machines/profpatsch: factor out basic server config

author: Profpatsch <mail@profpatsch.de> 2017-01-27 00:50:47 +0100
committer: Profpatsch <mail@profpatsch.de> 2017-01-27 00:50:47 +0100
commit: 6e831ef05284590b53d179ff3755076b3e6dbdb3 (patch)
tree: fe379d0518d8956319e9f734b89561bea1bfc7af /machines
parent: f19a54d6c8efea1e2354f4cd8e418c2ccf9b6641 (diff)
4 files changed, 133 insertions, 86 deletions
diff --git a/machines/profpatsch/base-server.nix b/machines/profpatsch/base-server.nix
new file mode 100644
index 00000000..0d25a4c8
--- /dev/null
+++ b/machines/profpatsch/base-server.nix
@@ -0,0 +1,30 @@
+{ config, pkgs, ... }:
+
+let
+  sshPort = 6879;
+
+in
+{
+  imports = [
+    ./base.nix
+  ];
+
+  config = {
+
+    boot.cleanTmpDir = true;
+
+    programs.mosh.enable = true;
+
+    services.openssh = {
+      enable = true;
+      listenAddresses = [ { addr = "0.0.0.0"; port = sshPort; } ];
+    };
+
+    firewall = {
+      enable = true;
+      allowPing = true;
+      allowedTCPPorts = [ sshPort ];
+    };
+
+
+  };
diff --git a/machines/profpatsch/base-workstation.nix b/machines/profpatsch/base-workstation.nix
index 19b3aa09..ae9fa7a0 100644
--- a/machines/profpatsch/base-workstation.nix
+++ b/machines/profpatsch/base-workstation.nix
@@ -8,6 +8,10 @@ let
 
 in {
 
+  imports = [
+    ./base.nix
+  ];
+
   config = {
 
     boot.loader = {
@@ -29,7 +33,6 @@ in {
 
     programs.ssh.startAgent = false;
 
-
     ###########
     # Packages
 
@@ -40,27 +43,18 @@ in {
       # of utmost necessity for me to function
       basePkgs = [
         silver-searcher   # file content searcher, > ack > grep
-        curl              # transfer data to/from a URL
         dos2unix          # text file conversion
-        file              # file information
-        git               # version control system
-        htop              # top replacement
         manpages          # system manpages (not included by default)
         mkpasswd          # UNIX password creator
-        nmap              # stats about clients in the network
-        rsync             # file syncing tool
         smartmontools     # check disk state
         stow              # dotfile management
-        tmux              # detachable terminal multiplexer
         traceroute        # trace ip routes
-        wget              # the other URL file fetcher
         wirelesstools     # iwlist (wifi scan)
-        myPkgs.vim        # slight improvement over vi
       ];
     in basePkgs;
 
     # friendly user shell
-    programs.fish.enable = true;
+   programs.fish.enable = true;
 
     ###########
     # Services
diff --git a/machines/profpatsch/base.nix b/machines/profpatsch/base.nix
new file mode 100644
index 00000000..758a6d8a
--- /dev/null
+++ b/machines/profpatsch/base.nix
@@ -0,0 +1,38 @@
+# Base config shared by all machines
+{ pkgs, config, lib, ... }:
+
+let
+  # TODO: inject into every config from outside
+  myLib  = import ./lib.nix  { inherit pkgs lib; };
+  myPkgs = import ./pkgs.nix { inherit pkgs lib myLib; };
+
+in
+{
+  config = {
+    # correctness before speed
+    nix.useSandbox = true;
+
+    programs.bash = {
+      loginShellInit = ''
+        alias c='vim /etc/nixos/configuration.nix'
+        alias nsp='nix-shell -p'
+        alias nrs='nixos-rebuild switch'
+        alias tad='tmux attach -d'
+      '';
+    };
+
+    environment.systemPackages = with pkgs; [
+      curl              # transfer data to/from a URL
+      file              # file information
+      git               # version control system
+      htop              # top replacement
+      nmap              # stats about clients in the network
+      rsync             # file syncing tool
+      tmux              # detachable terminal multiplexer
+      wget              # the other URL file fetcher
+      myPkgs.vim        # slight improvement over vi
+    ];
+
+  };
+
+}
diff --git a/machines/profpatsch/haku.nix b/machines/profpatsch/haku.nix
index 23ab3811..c94484aa 100644
--- a/machines/profpatsch/haku.nix
+++ b/machines/profpatsch/haku.nix
@@ -4,96 +4,81 @@ let
   myLib  = import ./lib.nix  { inherit pkgs lib; };
   myPkgs = import ./pkgs.nix { inherit pkgs lib myLib; };
 
