nix/nixops/config-iso.nix +++ b/nix/nixops/config-iso.nix @@ -6,8 +6,8 @@ {config,pkgs,...}: -# FIXME: use proper derivation instead of this custom mess. -let miguel-quick-installer = +# FIXME: use proper derivation instead of this custom mess for miguel-quick-install +let miguel-quick-install = with pkgs; derivation{ name = "miguel-quick-install"; builder = "${bash}/bin/bash"; bash = bash; @@ -17,18 +17,23 @@ let miguel-quick-installer = configiso = ./config-iso.nix; system = builtins.currentSystem; }; in { - boot.initrd.availableKernelModules = ["ata_piix" "floppy" "sd_mod" "sr_mod"]; + + # FIXME: make conditional virtualisation.hypervGuest.enable = true; + #imports = [ ]; + + boot.initrd.availableKernelModules = ["ata_piix" "floppy" "sd_mod" "sr_mod"]; boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/sda"; - environment.systemPackages = with pkgs; [mc vim miguel-quick-installer parted]; + environment.systemPackages = with pkgs; [mc vim miguel-quick-install parted]; services.openssh = { enable = true; permitRootLogin = "prohibit-password"; passwordAuthentication = false; }; + users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpDKWgowf2Gl83b7LsLzwpeKteLWeEE+B3ukE23XAiPmrYnD552ufUnYmid4yItWhNRY4SVsLMCfrdQj8+wftVHNXwx+Y559djAYjkm7qmtBFTvUNPSgtHkX4eoLA79nCPXzd69SS3qkqM2oLGaNKJV9lqxUcaTo0KzKOy5wy7oxQau3w5zCN/kHtxU2ktXGKB6oGocfLi87jefelmoruxo604itpduq78cAhd5fcZy/uZLzNTWf1GdLuqy7ep68txfeRknJ3TKpbaAk+YOlv4AvA23nD7V1GAn757fwv6JpiGe6/VvzkrR8YFLA8sA3kC7Ev8QD1dAkK9S0jMuLzRdAtMWezr7SXNHVEFZ1MLXAbECVkqXOkM0toK8F5ulMfY5E40RWKkawZOr6iB+tHa199WphSgjhtm9frywBMBE/3J5i4purOhZHemmmxJyv4fmSKW42toyc+d6lj0fWBFo3QYWSZPOIpsYhAo4jRw+LHlYwJr7bNIPxKEjutSM5sbacM2Om0GYU+SfHnX4+P5GYaSoFY5SfsjWCpSaK98ngKuKHlBuK2oQczhmFJAFQsBQinpoTF63qfzDpUyfmquvOaDtV9GVMn3AsZemVS+yVXWHHT4ZdXYvSsbgujlM/bUyH/eGLBQnkWBU74W2OxusyFkyp8k7zLwxgj0/hfWew== Miguel_User@DESKTOP-4NH8M69" ]; } diff --git a/nix/nixops/miguel-quick-install.sh b/nix/nixops/miguel-quick-install.sh index 3c3e7cb..86f9f5d 100644 --- a/nix/nixops/miguel-quick-install.sh +++ b/nix/nixops/miguel-quick-install.sh @@ -41,7 +41,7 @@ nixos-install --no-root-passwd echo 6. Finished echo Please remove the installation media and reboot into your fresh NixOS! -#reboot +#poweroff EOL chmod +x $out/bin/miguel-quick-install -- cgit v1.2.3