# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, lib, ... }: { imports = [ # Include the results of the hardware scan. ./odin/hw.nix ./users.nix ./custom/uucp.nix ./custom/uucp-mediaserver.nix ./custom/borgbackup.nix ./custom/motion.nix ./custom/unit-status-mail.nix ]; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.version = 2; # Define on which hard drive you want to install Grub. boot.loader.grub.device = "/dev/disk/by-id/ata-MKNSSDCR60GB_MK130619AS1031770"; networking.hostName = "odin"; # Define your hostname. # Select internationalisation properties. i18n = { consoleKeyMap = "dvp"; defaultLocale = "en_US.UTF-8"; }; # Set your time zone. time.timeZone = "Europe/Berlin"; environment.systemPackages = with pkgs; [ pythonPackages.magic-wormhole tmux mosh quota git (callPackage ./utils/nix/rebuild-system.nix {}) samba ntfs3g ]; programs.zsh.enable = true; services.openssh = { enable = true; passwordAuthentication = false; challengeResponseAuthentication = false; extraConfig = '' AllowGroups ssh ''; }; users.groups."ssh" = { members = ["uucp" "root"]; }; networking.firewall = { enable = true; allowPing = true; allowedTCPPorts = [ 22 # ssh 139 445 # samba 111 2049 # nfs ]; allowedTCPPortRanges = [ { from = 8080; to = 8080; } # motion { from = 4000; to = 4002; } # nfs ]; allowedUDPPorts = [ 137 138 # samba 111 2049 # nfs ]; allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh { from = 4000; to = 4002; } # nfs ]; }; users.extraUsers.root = let template = import ./users/gkleen.nix; in { inherit (template) shell; openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles; }; services.journald = { rateLimitBurst = 0; }; services.haveged.enable = true; services.uucp = { enable = true; nodeName = "odin"; remoteNodes = { "ymir" = { publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGANj+LJ4CI6VrAgBRocKCGq74kZnwD1PdKr/gdlfVr1 uucp@ymir"]; hostnames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"]; commands = ["rmail"]; }; "hel" = { publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKD8ycFGfVkBL9wjA5Kc33cl6Qt5K2505G/38oH8Cy/e uucp@hel"]; hostnames = ["hel.asgard.yggdrasil" "hel.midgard.yggdrasil"]; commands = ["rmail"]; }; }; media-server = { enable = true; remoteNodes = [ "hel" ]; }; commandPath = [ "${pkgs.rmail}/bin" ]; }; users.groups."media" = { members = [ "uucp" ]; }; services.postfix = { enable = true; enableSmtp = false; enableSubmission = false; setSendmail = true; networksStyle = "host"; hostname = "odin.asgard.yggdrasil"; recipientDelimiter = "+"; postmasterAlias = "gkleen"; rootAlias = "gkleen"; extraAliases = '' uucp: gkleen ''; destination = [ ''regexp:${pkgs.writeText "destination" '' /\.?localdomain$/ ACCEPT /^localhost$/ ACCEPT /\.?odin(\.asgard\.yggdrasil)?$/ ACCEPT ''} '' ]; config = { default_transport = "uucp:ymir"; message_size_limit = "0"; mailbox_size_limit = "0"; mail_spool_directory = "/srv/mail"; luser_relay = ''postmaster''${recipient_delimiter}''${local:unknown}''; }; masterConfig = { uucp = { type = "unix"; private = true; privileged = true; chroot = false; command = "pipe"; args = [ "flags=Fqhu" "user=uucp" ''argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient)'' ]; }; }; networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"]; }; services.borgbackup = { snapshots = "lvm"; prefix = "automatic.yggdrasil.asgard.odin."; targets = { "munin" = { repo = "borg.munin:borg"; paths = [ { VG = "raid6"; LV = "mail"; } { VG = "raid6"; LV = "home"; } { VG = "raid6"; LV = "media"; } { VG = "raid6"; LV = "root"; } { VG = "ssd-raid1"; LV = "root"; } ]; prune = lib.genAttrs ["raid6/mail" "raid6/home" "raid6/media" "raid6/root" "ssd-raid1/root"] (name: [ "--keep-within" "24H" "--keep-daily" "31" "--keep-monthly" "12" "--keep-yearly" "-1" ]); }; }; }; services.samba = { enable = true; shares = { homes = { comment = "Home Directories"; browseable = true; "valid users" = "%S"; writable = true; }; }; extraConfig = '' domain master = true workgroup = ASGARD load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes ''; }; services.motion = { cameras = [ { extraConfig = '' camera_name cat-food netcam_url mjpeg://ipcam01.hlidskjalf.yggdrasil:80/mjpeg.cgi netcam_keepalive on width 640 height 480 stream_port 8080 despeckle_filter EedDl threshold_tune on noise_tune on lightswitch 50 minimum_motion_frames 5 ''; configFiles = [ "/etc/motion/cat-food.secret" ]; } ]; extraConfig = '' text_left "%$\n%F %T %Z" text_right "" text_changes off event_gap 20 output_pictures off ffmpeg_output_movies on ffmpeg_video_codec mkv ffmpeg_bps 500000 max_movie_time 600 target_dir /srv/hlidskjalf movie_filename %Y-%m-%d/%H-%M-%S.%$ stream_localhost off stream_auth_method 1 stream_quality 80 stream_maxrate 100 stream_motion on webcontrol_port 0 ipv6_enabled on ''; configFiles = [ "/etc/motion/motion.secret" ]; }; users.groups."hlidskjalf" = { members = [ "motion" ]; }; services.nfs.server = { enable = true; exports = '' /srv/media *(ro,insecure,all_squash,no_subtree_check,mp) ''; lockdPort = 4001; mountdPort = 4002; statdPort = 4000; }; virtualisation.libvirtd = { enable = true; }; systemd.status-mail = { recipient = "root@odin.asgard.yggdrasil"; onFailure = [ "nixos-upgrade" "borgbackup-munin@" "borgbackup-prune-munin" ]; }; system.autoUpgrade.enable = true; system.stateVersion = "18.09"; systemd.services."nixos-upgrade" = { path = with pkgs; [ git ]; preStart = '' git -C /etc/nixos pull --recurse-submodules ''; }; }