summaryrefslogtreecommitdiff
path: root/Com/Simatime/buildOS.nix
diff options
context:
space:
mode:
Diffstat (limited to 'Com/Simatime/buildOS.nix')
-rw-r--r--Com/Simatime/buildOS.nix52
1 files changed, 52 insertions, 0 deletions
diff --git a/Com/Simatime/buildOS.nix b/Com/Simatime/buildOS.nix
new file mode 100644
index 0000000..2da22a1
--- /dev/null
+++ b/Com/Simatime/buildOS.nix
@@ -0,0 +1,52 @@
+nixos:
+{ ipAddress ? null
+, enableVpn ? false
+, vpnConnectTo ? ""
+, vpnRsaPrivateKeyFile ? null
+, vpnEd25519PrivateKeyFile ? null
+, configuration # see: configuration.nix(5)
+}:
+assert enableVpn -> builtins.isString ipAddress;
+assert enableVpn -> builtins.isString vpnRsaPrivateKeyFile;
+assert enableVpn -> builtins.isString vpnEd25519PrivateKeyFile;
+let
+ vpnExtraConfig = ''
+ ConnectTo = ${vpnConnectTo}
+ Ed25519PrivateKeyFile = "${vpnEd25519PrivateKeyFile}"
+ PrivateKeyFile = "${vpnRsaPrivateKeyFile}"
+ '';
+ defaults = {
+ boot.cleanTmpDir = true;
+ #networking.interfaces.simatime-vpn = [{ ipv4.address = ipAddress; }];
+ nix.binaryCaches = [ "https://cache.nixos.org" ];
+ nix.gc.automatic = true;
+ nix.gc.dates = "Sunday 02:15";
+ nix.maxJobs = 1; # "auto";
+ nix.optimise.automatic = true;
+ nix.optimise.dates = [ "Sunday 02:30" ];
+ security.sudo.wheelNeedsPassword = false;
+ services.clamav.daemon.enable = true; # security
+ services.clamav.updater.enable = true; # security
+ services.fail2ban.enable = true; # security
+ services.openssh.enable = true;
+ services.openssh.forwardX11 = true;
+ services.openssh.passwordAuthentication = false;
+ services.tinc.networks.simatime-vpn.extraConfig = vpnExtraConfig;
+ services.tinc.networks.simatime-vpn.debugLevel = 3;
+ services.tinc.networks.simatime-vpn.interfaceType = "tap";
+ services.tinc.networks.simatime-vpn.hosts = import ./vpnHosts.nix;
+ system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.09";
+ system.autoUpgrade.dates = "03:00";
+ system.autoUpgrade.enable = true;
+ users.motd = "welcome to simatime.com";
+ users.users = import ./users.nix;
+
+ };
+ os = nixos {
+ system = "x86_64-linux";
+ configuration = (defaults // configuration);
+ };
+in {
+ system = os.system;
+ vm = os.vm;
+}