From 6e831ef05284590b53d179ff3755076b3e6dbdb3 Mon Sep 17 00:00:00 2001
From: Profpatsch <mail@profpatsch.de>
Date: Fri, 27 Jan 2017 00:50:47 +0100
Subject: machines/profpatsch: factor out basic server config

---
 machines/profpatsch/haku.nix | 135 +++++++++++++++++++------------------------
 1 file changed, 60 insertions(+), 75 deletions(-)

(limited to 'machines/profpatsch/haku.nix')

diff --git a/machines/profpatsch/haku.nix b/machines/profpatsch/haku.nix
index 23ab3811..c94484aa 100644
--- a/machines/profpatsch/haku.nix
+++ b/machines/profpatsch/haku.nix
@@ -4,96 +4,81 @@ let
   myLib  = import ./lib.nix  { inherit pkgs lib; };
   myPkgs = import ./pkgs.nix { inherit pkgs lib myLib; };
 
-  sshPort = 6879;
   myKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNMQvmOfon956Z0ZVdp186YhPHtSBrXsBwaCt0JAbkf/U/P+4fG0OROA++fHDiFM4RrRHH6plsGY3W6L26mSsCM2LtlHJINFZtVILkI26MDEIKWEsfBatDW+XNAvkfYEahy16P5CBtTVNKEGsTcPD+VDistHseFNKiVlSLDCvJ0vMwOykHhq+rdJmjJ8tkUWC2bNqTIH26bU0UbhMAtJstWqaTUGnB0WVutKmkZbnylLMICAvnFoZLoMPmbvx8efgLYY2vD1pRd8Uwnq9MFV1EPbkJoinTf1XSo8VUo7WCjL79aYSIvHmXG+5qKB9ed2GWbBLolAoXkZ00E4WsVp9H philip@nyx";
 
 in
-{
 
-  boot.cleanTmpDir = true;
-  boot.loader.grub.device = "/dev/sda";
-  fileSystems = {
-    "/" = {
-      device = "/dev/sda3";
-      fsType = "ext4";
-    };
-    "/boot" = {
-      device = "/dev/sda2";
-      fsType = "ext4";
-    };
-  };
+{
+  imports = [
+    ./base-server.nix
+  ];
 
-  services.openssh = {
-    enable = true;
-    listenAddresses = [ { addr = "0.0.0.0"; port = sshPort; } ];
-  };
-  users.users = {
-    root.openssh.authorizedKeys.keys = [ myKey ];
+  config = {
 
-    rtorrent = {
-      isNormalUser = true;
-    };
-    vorstand = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ myKey
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUgS0VB5XayQobQfOi0tYeqpSSCXzftTKEyII4OYDhuF0/CdXSqOIvdqnWQ8933lPZ5234qCXCniIlRJpJQLBPJdJ7/XnC6W37asuft6yVYxTZnZat8edCuJETMvwZJZNttxHC04k3JPf9RMj25luICWabICH5XP9Mz3GoWSaOz7IOm7jiLQiF3UtiFOG06w76d3UfcIVbqjImwWv8nysphi9IQfL0XgC24zNE6LSeE7IN5xTOxoZxORQGsCEnFNCPevReNcSB0pI9xQ1iao7evaZkpzT4D4iQ/K7Ss8dsfFWN30NPMQS5ReQTUKtmGn1YlgkitiYTEXbMjkYbQaQr daniel@shadow"
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtfWeIH7YZpWUUOZ3oC5FB2/J+P3scxm29gUQdVij/K0TuxW1yN/HtcvrO1mwSshS6sNZ2N6/Kb6+kuGyx1mEnaFt87K5ucxC7TNqiURh4eeZE1xX7B5Ob8TVegrBxoe+vcfaoyxn7sUzgF719H0aYC7PP6p3AIbhq3hRLcvY26u9/gZ39H79A71wCunauvpcnpb+rqyJMN6m2YoeOcoloe7wUDI8Xw5dUetHpNKn9k1vzS16CdwP4pAKI8aBtdNK7ZojVMe9LfBG8HHPr9K+cwcaxQuXkFBJzrfrtBCfQwrgWppsu/W/kGBs1ybku2bOFI5UXJBnsraXQqr1NLIfL phj@phj-X220"
-      ];
-    };
-    stallmanbot = {
-      isSystemUser = true;
-      useDefaultShell = true;
+    boot.loader.grub.device = "/dev/sda";
+    fileSystems = {
+      "/" = {
+        device = "/dev/sda3";
+        fsType = "ext4";
+      };
+      "/boot" = {
+        device = "/dev/sda2";
+        fsType = "ext4";
+      };
     };
-  };
 
