aboutsummaryrefslogtreecommitdiff
path: root/machines
diff options
context:
space:
mode:
authorIgor Pashev <pashev.igor@gmail.com>2016-09-29 14:24:32 +0300
committerIgor Pashev <pashev.igor@gmail.com>2016-09-29 14:34:44 +0300
commit643e4576e293f48d1b69eb705df0eede223c3655 (patch)
tree71044a222c9c97898ddd8b98c13cbadecacf8196 /machines
parent62f28d30a069135f9c48678507203958adfc334f (diff)
downloadnixsap-643e4576e293f48d1b69eb705df0eede223c3655.tar.gz
Added quick configuration for VirtualBox
Diffstat (limited to 'machines')
-rw-r--r--machines/vbox.nix77
1 files changed, 77 insertions, 0 deletions
diff --git a/machines/vbox.nix b/machines/vbox.nix
new file mode 100644
index 0000000..41e8b40
--- /dev/null
+++ b/machines/vbox.nix
@@ -0,0 +1,77 @@
+# This is for NixOps (https://nixos.org/nixops/)
+
+{ config, pkgs, lib, ... }:
+let
+ inherit (config.nixsap) apps;
+ inherit (lib) mkForce mkDefault mkIf;
+ inherit (pkgs) writeText;
+ memorySize = config.deployment.virtualbox.memorySize * 1024 * 1024;
+in {
+ deployment.targetEnv = "virtualbox";
+ deployment.virtualbox = {
+ memorySize = mkDefault 1024; # megabytes
+ disks = {
+ sdb = { port = 1; size = 30000; };
+ sdc = { port = 2; size = 30000; };
+ sdd = { port = 4; size = 2000; };
+ };
+ };
+ swapDevices = [{ device = "/dev/sdd"; randomEncryption = true; }];
+
+
+ nixsap.system.lvm.raid0.apps = {
+ stripes = 2;
+ units = "g";
+ physical = [ "/dev/sdb" "/dev/sdc" ];
+ fileSystems."${apps.icinga2.stateDir}" = mkIf apps.icinga2.enable 1;
+ fileSystems."${apps.icingaweb2.configDir}" = mkIf apps.icingaweb2.enable 1;
+ fileSystems."${apps.mysqlbackup.dumpDir}" = mkIf (apps.mysqlbackup.servers != {}) 10;
+ fileSystems."${apps.nginx.stateDir}" = mkIf (apps.nginx.http.servers != {}) 1;
+ fileSystems."/mariadb" = mkIf apps.mariadb.enable 30;
+ fileSystems."/postgresql" = mkIf (apps.postgresql != {}) 2;
+ fileSystems."/tmp" = 1;
+ };
+
+ nixsap.apps.filebackup.s3uri = mkForce null;
+ nixsap.apps.icinga2.notifications = mkForce false;
+ nixsap.apps.mysqlbackup.s3uri = mkForce null;
+ nixsap.apps.pgbackup.s3uri = mkForce null;
+
+ nixsap.apps.mariadb.mysqld = {
+ datadir = mkForce "/mariadb/db";
+ innodb_buffer_pool_size = (40 * memorySize) / 100;
+ log_bin = mkForce "/mariadb/binlog/binlog";
+ relay_log = mkForce "/mariadb/relay/relay";
+ server_id = mkForce 1;
+ ssl_cert = mkForce "${pkgs.fakeSSL}/cert.pem";
+ ssl_key = mkForce "${pkgs.fakeSSL}/key.pem";
+ };
+
+ nixsap.apps.sproxy = {
+ sslCert = mkForce "${pkgs.fakeSSL}/cert.pem";
+ sslKey = mkForce "${pkgs.fakeSSL}/key.pem";
+ cookieName = mkForce "sproxy_vbox";
+ logLevel = mkForce "debug";
+ };
+
+ nixsap.apps.mediawiki.localSettings = {
+ wgDBerrorLog = "/tmp/wiki-db.log";
+ wgDebugLogFile = "/tmp/wiki.log";
+ wgShowDBErrorBacktrace = true;
+ wgShowExceptionDetails = true;
+ };
+
+ security.sudo.wheelNeedsPassword = mkForce false;
+ environment.systemPackages = with pkgs; [
+ atop curl file htop iftop iotop jq lsof mc mtr ncdu netcat nmap openssl
+ pigz pv pwgen pxz sysstat tcpdump telnet tmux traceroute tree vim wget
+ ];
+
+ programs.bash.enableCompletion = mkForce true;
+
+ services.openssh.authorizedKeysFiles = mkForce [
+ "/etc/ssh/authorized_keys.d/%u"
+ "/root/.ssh/authorized_keys"
+ "/root/.vbox-nixops-client-key"
+ ];
+}