-  sshPort = 6879;
   myKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNMQvmOfon956Z0ZVdp186YhPHtSBrXsBwaCt0JAbkf/U/P+4fG0OROA++fHDiFM4RrRHH6plsGY3W6L26mSsCM2LtlHJINFZtVILkI26MDEIKWEsfBatDW+XNAvkfYEahy16P5CBtTVNKEGsTcPD+VDistHseFNKiVlSLDCvJ0vMwOykHhq+rdJmjJ8tkUWC2bNqTIH26bU0UbhMAtJstWqaTUGnB0WVutKmkZbnylLMICAvnFoZLoMPmbvx8efgLYY2vD1pRd8Uwnq9MFV1EPbkJoinTf1XSo8VUo7WCjL79aYSIvHmXG+5qKB9ed2GWbBLolAoXkZ00E4WsVp9H philip@nyx";
 
 in
-{
 
-  boot.cleanTmpDir = true;
-  boot.loader.grub.device = "/dev/sda";
-  fileSystems = {
-    "/" = {
-      device = "/dev/sda3";
-      fsType = "ext4";
-    };
-    "/boot" = {
-      device = "/dev/sda2";
-      fsType = "ext4";
-    };
-  };
+{
+  imports = [
+    ./base-server.nix
+  ];
 
-  services.openssh = {
-    enable = true;
-    listenAddresses = [ { addr = "0.0.0.0"; port = sshPort; } ];
-  };
-  users.users = {
-    root.openssh.authorizedKeys.keys = [ myKey ];
+  config = {
 
-    rtorrent = {
-      isNormalUser = true;
-    };
-    vorstand = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ myKey
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUgS0VB5XayQobQfOi0tYeqpSSCXzftTKEyII4OYDhuF0/CdXSqOIvdqnWQ8933lPZ5234qCXCniIlRJpJQLBPJdJ7/XnC6W37asuft6yVYxTZnZat8edCuJETMvwZJZNttxHC04k3JPf9RMj25luICWabICH5XP9Mz3GoWSaOz7IOm7jiLQiF3UtiFOG06w76d3UfcIVbqjImwWv8nysphi9IQfL0XgC24zNE6LSeE7IN5xTOxoZxORQGsCEnFNCPevReNcSB0pI9xQ1iao7evaZkpzT4D4iQ/K7Ss8dsfFWN30NPMQS5ReQTUKtmGn1YlgkitiYTEXbMjkYbQaQr daniel@shadow"
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtfWeIH7YZpWUUOZ3oC5FB2/J+P3scxm29gUQdVij/K0TuxW1yN/HtcvrO1mwSshS6sNZ2N6/Kb6+kuGyx1mEnaFt87K5ucxC7TNqiURh4eeZE1xX7B5Ob8TVegrBxoe+vcfaoyxn7sUzgF719H0aYC7PP6p3AIbhq3hRLcvY26u9/gZ39H79A71wCunauvpcnpb+rqyJMN6m2YoeOcoloe7wUDI8Xw5dUetHpNKn9k1vzS16CdwP4pAKI8aBtdNK7ZojVMe9LfBG8HHPr9K+cwcaxQuXkFBJzrfrtBCfQwrgWppsu/W/kGBs1ybku2bOFI5UXJBnsraXQqr1NLIfL phj@phj-X220"
-      ];
-    };
-    stallmanbot = {
-      isSystemUser = true;
-      useDefaultShell = true;
+    boot.loader.grub.device = "/dev/sda";
+    fileSystems = {
+      "/" = {
+        device = "/dev/sda3";
+        fsType = "ext4";
+      };
+      "/boot" = {
+        device = "/dev/sda2";
+        fsType = "ext4";
+      };
     };
-  };
 
-  environment.systemPackages = with pkgs; [
-    vim
-    git
-    file
-    tmux
-    rtorrent
-    wget
-  ];
+    environment.systemPackages = with pkgs; [
+      rtorrent                          # bittorrent client
+      pkgs.vuizvui.profpatsch.warpspeed # trivial http file server
+    ];
+
+    users.users = {
+      root.openssh.authorizedKeys.keys = [ myKey ];
 
