Merge remote-tracking branch 'ni/master'

1 files changed, 51 insertions, 0 deletions

diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
new file mode 100644
index 00000000..53ad56d6
--- /dev/null
+++ b/krebs/2configs/default.nix
@@ -0,0 +1,51 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+  krebs.enable = true;
+  krebs.tinc.retiolum.enable = true;
+
+  krebs.build.user = mkDefault config.krebs.users.krebs;
+
+  networking.hostName = config.krebs.build.host.name;
+
+  nix.maxJobs = 1;
+  nix.trustedBinaryCaches = [
+    "https://cache.nixos.org"
+    "http://cache.nixos.org"
+    "http://hydra.nixos.org"
+  ];
+  nix.useSandbox = true;
+
+  environment.systemPackages = with pkgs; [
+    git
+    rxvt_unicode.terminfo
+  ];
+
+  programs.ssh.startAgent = false;
+
+  services.openssh = {
+    enable = true;
+    hostKeys = [
+      { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+    ];
+  };
+  services.cron.enable = false;
+  services.nscd.enable = false;
+  services.ntp.enable = false;
+
+  users.mutableUsers = false;
+  users.extraUsers.root.openssh.authorizedKeys.keys = [
+    # TODO
+    config.krebs.users.lass.pubkey
+    config.krebs.users.makefu.pubkey
+    # TODO HARDER:
+    config.krebs.users.makefu-omo.pubkey
+    config.krebs.users.tv.pubkey
+  ];
+
+
+  # The NixOS release to be compatible with for stateful data such as databases.
+  system.stateVersion = "15.09";
+
+}