diff options
Diffstat (limited to 'Com/Simatime/buildOS.nix')
-rw-r--r-- | Com/Simatime/buildOS.nix | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/Com/Simatime/buildOS.nix b/Com/Simatime/buildOS.nix new file mode 100644 index 0000000..2da22a1 --- /dev/null +++ b/Com/Simatime/buildOS.nix @@ -0,0 +1,52 @@ +nixos: +{ ipAddress ? null +, enableVpn ? false +, vpnConnectTo ? "" +, vpnRsaPrivateKeyFile ? null +, vpnEd25519PrivateKeyFile ? null +, configuration # see: configuration.nix(5) +}: +assert enableVpn -> builtins.isString ipAddress; +assert enableVpn -> builtins.isString vpnRsaPrivateKeyFile; +assert enableVpn -> builtins.isString vpnEd25519PrivateKeyFile; +let + vpnExtraConfig = '' + ConnectTo = ${vpnConnectTo} + Ed25519PrivateKeyFile = "${vpnEd25519PrivateKeyFile}" + PrivateKeyFile = "${vpnRsaPrivateKeyFile}" + ''; + defaults = { + boot.cleanTmpDir = true; + #networking.interfaces.simatime-vpn = [{ ipv4.address = ipAddress; }]; + nix.binaryCaches = [ "https://cache.nixos.org" ]; + nix.gc.automatic = true; + nix.gc.dates = "Sunday 02:15"; + nix.maxJobs = 1; # "auto"; + nix.optimise.automatic = true; + nix.optimise.dates = [ "Sunday 02:30" ]; + security.sudo.wheelNeedsPassword = false; + services.clamav.daemon.enable = true; # security + services.clamav.updater.enable = true; # security + services.fail2ban.enable = true; # security + services.openssh.enable = true; + services.openssh.forwardX11 = true; + services.openssh.passwordAuthentication = false; + services.tinc.networks.simatime-vpn.extraConfig = vpnExtraConfig; + services.tinc.networks.simatime-vpn.debugLevel = 3; + services.tinc.networks.simatime-vpn.interfaceType = "tap"; + services.tinc.networks.simatime-vpn.hosts = import ./vpnHosts.nix; + system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.09"; + system.autoUpgrade.dates = "03:00"; + system.autoUpgrade.enable = true; + users.motd = "welcome to simatime.com"; + users.users = import ./users.nix; + + }; + os = nixos { + system = "x86_64-linux"; + configuration = (defaults // configuration); + }; +in { + system = os.system; + vm = os.vm; +} |