-  services.nginx = {
-    enable = true;
-    virtualHosts."haku.profpatsch.de" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/pub/" = {
-        proxyPass = "http://localhost:1338/";
+      rtorrent = {
+        isNormalUser = true;
+      };
+      vorstand = {
+        isNormalUser = true;
+        openssh.authorizedKeys.keys = [ myKey
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUgS0VB5XayQobQfOi0tYeqpSSCXzftTKEyII4OYDhuF0/CdXSqOIvdqnWQ8933lPZ5234qCXCniIlRJpJQLBPJdJ7/XnC6W37asuft6yVYxTZnZat8edCuJETMvwZJZNttxHC04k3JPf9RMj25luICWabICH5XP9Mz3GoWSaOz7IOm7jiLQiF3UtiFOG06w76d3UfcIVbqjImwWv8nysphi9IQfL0XgC24zNE6LSeE7IN5xTOxoZxORQGsCEnFNCPevReNcSB0pI9xQ1iao7evaZkpzT4D4iQ/K7Ss8dsfFWN30NPMQS5ReQTUKtmGn1YlgkitiYTEXbMjkYbQaQr daniel@shadow"
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtfWeIH7YZpWUUOZ3oC5FB2/J+P3scxm29gUQdVij/K0TuxW1yN/HtcvrO1mwSshS6sNZ2N6/Kb6+kuGyx1mEnaFt87K5ucxC7TNqiURh4eeZE1xX7B5Ob8TVegrBxoe+vcfaoyxn7sUzgF719H0aYC7PP6p3AIbhq3hRLcvY26u9/gZ39H79A71wCunauvpcnpb+rqyJMN6m2YoeOcoloe7wUDI8Xw5dUetHpNKn9k1vzS16CdwP4pAKI8aBtdNK7ZojVMe9LfBG8HHPr9K+cwcaxQuXkFBJzrfrtBCfQwrgWppsu/W/kGBs1ybku2bOFI5UXJBnsraXQqr1NLIfL phj@phj-X220"
+        ];
+      };
+      stallmanbot = {
+        isSystemUser = true;
+        useDefaultShell = true;
       };
-      locations."/".root = pkgs.writeTextDir "index.html" ''hello world'';
-      serverAliases = [ "lojbanistan.de" ];
     };
-  };
 
-  programs.mosh.enable = true;
 
-  programs.bash = {
-    loginShellInit = ''
-      alias c='vim /etc/nixos/configuration.nix'
-      alias nsp='nix-shell -p'
-      alias nrs='nixos-rebuild switch'
-      alias tad='tmux attach -d'
-    '';
-  };
+    services.nginx = {
+      enable = true;
+      virtualHosts."haku.profpatsch.de" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/pub/" = {
+          proxyPass = "http://localhost:1338/";
+        };
+        locations."/".root = pkgs.writeTextDir "index.html" ''hello world'';
+        serverAliases = [ "lojbanistan.de" ];
+      };
+    };
 
 
-  networking = {
-    hostName = "haku";
-    firewall = {
-      allowPing = true;
-      allowedTCPPorts =
-        [ 80 443
-	        sshPort ];
-      allowedTCPPortRanges =
-        # rtorrent
-        [{ from = 6881; to = 6889; }];
+    networking = {
+      hostName = "haku";
+      firewall = {
+        allowedTCPPorts =
+          [ 80 443 ];
+        allowedTCPPortRanges =
+          # rtorrent
+          [{ from = 6881; to = 6889; }];
+      };
+      nameservers = [
+        "62.210.16.6"
+        "62.210.16.7"
+      ];
     };
-    nameservers = [
-      "62.210.16.6"
-      "62.210.16.7"
-    ];
   };
 }
author	Profpatsch <mail@profpatsch.de>	2017-01-27 00:50:47 +0100
committer	Profpatsch <mail@profpatsch.de>	2017-01-27 00:50:47 +0100
commit	6e831ef05284590b53d179ff3755076b3e6dbdb3 (patch)
tree	fe379d0518d8956319e9f734b89561bea1bfc7af /machines
parent	f19a54d6c8efea1e2354f4cd8e418c2ccf9b6641 (diff)