summaryrefslogtreecommitdiff
path: root/Com/Simatime/buildOS.nix
diff options
context:
space:
mode:
Diffstat (limited to 'Com/Simatime/buildOS.nix')
-rw-r--r--Com/Simatime/buildOS.nix56
1 files changed, 0 insertions, 56 deletions
diff --git a/Com/Simatime/buildOS.nix b/Com/Simatime/buildOS.nix
deleted file mode 100644
index 9e6c2f2..0000000
--- a/Com/Simatime/buildOS.nix
+++ /dev/null
@@ -1,56 +0,0 @@
-nixos:
-{ ipAddress ? null
-, enableVpn ? false
-, vpnConnectTo ? ""
-, vpnRsaPrivateKeyFile ? null
-, vpnEd25519PrivateKeyFile ? null
-, deps ? {} # an attrset overlayed to pkgs
-, configuration # see: configuration.nix(5)
-}:
-# assert enableVpn -> builtins.isString ipAddress;
-# assert enableVpn -> builtins.isString vpnRsaPrivateKeyFile;
-# assert enableVpn -> builtins.isString vpnEd25519PrivateKeyFile;
-let
- vpnExtraConfig = if enableVpn then ''
- ConnectTo = ${vpnConnectTo}
- Ed25519PrivateKeyFile = "${vpnEd25519PrivateKeyFile}"
- PrivateKeyFile = "${vpnRsaPrivateKeyFile}"
- '' else "";
- overlay = self: super: deps;
- defaults = {
- boot.cleanTmpDir = true;
- #networking.interfaces.simatime-vpn = [{ ipv4.address = ipAddress; }];
- networking.firewall.allowPing = true;
- nix.binaryCaches = [ "https://cache.nixos.org" ];
- nix.gc.automatic = true;
- nix.gc.dates = "Sunday 02:15";
- nix.maxJobs = 1; # "auto";
- nix.optimise.automatic = true;
- nix.optimise.dates = [ "Sunday 02:30" ];
- nixpkgs.overlays = [ overlay ];
- programs.mosh.enable = true;
- programs.mosh.withUtempter = true;
- security.acme.email = "ben@bsima.me";
- security.acme.acceptTerms = true;
- security.sudo.wheelNeedsPassword = false;
- services.clamav.daemon.enable = true; # security
- services.clamav.updater.enable = true; # security
- services.fail2ban.enable = true; # security
- services.openssh.enable = true;
- services.openssh.openFirewall = true;
- services.openssh.forwardX11 = true;
- services.openssh.passwordAuthentication = false;
- #services.tinc.networks.simatime-vpn.extraConfig = vpnExtraConfig;
- #services.tinc.networks.simatime-vpn.debugLevel = 3;
- #services.tinc.networks.simatime-vpn.interfaceType = "tap";
- #services.tinc.networks.simatime-vpn.hosts = import ./vpnHosts.nix;
- system.autoUpgrade.enable = false; # 'true' breaks our nixpkgs pin
- };
- os = nixos {
- system = "x86_64-linux";
- configuration = (defaults // configuration);
- };
-in {
- system = os.system;
- vm = os.vm;
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 18:20:52 +0000