let src = import ./npins; pkgs = import src.nixpkgs { }; disko = (import src.disko { inherit (pkgs) lib; }); diskConfig = import ./disks/ext4.nix { inherit (pkgs) lib; }; in { meta = { nixpkgs = src.nixpkgs; }; defaults = { pkgs, lib, ... }: { imports = [ ./profiles/sysadmin.nix ./profiles/glucagon.nix ./profiles/child-netdata.nix ./profiles/ldap.nix "${src.agenix}/modules/age.nix" (disko.config diskConfig) ]; security.acme.defaults.email = "monitoring@federez.net"; security.acme.acceptTerms = true; systemd.network.enable = true; networking.useDHCP = false; services.openssh.enable = true; # By default, everyone is a child except klington itself. federez.monitoring.enableChild = lib.mkDefault true; # Enable system diffs. system.activationScripts.system-diff = { supportsDryActivation = true; # safe: only outputs to stdout text = '' if [ -e /run/current-system ]; then PATH=$PATH:${pkgs.nix}/bin ${pkgs.nvd}/bin/nvd diff /run/current-system $systemConfig fi ''; }; # Mot de passe classique qu'on trouvera dans le "trousseau" legacy. users.users.root.initialHashedPassword = "$y$j9T$RoSZj8ezgR7cI8Le6xqwW/$0BI6G1Nqy/G0g0sNhQhyEedqoHsEyMFVjQgc3TPqE.4"; system.stateVersion = "24.05"; system.build.diskoScript = disko.diskoScript diskConfig pkgs; time.timeZone = "Europe/Paris"; }; estragon = { name, nodes, ... }: { deployment.tags = [ "matrix" ]; deployment.targetHost = "estragon.federez.net"; networking.hostName = name; federez.monitoring.apiKey = "3411043d-55b5-425e-af43-0932d6147148"; glucagon.networking = { nibble = 227; wan-mac = "BC:24:11:5C:A4:5A"; }; imports = [ ./profiles/vm.nix ./profiles/matrix-server.nix ./profiles/element.nix ./profiles/telegram-bot.nix ./profiles/irc-bot.nix ]; }; wagon = { name, nodes, ... }: { deployment.tags = [ "vaultwarden" "pass" "passwords" ]; deployment.targetHost = "wagon.federez.net"; networking.hostName = name; federez.monitoring.apiKey = "a8bd7953-dfca-4393-b770-98c5ab11dea5"; glucagon.networking = { nibble = 228; wan-mac = "BC:24:11:EA:6C:0B"; }; imports = [ ./profiles/vm.nix ./profiles/vaultwarden.nix ]; }; lagon = { name, nodes, ... }: { deployment.tags = [ "keycloak" "wayf" ]; deployment.targetHost = "lagon.federez.net"; networking.hostName = name; federez.monitoring.apiKey = "f85dcb12-970c-4ea1-99b4-01e2fc26bc6c"; glucagon.networking = { nibble = 229; wan-mac = "BC:24:11:7F:19:60"; }; imports = [ ./profiles/vm.nix ./profiles/wayf.nix ]; }; klingon = { name, nodes, ... }: { deployment.tags = [ "monitoring" ]; deployment.targetHost = "klingon.federez.net"; networking.hostName = name; glucagon.networking = { nibble = 230; wan-mac = "BC:24:11:B7:AE:80"; }; imports = [ ./profiles/vm.nix ./profiles/netdata.nix ]; }; aragon = { name, nodes, ... }: { deployment.tags = [ "gitlab" ]; deployment.targetHost = "aragon.federez.net"; federez.monitoring.apiKey = "370a181d-6b00-4c3d-af27-ca65e6e4c1b0"; networking.hostName = name; glucagon.networking = { nibble = 231; wan-mac = "BC:24:11:E3:12:4A"; }; imports = [ ./profiles/vm.nix ./profiles/gitlab.nix ]; }; pendragon = { name, nodes, ... }: { deployment.tags = [ "discourse" ]; deployment.targetHost = "pendragon.federez.net"; federez.monitoring.apiKey = "370a181d-6b00-4c3d-af27-ca65e6e4c1b0"; networking.hostName = name; glucagon.networking = { nibble = 233; wan-mac = "BC:24:11:C2:AA:47"; }; imports = [ ./profiles/vm.nix ./profiles/discourse.nix ]; }; perdrigon = { name, nodes, ... }: { deployment.tags = [ "indico" ]; deployment.targetHost = "perdrigon.federez.net"; federez.monitoring.apiKey = "370a181d-6b00-4c3d-af27-ca65e6e4c1b0"; networking.hostName = name; glucagon.networking = { nibble = 234; wan-mac = "BC:24:11:04:9B:51"; }; imports = [ ./profiles/vm.nix ./profiles/indico.nix ]; }; }