Compare commits
21 Commits
2016-08-09
...
2016-08-12
| Author | SHA1 | Date | |
|---|---|---|---|
|
9bc50b35dd | ||
|
1c649a9b04 | ||
|
7cb371510b | ||
|
|
b38e5a87bb | ||
|
|
50326127d3 | ||
|
|
02a8b96e61 | ||
|
|
5e6586d403 | ||
|
|
b65ffa4d8f | ||
|
|
744ebec05b | ||
| d1113bec00 | |||
| ef2733675d | |||
| 63902d313c | |||
| 0dc2561017 | |||
|
|
953021f306 | ||
|
|
c2da568c30 | ||
| bbfd76a4a1 | |||
|
e1e30f4ce0 | ||
| 4c3e1abfcb | |||
|
c5b9c97327 | ||
|
|
6b0689d336 | ||
| 7536316133 |
@@ -5,20 +5,20 @@ let
|
||||
profiles = config.r6d.profiles;
|
||||
cfg = config.r6d.config-generator;
|
||||
computers = config.r6d.computers;
|
||||
in {
|
||||
nix = mkIf config.r6d.config-generator.nix-serve-client {
|
||||
in
|
||||
|
||||
mkIf cfg.nix-serve-client {
|
||||
nix = {
|
||||
# Cache http pour le store
|
||||
requireSignedBinaryCaches = false;
|
||||
binaryCaches = [
|
||||
("https://cache.nixos.org/")
|
||||
(mkIf (profiles.isDubronetwork && (! computers.isMonstre)) "http://192.168.10.169:5000")
|
||||
(mkIf profiles.isDubronetwork "http://192.168.10.252:5000")
|
||||
"https://cache.nixos.org/"
|
||||
|
||||
(mkIf (profiles.isDubronetwork && (! computers.isRollo)) "http://nix-cache.dubronetwork.fr:5001")
|
||||
(mkIf (profiles.isPrunetwork && !profiles.isServer) "http://192.168.1.20:5000")
|
||||
];
|
||||
extraOptions = ''
|
||||
connect-timeout = 5
|
||||
connect-timeout = 5
|
||||
'';
|
||||
};
|
||||
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
@@ -4,6 +4,10 @@ with pkgs.lib;
|
||||
|
||||
let
|
||||
cfg = config.r6d.config-generator;
|
||||
|
||||
ignoreip = "pedro.dubronetwork.fr cube.dubronetwork.fr voyage.prunetwork.fr xray.prunetwork.fr 192.168.0.0/16 172.16.0.0/16";
|
||||
destemail = "admins@dubronetwork.fr";
|
||||
|
||||
in {
|
||||
# Gestion de fail2ban
|
||||
|
||||
@@ -13,18 +17,16 @@ in {
|
||||
jails = {
|
||||
DEFAULT = ''
|
||||
# "ignoreip" can be an IP address, a CIDR mask or a DNS host
|
||||
ignoreip = 127.0.0.1/8 pedro.dubronetwork.fr cube.dubronetwork.fr voyage.prunetwork.fr xray.prunetwork.fr 192.168.0.0/16 172.16.0.0/16
|
||||
ignoreip = 127.0.0.1/8 ${ignoreip}
|
||||
|
||||
# 1 jour
|
||||
# bantime = 86400
|
||||
# 5 jours
|
||||
bantime = 432000
|
||||
|
||||
maxretry = 3
|
||||
|
||||
#
|
||||
# Destination email address used solely for the interpolations in
|
||||
# jail.{conf,local} configuration files.
|
||||
destemail = admins@dubronetwork.fr
|
||||
destemail = ${destemail}
|
||||
'';
|
||||
ssh-route = ''
|
||||
filter = sshd
|
||||
@@ -20,10 +20,16 @@ in {
|
||||
|
||||
security.sudo.wheelNeedsPassword = !(profiles.isPrunetwork && profiles.isServer);
|
||||
|
||||
users.extraUsers.jpierre03 = mkIf profiles.isPrunetwork {
|
||||
users.extraUsers.root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
radxJPierre03
|
||||
radxRoot
|
||||
phenomTaeradan
|
||||
];
|
||||
};
|
||||
|
||||
users.extraUsers.jpierre03 = {
|
||||
isNormalUser = true;
|
||||
createHome = true;
|
||||
home = "/home/jpierre03";
|
||||
description = "jpierre03";
|
||||
extraGroups = [
|
||||
"docker"
|
||||
@@ -40,10 +46,10 @@ in {
|
||||
];
|
||||
};
|
||||
|
||||
users.extraUsers.taeradan = mkIf profiles.isDubronetwork {
|
||||
users.extraUsers.taeradan = {
|
||||
description = "Yves Dubromelle";
|
||||
initialHashedPassword = "$6$yOBwZ.ijA$.eDknYZBxiGie88EUC8fYdpnSchKa8fMmjLglVk8c1gr23oAeb6rSBe8ID07frG5KlVSBqeMTuSoa/aONNp7b1";
|
||||
isNormalUser = true;
|
||||
#uid = 1000;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"docker"
|
||||
@@ -57,12 +63,33 @@ in {
|
||||
];
|
||||
};
|
||||
|
||||
users.extraUsers.lothy = mkIf (profiles.isDubronetwork && profiles.isDesktop) {
