From df543b11c344e59762ef7d043eeb07dccdce30b6 Mon Sep 17 00:00:00 2001 From: Profpatsch Date: Wed, 25 Jan 2017 14:10:37 +0100 Subject: machines.profpatsch: add haku --- machines/default.nix | 1 + machines/profpatsch/haku.nix | 99 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+) create mode 100644 machines/profpatsch/haku.nix (limited to 'machines') diff --git a/machines/default.nix b/machines/default.nix index 5df097ae..3783f52d 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -19,6 +19,7 @@ with import ../lib; }; profpatsch = { katara = callMachine ./profpatsch/katara.nix {}; + haku = callMachine ./profpatsch/haku.nix {}; }; misc = { mailserver = callMachine ./misc/mailserver.nix {}; diff --git a/machines/profpatsch/haku.nix b/machines/profpatsch/haku.nix new file mode 100644 index 00000000..23ab3811 --- /dev/null +++ b/machines/profpatsch/haku.nix @@ -0,0 +1,99 @@ +{ config, pkgs, lib, ... }: + +let + myLib = import ./lib.nix { inherit pkgs lib; }; + myPkgs = import ./pkgs.nix { inherit pkgs lib myLib; }; + + sshPort = 6879; + myKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNMQvmOfon956Z0ZVdp186YhPHtSBrXsBwaCt0JAbkf/U/P+4fG0OROA++fHDiFM4RrRHH6plsGY3W6L26mSsCM2LtlHJINFZtVILkI26MDEIKWEsfBatDW+XNAvkfYEahy16P5CBtTVNKEGsTcPD+VDistHseFNKiVlSLDCvJ0vMwOykHhq+rdJmjJ8tkUWC2bNqTIH26bU0UbhMAtJstWqaTUGnB0WVutKmkZbnylLMICAvnFoZLoMPmbvx8efgLYY2vD1pRd8Uwnq9MFV1EPbkJoinTf1XSo8VUo7WCjL79aYSIvHmXG+5qKB9ed2GWbBLolAoXkZ00E4WsVp9H philip@nyx"; + +in +{ + + boot.cleanTmpDir = true; + boot.loader.grub.device = "/dev/sda"; + fileSystems = { + "/" = { + device = "/dev/sda3"; + fsType = "ext4"; + }; + "/boot" = { + device = "/dev/sda2"; + fsType = "ext4"; + }; + }; + + services.openssh = { + enable = true; + listenAddresses = [ { addr = "0.0.0.0"; port = sshPort; } ]; + }; + users.users = { + root.openssh.authorizedKeys.keys = [ myKey ]; + + rtorrent = { + isNormalUser = true; + }; + vorstand = { + isNormalUser = true; + openssh.authorizedKeys.keys = [ myKey + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUgS0VB5XayQobQfOi0tYeqpSSCXzftTKEyII4OYDhuF0/CdXSqOIvdqnWQ8933lPZ5234qCXCniIlRJpJQLBPJdJ7/XnC6W37asuft6yVYxTZnZat8edCuJETMvwZJZNttxHC04k3JPf9RMj25luICWabICH5XP9Mz3GoWSaOz7IOm7jiLQiF3UtiFOG06w76d3UfcIVbqjImwWv8nysphi9IQfL0XgC24zNE6LSeE7IN5xTOxoZxORQGsCEnFNCPevReNcSB0pI9xQ1iao7evaZkpzT4D4iQ/K7Ss8dsfFWN30NPMQS5ReQTUKtmGn1YlgkitiYTEXbMjkYbQaQr daniel@shadow" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtfWeIH7YZpWUUOZ3oC5FB2/J+P3scxm29gUQdVij/K0TuxW1yN/HtcvrO1mwSshS6sNZ2N6/Kb6+kuGyx1mEnaFt87K5ucxC7TNqiURh4eeZE1xX7B5Ob8TVegrBxoe+vcfaoyxn7sUzgF719H0aYC7PP6p3AIbhq3hRLcvY26u9/gZ39H79A71wCunauvpcnpb+rqyJMN6m2YoeOcoloe7wUDI8Xw5dUetHpNKn9k1vzS16CdwP4pAKI8aBtdNK7ZojVMe9LfBG8HHPr9K+cwcaxQuXkFBJzrfrtBCfQwrgWppsu/W/kGBs1ybku2bOFI5UXJBnsraXQqr1NLIfL phj@phj-X220" + ]; + }; + stallmanbot = { + isSystemUser = true; + useDefaultShell = true; + }; + }; + + environment.systemPackages = with pkgs; [ + vim + git + file + tmux + rtorrent + wget + ]; + + services.nginx = { + enable = true; + virtualHosts."haku.profpatsch.de" = { + forceSSL = true; + enableACME = true; + locations."/pub/" = { + proxyPass = "http://localhost:1338/"; + }; + locations."/".root = pkgs.writeTextDir "index.html" ''hello world''; + serverAliases = [ "lojbanistan.de" ]; + }; + }; + + programs.mosh.enable = true; + + programs.bash = { + loginShellInit = '' + alias c='vim /etc/nixos/configuration.nix' + alias nsp='nix-shell -p' + alias nrs='nixos-rebuild switch' + alias tad='tmux attach -d' + ''; + }; + + + networking = { + hostName = "haku"; + firewall = { + allowPing = true; + allowedTCPPorts = + [ 80 443 + sshPort ]; + allowedTCPPortRanges = + # rtorrent + [{ from = 6881; to = 6889; }]; + }; + nameservers = [ + "62.210.16.6" + "62.210.16.7" + ]; + }; +} -- cgit 1.4.1