diff options
author | Igor Pashev <pashev.igor@gmail.com> | 2016-09-29 14:24:32 +0300 |
---|---|---|
committer | Igor Pashev <pashev.igor@gmail.com> | 2016-09-29 14:34:44 +0300 |
commit | 643e4576e293f48d1b69eb705df0eede223c3655 (patch) | |
tree | 71044a222c9c97898ddd8b98c13cbadecacf8196 /machines | |
parent | 62f28d30a069135f9c48678507203958adfc334f (diff) | |
download | nixsap-643e4576e293f48d1b69eb705df0eede223c3655.tar.gz |
Added quick configuration for VirtualBox
Diffstat (limited to 'machines')
-rw-r--r-- | machines/vbox.nix | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/machines/vbox.nix b/machines/vbox.nix new file mode 100644 index 0000000..41e8b40 --- /dev/null +++ b/machines/vbox.nix @@ -0,0 +1,77 @@ +# This is for NixOps (https://nixos.org/nixops/) + +{ config, pkgs, lib, ... }: +let + inherit (config.nixsap) apps; + inherit (lib) mkForce mkDefault mkIf; + inherit (pkgs) writeText; + memorySize = config.deployment.virtualbox.memorySize * 1024 * 1024; +in { + deployment.targetEnv = "virtualbox"; + deployment.virtualbox = { + memorySize = mkDefault 1024; # megabytes + disks = { + sdb = { port = 1; size = 30000; }; + sdc = { port = 2; size = 30000; }; + sdd = { port = 4; size = 2000; }; + }; + }; + swapDevices = [{ device = "/dev/sdd"; randomEncryption = true; }]; + + + nixsap.system.lvm.raid0.apps = { + stripes = 2; + units = "g"; + physical = [ "/dev/sdb" "/dev/sdc" ]; + fileSystems."${apps.icinga2.stateDir}" = mkIf apps.icinga2.enable 1; + fileSystems."${apps.icingaweb2.configDir}" = mkIf apps.icingaweb2.enable 1; + fileSystems."${apps.mysqlbackup.dumpDir}" = mkIf (apps.mysqlbackup.servers != {}) 10; + fileSystems."${apps.nginx.stateDir}" = mkIf (apps.nginx.http.servers != {}) 1; + fileSystems."/mariadb" = mkIf apps.mariadb.enable 30; + fileSystems."/postgresql" = mkIf (apps.postgresql != {}) 2; + fileSystems."/tmp" = 1; + }; + + nixsap.apps.filebackup.s3uri = mkForce null; + nixsap.apps.icinga2.notifications = mkForce false; + nixsap.apps.mysqlbackup.s3uri = mkForce null; + nixsap.apps.pgbackup.s3uri = mkForce null; + + nixsap.apps.mariadb.mysqld = { + datadir = mkForce "/mariadb/db"; + innodb_buffer_pool_size = (40 * memorySize) / 100; + log_bin = mkForce "/mariadb/binlog/binlog"; + relay_log = mkForce "/mariadb/relay/relay"; + server_id = mkForce 1; + ssl_cert = mkForce "${pkgs.fakeSSL}/cert.pem"; + ssl_key = mkForce "${pkgs.fakeSSL}/key.pem"; + }; + + nixsap.apps.sproxy = { + sslCert = mkForce "${pkgs.fakeSSL}/cert.pem"; + sslKey = mkForce "${pkgs.fakeSSL}/key.pem"; + cookieName = mkForce "sproxy_vbox"; + logLevel = mkForce "debug"; + }; + + nixsap.apps.mediawiki.localSettings = { + wgDBerrorLog = "/tmp/wiki-db.log"; + wgDebugLogFile = "/tmp/wiki.log"; + wgShowDBErrorBacktrace = true; + wgShowExceptionDetails = true; + }; + + security.sudo.wheelNeedsPassword = mkForce false; + environment.systemPackages = with pkgs; [ + atop curl file htop iftop iotop jq lsof mc mtr ncdu netcat nmap openssl + pigz pv pwgen pxz sysstat tcpdump telnet tmux traceroute tree vim wget + ]; + + programs.bash.enableCompletion = mkForce true; + + services.openssh.authorizedKeysFiles = mkForce [ + "/etc/ssh/authorized_keys.d/%u" + "/root/.ssh/authorized_keys" + "/root/.vbox-nixops-client-key" + ]; +} |