|
||||
users.extraUsers.lothy = mkIf ( (cfg.mailboxes && profiles.isDubronetwork)
|
||||
|| (profiles.isDesktop && profiles.isDubronetwork)
|
||||
) {
|
||||
description = "Ophélie Dubromelle-Lacroix";
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
];
|
||||
hashedPassword = "$6$vcZSVwQFcGg1xt$xuMiCmlozhgyFFGEw3rRnIrhVcglMlWY1lfJG17QoKE4KzrQfc9YAaJYgf.clc3ouFC/yLtEs18Q0DVGixTEt0";
|
||||
};
|
||||
|
||||
}
|
||||
users.extraUsers.alain = mkIf (cfg.mailboxes && profiles.isDubronetwork) {
|
||||
description = "Alain Dubromelle";
|
||||
isNormalUser = true;
|
||||
hashedPassword = "$6$wGd7Inli$p4Q8BrkUSNCKfqloHtehFKKHQqVKVxul/oHWBY2BdqlFNt7N9MXuvVJZ2BOD747vQvAc2f07N8I8kD0n7x/o61";
|
||||
uid = 1101;
|
||||
};
|
||||
users.extraUsers.dubromelle = mkIf (cfg.mailboxes && profiles.isDubronetwork) {
|
||||
description = "Alain & Véro Dubromelle";
|
||||
isNormalUser = true;
|
||||
hashedPassword = "$6$Aa7rTIL7$M8zhtVsjPhkbNsY571K6bb04Y6cS04Z8RYKTIF3HoslelXplkphckauNep9gnc9mAp0p7o2lnQEVSoPw2UwT7/";
|
||||
uid = 1102;
|
||||
};
|
||||
users.extraUsers.michele = mkIf (cfg.mailboxes && profiles.isDubronetwork) {
|
||||
description = "Michele Dubromelle";
|
||||
isNormalUser = true;
|
||||
hashedPassword = "$6$RuwEVVml$JnSb62qFrtBJY1CfC9uE0YK2qd2TpnNmlXNeQ62ludb3mkV8AMUVEj3R9jTKtOfLt/ap6jGVmakotGtHczBHL/";
|
||||
uid = 1103;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
./network-dns.nix
|
||||
|
||||
# inclusion conditionnelle
|
||||
./activation-manuelle/fail2ban.nix
|
||||
./activation-manuelle/service-fail2ban.nix
|
||||
./activation-manuelle/nix-serve-client.nix
|
||||
./activation-manuelle/nix-serve-server.nix
|
||||
./activation-manuelle/users.nix
|
||||
|
||||
@@ -36,6 +36,7 @@ in
|
||||
database_postgres=mkEnableOption "Profil pour activer le SGBD PostgreSQL.";
|
||||
developpement = mkEnableOption "Profil pour activer les outils de développement";
|
||||
docker = mkEnableOption "Profil pour l'utilisation de Docker.";
|
||||
dovecot = mkEnableOption "Profil pour activer le serveur Dovecot.";
|
||||
dns_autorite = mkEnableOption "Profil pour servir les fichiers de zone DNS.";
|
||||
dns_resolveur = mkEnableOption "Profil pour activer un résolveur DNS local.";
|
||||
edition-musique = mkEnableOption "Profil pour la création/édition de musique.";
|
||||
@@ -45,15 +46,18 @@ in
|
||||
jeux = mkEnableOption "Profil pour les jeux vidéos.";
|
||||
laptop = mkEnableOption "Profil pour les outils spécifiques aux ordinateurs portables..";
|
||||
locate = mkEnableOption "Profil pour activer la fonction locate.";
|
||||
mailboxes = mkEnableOption "Profil pour stocker les mails dans des boîtes aux lettres.";
|
||||
murmur = mkEnableOption "Profil pour activer un serveur Mumble (murmur)";
|
||||
nix-serve-client= mkEnableOption "Profil pour que la machine soit un client de cache nix.";
|
||||
nix-serve-server= mkEnableOption "Profil pour que la machine soit un serveur de cache nix.";
|
||||
nixStoreProxyCache = mkEnableOption "Profil pour activer le proxy cahce nginx pour le nix store";
|
||||
online-ipv6 = mkEnableOption "Profil pour activer l'IPv6 de online.net";
|
||||
print = mkEnableOption "Profil pour activer cups & pouvoir imprimer.";
|
||||
rabbitmq = mkEnableOption "Profil pour activer le service de messagerie AMQP.";
|
||||
swap = mkEnableOption "Profil pour que le swap soit activé.";
|
||||
virtualbox = mkEnableOption "Profil pour l'utilisation de VirtualBox.";
|
||||
xmonad = mkEnableOption "Profil pour activer le gestionnaire de fenêtres xmonad.";
|
||||
znc = mkEnableOption "Profil pour activer le relais IRC ZNC.";
|
||||
};
|
||||
#* Utilisé pour avoir des raccourcis de machine
|
||||
