# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./odin/hw.nix ./users.nix ./custom/uucp.nix ./custom/uucp-mediaserver.nix ]; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.version = 2; # Define on which hard drive you want to install Grub. boot.loader.grub.device = "/dev/disk/by-id/ata-MKNSSDCR60GB_MK130619AS1031770"; networking.hostName = "odin"; # Define your hostname. # Select internationalisation properties. i18n = { consoleKeyMap = "dvp"; defaultLocale = "en_US.UTF-8"; }; # Set your time zone. time.timeZone = "Europe/Berlin"; environment.systemPackages = with pkgs; [ pythonPackages.magic-wormhole tmux mosh quota git (callPackage ./utils/nix/rebuild-system.nix {}) ]; programs.zsh.enable = true; services.openssh = { enable = true; passwordAuthentication = false; challengeResponseAuthentication = false; extraConfig = '' AllowGroups ssh ''; }; users.groups."ssh" = { members = ["uucp" "root"]; }; networking.firewall = { enable = true; allowPing = true; allowedTCPPorts = [ 22 # ssh ]; allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh ]; }; users.extraUsers.root = let template = import ./users/gkleen.nix; in { inherit (template) shell; openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles; }; services.journald = { rateLimitBurst = 0; }; services.haveged.enable = true; services.uucp = { enable = true; nodeName = "odin"; remoteNodes = [ "ymir" "hel" ]; sshUser = { openssh.authorizedKeys.keys = [ ''restrict,command="${config.security.wrapperDir}/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKD8ycFGfVkBL9wjA5Kc33cl6Qt5K2505G/38oH8Cy/e uucp@hel'' ''restrict,command="${config.security.wrapperDir}/uucico" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGANj+LJ4CI6VrAgBRocKCGq74kZnwD1PdKr/gdlfVr1 uucp@ymir'' ]; }; sshConfig = '' Host ymir Hostname ymir.niflheim.yggdrasil IdentityFile ~/.ssh/ymir Host hel Hostname hel.midgard.yggdrasil IdentityFile ~/.ssh/hel ''; commandPath = ["${pkgs.rmail}/bin"]; defaultCommands = ["rmail"]; media-server = { enable = true; remoteNodes = [ "hel" ]; }; }; users.groups."media" = { members = [ "uucp" ]; }; services.postfix = { enable = true; enableSmtp = false; enableSubmission = false; setSendmail = true; networksStyle = "host"; hostname = "odin.asgard.yggdrasil"; recipientDelimiter = "+"; postmasterAlias = "gkleen"; rootAlias = "gkleen"; destination = [''regexp:${pkgs.writeText "destination" '' /\.?localdomain$/ ACCEPT /^localhost$/ ACCEPT /\.?odin(\.asgard\.yggdrasil)?$/ ACCEPT ''}'']; config = { default_transport = "uucp:ymir"; message_size_limit = "0"; mailbox_size_limit = "0"; mail_spool_directory = "/srv/mail"; luser_relay = ''postmaster''${recipient_delimiter}''${local:unknown}''; }; masterConfig = { uucp = { type = "unix"; private = true; privileged = true; chroot = false; command = "pipe"; args = [ "flags=Fqhu" "user=uucp" ''argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient)'' ]; }; }; networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"]; }; system.autoUpgrade.enable = true; system.stateVersion = "18.09"; systemd.services."nixos-upgrade" = { path = with pkgs; [ git ]; preStart = '' git -C /etc/nixos pull --recurse-submodules ''; }; }