application du template

2016-08-12 12:46:36 +02:00
parent 1cce1ec034
commit ea307cc5dc
41 changed files with 215 additions and 88 deletions
--- a/base/activation-manuelle/nix-serve-client.nix
+++ b/base/activation-manuelle/nix-serve-client.nix
@@ -1,13 +1,14 @@
 { config, lib, pkgs, ... }:

 let
-  inherit (lib) mkIf mkMerge;
-  profiles = config.r6d.profiles;
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
 in

 mkIf cfg.nix-serve-client {
+
  nix = {
    # Cache http pour le store
    requireSignedBinaryCaches = false;
--- a/base/activation-manuelle/nix-serve-server.nix
+++ b/base/activation-manuelle/nix-serve-server.nix
@@ -1,12 +1,27 @@
-{ config, pkgs, ... }:
-
-with pkgs.lib;
+{ config, lib, pkgs, ... }:

 let
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
-in {
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf cfg.nix-serve-server {
+
  # Cache http pour le store

-  services.nix-serve.enable = cfg.nix-serve-server;
-  networking.firewall.allowedTCPPorts = mkIf cfg.nix-serve-server [ 5000 ];
+  # Services
+  services.nix-serve = {
+    enable = true;
+  };
+
+  # Réseau
+  networking.firewall = {
+    allowedTCPPorts = [
+      5000
+    ];
+    allowedUDPPorts = [
+    ];
+  };
 }
--- a/base/activation-manuelle/service-fail2ban.nix
+++ b/base/activation-manuelle/service-fail2ban.nix
@@ -1,17 +1,20 @@
-{ config, pkgs, ... }:
-
-with pkgs.lib;
+{ config, lib, pkgs, ... }:

 let
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;

  ignoreip = "pedro.dubronetwork.fr cube.dubronetwork.fr voyage.prunetwork.fr xray.prunetwork.fr 192.168.0.0/16 172.16.0.0/16";
  destemail = "admins@dubronetwork.fr";
+in
+
+mkIf cfg.fail2ban {

-in {
  # Gestion de fail2ban
-  
-  services = mkIf cfg.fail2ban {
+  # Services
+  services = {
    fail2ban = {
      enable = true;
      jails = {
--- a/base/activation-manuelle/users.nix
+++ b/base/activation-manuelle/users.nix
@@ -1,9 +1,9 @@
-{ config, pkgs, ... }:
-
-with pkgs.lib;
+{ config, lib, pkgs, ... }:

 let
+  inherit (lib) mkIf mkMerge mkThenElse;
  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
  profiles = config.r6d.profiles;

  # Dubronetwork
--- a/base/base.nix
+++ b/base/base.nix
@@ -1,4 +1,11 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  #inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in

 {
  imports = [
--- a/base/network-dns.nix
+++ b/base/network-dns.nix
@@ -1,6 +1,14 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  cfg = config.r6d.config-generator;
+  computers = config.r6d.computers;
+  profiles = config.r6d.profiles;
+in
+
+mkIf true {

-{
  # Définition des domaines utilisés lorsque un identifiant non-FQDN est donné (ping, nslookup)
  networking = {
    search = [