r6d.computers = {
|
||||
@@ -62,6 +66,7 @@ in
|
||||
isNeoNomade = mkEnableOption "Identification du nom de machine.";
|
||||
isNomade = mkEnableOption "Identification du nom de machine.";
|
||||
isOcean = mkEnableOption "Identification du nom de machine.";
|
||||
isPedro = mkEnableOption "Identification du nom de machine.";
|
||||
isPhenom = mkEnableOption "Identification du nom de machine.";
|
||||
isRadx = mkEnableOption "Identification du nom de machine.";
|
||||
isRollo = mkEnableOption "Identification du nom de machine.";
|
||||
@@ -82,6 +87,7 @@ in
|
||||
isNeoNomade = host == "neo-nomade.dubronetwork.fr";
|
||||
isNomade = host == "nomade.dubronetwork.fr";
|
||||
isOcean = host == "ocean.prunetwork.fr";
|
||||
isPedro = host == "pedro.dubronetwork.fr";
|
||||
isPhenom = host == "phenom.dubronetwork.fr";
|
||||
isRadx = host == "radx.prunetwork.fr";
|
||||
isRollo = host == "rollo.dubronetwork.fr";
|
||||
@@ -139,9 +145,6 @@ in
|
||||
print = true;
|
||||
};
|
||||
})
|
||||
(mkIf (pfl.isDubronetwork && pfl.isHome) {
|
||||
r6d.config-generator.jeux = true;
|
||||
})
|
||||
(mkIf (pfl.isDubronetwork && pfl.isServer) {
|
||||
r6d.config-generator.nix-serve-server = true;
|
||||
})
|
||||
@@ -178,12 +181,10 @@ in
|
||||
r6d.profiles = {
|
||||
isHome = true;
|
||||
isPrunetwork = true;
|
||||
isServer = true;
|
||||
isWorkstation = true;
|
||||
};
|
||||
|
||||
r6d.config-generator = {
|
||||
nix-serve-server = true;
|
||||
virtualbox = true;
|
||||
};
|
||||
})
|
||||
@@ -211,7 +212,11 @@ in
|
||||
isServer = true;
|
||||
};
|
||||
|
||||
r6d.config-generator.fail2ban = true;
|
||||
r6d.config-generator = {
|
||||
fail2ban = true;
|
||||
nix-serve-client = true;
|
||||
nixStoreProxyCache = true;
|
||||
};
|
||||
})
|
||||
(mkIf comp.isNeoNomade{
|
||||
r6d.profiles = {
|
||||
@@ -230,6 +235,17 @@ in
|
||||
laptop = true;
|
||||
};
|
||||
})
|
||||
(mkIf comp.isPedro {
|
||||
r6d.profiles = {
|
||||
isDubronetwork = true;
|
||||
isServer = true;
|
||||
};
|
||||
|
||||
r6d.config-generator = {
|
||||
fail2ban = true;
|
||||
online-ipv6 = true;
|
||||
};
|
||||
})
|
||||
(mkIf comp.isPhenom {
|
||||
r6d.profiles = {
|
||||
isDubronetwork = true;
|
||||
@@ -248,9 +264,12 @@ in
|
||||
};
|
||||
|
||||
r6d.config-generator = {
|
||||
dovecot = true;
|
||||
fail2ban = true;
|
||||
mailboxes = true;
|
||||
murmur = true;
|
||||
online-ipv6 = true;
|
||||
znc = true;
|
||||
};
|
||||
})
|
||||
];
|
||||
|
||||
11
module-template.nix
Normal file
11
module-template.nix
Normal file
@@ -0,0 +1,11 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) mkIf;
|
||||
cfg = config.r6d.config-generator;
|
||||
computers = config.r6d.computers;
|
||||
profiles = config.r6d.profiles;
|
||||
in
|
||||
|
||||
mkIf true {
|
||||
}
|
||||
3
munin-www.sh
Executable file
3
munin-www.sh
Executable file
@@ -0,0 +1,3 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
pushd /var/www/munin/ && python -m SimpleHTTPServer 8000
|
||||
@@ -19,9 +19,11 @@ environment.systemPackages = with pkgs; [
|
||||
## Réseaux sociaux
|
||||
python27Packages.turses # client twitter en ncurse
|
||||
python27Packages.rainbowstream # client twitter en console
|
||||
rtv # client reddit en console
|
||||
|
||||
## Mail & Discussion (texte, audio)
|
||||
clawsMail
|
||||
hexchat
|
||||
kde5.quasselClient
|
||||
mumble
|
||||
mutt
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
# installées systématiquement
|
||||
./environment.nix
|
||||
./localisation.nix
|
||||
./network-ipv6.nix
|
||||
#./network-ipv6.nix
|
||||
./service-haveged.nix
|
||||
./service-monitoring.nix
|
||||
./service-ssh.nix
|
||||
|
||||
Reference in New Issue
Block a user