cleverca22
2/2/2016 - 8:20 PM

core.nix

{ pkgs, ... }:

let
  passwords = import ./passwords.nix;
in
{
  systemd.services.snmpd = let
    snmpconfig = pkgs.writeTextFile {
      name = "snmpd.conf";
      text = ''
        rocommunity ${passwords.snmp}
        disk / 10000
        extend cputemp ${pkgs.stdenv.shell} -c "${pkgs.acpi}/bin/acpi -t|egrep -o '[0-9\.]{3,}'"
      '';
    };
  in {
    description = "net-snmp daemon";
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      ExecStart = "${pkgs.net_snmp}/bin/snmpd -f -c ${snmpconfig}";
      KillMode = "process";
      Restart = "always";
    };
  };
}
{config,pkgs,...}:

let
  builders = import ./builders.nix;
in
{
  imports = [ ./core.nix ./snmpd.nix ];
  services.xserver = {
    videoDrivers = [ "fbdev" ];
  };
  hardware.opengl.enable = false;
  boot = {
    loader = {
      grub.enable = false;
      raspberryPi.enable = false;
      raspberryPi.version = 1;
      generic-extlinux-compatible.enable = true;
    };
  };
  hardware.sane.enable = false;
  services.nixosManual.enable = false; # FIXME: workaround SANE not evaluating on ARM
  sound.enable = false;
  nix = {
    #buildMachines = builders.arm;
  };
}

{ pkgs, lib, config, ... }:

{
  imports = [ ./rpi.nix ./headless.nix ];
  services = {
    avahi = {
      enable = true;
      nssmdns = true;
    };
    xserver = {
      enable = false;
      displayManager.slim.enable = false;
      desktopManager.xfce.enable = false;
      desktopManager.xterm.enable = false;
    };
    toxvpn.enable = true;  
    toxvpn.localip = "192.168.123.21";
  };
  fileSystems = {
    "/" = {
      device = "UUID=d230cc98-8f33-457f-9fee-b65558165188";
      fsType = "ext4";
      iscsi = {
        enable = true;
        host = "192.168.2.61";
        lun = "iqn.2001-04.com.c2d-nix3";
      };
    };
    "/boot" = { device = "UUID=DCF1-5AC3"; };
  };
  environment.noXlibs = lib.mkDefault true;
  #i18n.supportedLocales = [ config.i18n.defaultLocale ];
  networking = {
    firewall.enable = false;
    hostName = "nix1";
    interfaces.eth0.ipAddress = "192.168.2.30";
    interfaces.eth0.prefixLength = 24;
    defaultGateway = "192.168.2.1";
    nameservers = [ "192.168.2.61" ];
    dhcpcd.persistent = true;
    nat = {
      enable = true;
      internalInterfaces = [ "ve-+" ];
      externalInterface = "eth0";
    };
  };
  nixpkgs.system = "armv6l-linux";
  nixpkgs.config = {
    allowUnfree = true;
    packageOverrides = pkgs: rec {
#      mesa_noglu = pkgs.callPackage ./mesa.nix {
#        grsecEnabled = true;
#        llvmPackages = pkgs.llvmPackages_36;
#      };
    };
  };
  environment.systemPackages = with pkgs; [ sysstat gdb git lsof ];
  boot = {
    initrd = {
      iscsi = {
        initiatorName = "iqn.2015-09.com.example:3255a7223b2";
        netDev = "eth0";
      };
    };
  };
}
{ config, pkgs, ... }:

{
  boot = {
    kernelParams = [ "boot.panic_on_fail" ];
  };
}
{ config, pkgs, ...}:

let
  pixfix = if (builtins.currentSystem == "armv6l-linux") then
    [ ./pixman.nix ]
  else
    [];
  passwords = import ./passwords.nix;
  keys = import ./keys.nix;
in
{
  imports = [ ./vim.nix ./iscsi-boot.nix ./toxvpn_module.nix ./iscsi_module.nix ] ++ pixfix;
  environment.systemPackages = with pkgs; [ sqlite screen git util nix-repl utillinuxCurses psmisc ];
  programs = {
    screen.screenrc = ''
      defscrollback 5000
      caption always
    '';
    ssh = {
      knownHosts = [
        { hostNames = [ "192.168.2.1" "router.localnet" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSvyvC18BHfivZJDhWSm7VU3kEElfNfMIfeohkil614"; }
        { hostNames = [ "192.168.2.15" "amd.localnet" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJhJRINrY5cFcqZ76GsAK7FU+wQhErlS6APdOIm7xcnW"; }
        { hostNames = [ "192.168.2.30" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3cnHv8e6v3mQvVLc7f7YgbeHKqQY2UtySeNL8Ew4ro"; }
        { hostNames = [ "192.168.2.31" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGG8XsjV3ufF2+SWc1isnYqry3tdIqA01GA4d+SSak/F"; }
        { hostNames = [ "c2d.localnet" ]; publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAeIKSyO23iQey8rfwqYdRrcn2sY/Uxcy/OogAZKYNBAeLdwWDmX73d/TZA/rLJtImKPjZYl1VyCIylnNaogvNs="; }
        { hostNames = [ "192.168.123.24" "gamah" ]; publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJpj4w4nvVhxRlJOsdn1anlOjpmwgeAZqRAhYwtg3RY96Dv3gDnJTsOU5z4DoKOVq5YNfeTGI5HJTGZuV6BSik0="; }
        { hostNames = [ "andoria.angeldsis.com" ]; publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHX1VUOiMc14jztdHArChYyUaLlTygtUSuH7qU+SD8DqnCmlmbTgeuRDEnsMCBGfWIRSftGi1VG7gC5cZwQxsiY="; }
      ];
    };
  };
  nixpkgs.config = {
    sqlite.interactive = true;
    packageOverrides = (import ./overrides.nix).packageOverrides;
  };
  services = {
    openssh = {
      enable = true;
      permitRootLogin = "yes";
    };
  };
  nix = {
    trustedUsers = [ "builder" ];
    distributedBuilds = true;
    binaryCaches = [
      "http://nixcache.localnet"
      "https://cache.nixos.org"
      #"http://hydra.nixos.org/"
    ];
    binaryCachePublicKeys = [
      "c2d.localnet-1:YTVKcy9ZO3tqPNxRqeYEYxSpUH5C8ykZ9ImUKuugf4c="
      "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
    ];
  };
  users.extraUsers = {
    clever = {
      home = "/home/clever";
      isNormalUser = true;
      extraGroups = [ "wheel" "wireshark" ];
      uid = 1000;
      openssh.authorizedKeys.keys = [ keys.ramboot ];
      initialHashedPassword = passwords.hashedPw;
    };
    builder = {
      uid = 1001;
      isNormalUser = true;
      openssh.authorizedKeys.keys = [ keys.dual.distro keys.nix1.distro keys.router.distro keys.nix2 keys.amd_distro ];
    };
    root.openssh.authorizedKeys.keys = [ keys.dual.distro keys.amd ];
  };
  users.extraGroups.wireshark.gid = 500;
}