blob: 41e8b405e1d601981d02335f888fa68aed908901 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
# This is for NixOps (https://nixos.org/nixops/)
{ config, pkgs, lib, ... }:
let
inherit (config.nixsap) apps;
inherit (lib) mkForce mkDefault mkIf;
inherit (pkgs) writeText;
memorySize = config.deployment.virtualbox.memorySize * 1024 * 1024;
in {
deployment.targetEnv = "virtualbox";
deployment.virtualbox = {
memorySize = mkDefault 1024; # megabytes
disks = {
sdb = { port = 1; size = 30000; };
sdc = { port = 2; size = 30000; };
sdd = { port = 4; size = 2000; };
};
};
swapDevices = [{ device = "/dev/sdd"; randomEncryption = true; }];
nixsap.system.lvm.raid0.apps = {
stripes = 2;
units = "g";
physical = [ "/dev/sdb" "/dev/sdc" ];
fileSystems."${apps.icinga2.stateDir}" = mkIf apps.icinga2.enable 1;
fileSystems."${apps.icingaweb2.configDir}" = mkIf apps.icingaweb2.enable 1;
fileSystems."${apps.mysqlbackup.dumpDir}" = mkIf (apps.mysqlbackup.servers != {}) 10;
fileSystems."${apps.nginx.stateDir}" = mkIf (apps.nginx.http.servers != {}) 1;
fileSystems."/mariadb" = mkIf apps.mariadb.enable 30;
fileSystems."/postgresql" = mkIf (apps.postgresql != {}) 2;
fileSystems."/tmp" = 1;
};
nixsap.apps.filebackup.s3uri = mkForce null;
nixsap.apps.icinga2.notifications = mkForce false;
nixsap.apps.mysqlbackup.s3uri = mkForce null;
nixsap.apps.pgbackup.s3uri = mkForce null;
nixsap.apps.mariadb.mysqld = {
datadir = mkForce "/mariadb/db";
innodb_buffer_pool_size = (40 * memorySize) / 100;
log_bin = mkForce "/mariadb/binlog/binlog";
relay_log = mkForce "/mariadb/relay/relay";
server_id = mkForce 1;
ssl_cert = mkForce "${pkgs.fakeSSL}/cert.pem";
ssl_key = mkForce "${pkgs.fakeSSL}/key.pem";
};
nixsap.apps.sproxy = {
sslCert = mkForce "${pkgs.fakeSSL}/cert.pem";
sslKey = mkForce "${pkgs.fakeSSL}/key.pem";
cookieName = mkForce "sproxy_vbox";
logLevel = mkForce "debug";
};
nixsap.apps.mediawiki.localSettings = {
wgDBerrorLog = "/tmp/wiki-db.log";
wgDebugLogFile = "/tmp/wiki.log";
wgShowDBErrorBacktrace = true;
wgShowExceptionDetails = true;
};
security.sudo.wheelNeedsPassword = mkForce false;
environment.systemPackages = with pkgs; [
atop curl file htop iftop iotop jq lsof mc mtr ncdu netcat nmap openssl
pigz pv pwgen pxz sysstat tcpdump telnet tmux traceroute tree vim wget
];
programs.bash.enableCompletion = mkForce true;
services.openssh.authorizedKeysFiles = mkForce [
"/etc/ssh/authorized_keys.d/%u"
"/root/.ssh/authorized_keys"
"/root/.vbox-nixops-client-key"
];
}
|