-  environment.systemPackages = with pkgs; [
-    vim
-    git
-    file
-    tmux
-    rtorrent
-    wget
-  ];
+    environment.systemPackages = with pkgs; [
+      rtorrent                          # bittorrent client
+      pkgs.vuizvui.profpatsch.warpspeed # trivial http file server
+    ];
+
+    users.users = {
+      root.openssh.authorizedKeys.keys = [ myKey ];
 
-  services.nginx = {
-    enable = true;
-    virtualHosts."haku.profpatsch.de" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/pub/" = {
-        proxyPass = "http://localhost:1338/";
+      rtorrent = {
+        isNormalUser = true;
+      };
+      vorstand = {
+        isNormalUser = true;
+        openssh.authorizedKeys.keys = [ myKey
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUgS0VB5XayQobQfOi0tYeqpSSCXzftTKEyII4OYDhuF0/CdXSqOIvdqnWQ8933lPZ5234qCXCniIlRJpJQLBPJdJ7/XnC6W37asuft6yVYxTZnZat8edCuJETMvwZJZNttxHC04k3JPf9RMj25luICWabICH5XP9Mz3GoWSaOz7IOm7jiLQiF3UtiFOG06w76d3UfcIVbqjImwWv8nysphi9IQfL0XgC24zNE6LSeE7IN5xTOxoZxORQGsCEnFNCPevReNcSB0pI9xQ1iao7evaZkpzT4D4iQ/K7Ss8dsfFWN30NPMQS5ReQTUKtmGn1YlgkitiYTEXbMjkYbQaQr daniel@shadow"
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtfWeIH7YZpWUUOZ3oC5FB2/J+P3scxm29gUQdVij/K0TuxW1yN/HtcvrO1mwSshS6sNZ2N6/Kb6+kuGyx1mEnaFt87K5ucxC7TNqiURh4eeZE1xX7B5Ob8TVegrBxoe+vcfaoyxn7sUzgF719H0aYC7PP6p3AIbhq3hRLcvY26u9/gZ39H79A71wCunauvpcnpb+rqyJMN6m2YoeOcoloe7wUDI8Xw5dUetHpNKn9k1vzS16CdwP4pAKI8aBtdNK7ZojVMe9LfBG8HHPr9K+cwcaxQuXkFBJzrfrtBCfQwrgWppsu/W/kGBs1ybku2bOFI5UXJBnsraXQqr1NLIfL phj@phj-X220"
+        ];
+      };
+      stallmanbot = {
+        isSystemUser = true;
+        useDefaultShell = true;
       };
-      locations."/".root = pkgs.writeTextDir "index.html" ''hello world'';
-      serverAliases = [ "lojbanistan.de" ];
     };
-  };
 
-  programs.mosh.enable = true;
 
-  programs.bash = {
-    loginShellInit = ''
-      alias c='vim /etc/nixos/configuration.nix'
-      alias nsp='nix-shell -p'
-      alias nrs='nixos-rebuild switch'
-      alias tad='tmux attach -d'
-    '';
-  };
+    services.nginx = {
+      enable = true;
+      virtualHosts."haku.profpatsch.de" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/pub/" = {
+          proxyPass = "http://localhost:1338/";
+        };
+        locations."/".root = pkgs.writeTextDir "index.html" ''hello world'';
+        serverAliases = [ "lojbanistan.de" ];
+      };
+    };
 
 
-  networking = {
-    hostName = "haku";
-    firewall = {
-      allowPing = true;
-      allowedTCPPorts =
-        [ 80 443
-	        sshPort ];
-      allowedTCPPortRanges =
-        # rtorrent
-        [{ from = 6881; to = 6889; }];
+    networking = {
+      hostName = "haku";
+      firewall = {
+        allowedTCPPorts =
+          [ 80 443 ];
+        allowedTCPPortRanges =
+          # rtorrent
+          [{ from = 6881; to = 6889; }];
+      };
+      nameservers = [
+        "62.210.16.6"
+        "62.210.16.7"
+      ];
     };
-    nameservers = [
-      "62.210.16.6"
-      "62.210.16.7"
-    ];
   };
 }
-- 
cgit 1.4.1