# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, ... } @ args: # Configuration local for this cluster node (hostname, IP, etc) { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix # Include generic Deuxfleurs module ./deuxfleurs.nix # Configuration for this deployment (a cluster) ./cluster.nix # Configuration local for this Deuxfleurs site (set of nodes) ./site.nix # Configuration local for this cluster node (hostname, IP, etc) ./node.nix ]; # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config # replicates the default behaviour. networking.useDHCP = false; # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # Networking configuration (static IPs for each node is defined in node/*.nix) networking.nameservers = [ "9.9.9.9" ]; # Set your time zone. time.timeZone = "Europe/Paris"; # Select internationalisation properties. # i18n.defaultLocale = "en_US.UTF-8"; console = { font = "sun12x22"; keyMap = "fr"; }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ nmap bind inetutils vim tmux ncdu iotop jnettop nethogs wget htop links git rclone docker docker-compose ]; programs.vim.defaultEditor = true; # Enable network time services.ntp.enable = true; # Enable the OpenSSH daemon and disable password login. services.openssh.enable = true; services.openssh.passwordAuthentication = false; # ---- CONFIG FOR DEUXFLEURS CLUSTER ---- # Mount Garage using Rclone systemd.services.mountgarage = { enable = false; description = "Mount the Garage data store"; path = [ pkgs.fuse pkgs.rclone ]; unitConfig = { Type = "simple"; }; serviceConfig = { ExecStartPre = "${pkgs.bash}/bin/sh -c \"mkdir -p /mnt/garage-staging; fusermount -u /mnt/garage-staging || exit 0\""; ExecStart = "${pkgs.rclone}/bin/rclone --config /root/rclone.conf mount --vfs-cache-mode full --vfs-cache-max-size 1G --cache-dir /root/mountgarage-cache staging: /mnt/garage-staging"; }; wantedBy = [ "multi-user.target" ]; }; # Open ports in the firewall. networking.firewall = { enable = true; # Allow anyone to connect on SSH port allowedTCPPorts = [ (builtins.head ({ openssh.ports = [22]; } // config.services).openssh.ports) ]; # Allow specific hosts access to specific things in the cluster extraCommands = '' # Allow everything from router (usefull for UPnP/IGD) iptables -A INPUT -s 192.168.1.254 -j ACCEPT # Allow docker containers to access all ports iptables -A INPUT -s 172.17.0.0/16 -j ACCEPT # Allow other nodes on VPN to access all ports iptables -A INPUT -s 10.42.0.0/16 -j ACCEPT ''; # When stopping firewall, delete all rules that were configured manually above extraStopCommands = '' iptables -D INPUT -s 192.168.1.254 -j ACCEPT iptables -D INPUT -s 172.17.0.0/16 -j ACCEPT iptables -D INPUT -s 10.42.0.0/16 -j ACCEPT ''; }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "21.05"; # Did you read the comment? }