2022-08-06 20:31:18 +00:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
|
|
imports = [
|
|
|
|
./db.nix
|
|
|
|
./fic-admin.nix
|
2023-07-10 07:17:02 +00:00
|
|
|
./fic-checker.nix
|
2022-08-06 20:31:18 +00:00
|
|
|
./fic-dashboard.nix
|
|
|
|
./fic-evdist.nix
|
2023-07-10 07:17:02 +00:00
|
|
|
./fic-generator.nix
|
2022-08-06 20:31:18 +00:00
|
|
|
./fic-synchro.nix
|
|
|
|
];
|
|
|
|
|
|
|
|
config.sops = {
|
|
|
|
defaultSopsFile = ../secrets/phobos.yml; # We are currently in /nix/store/...-source/backend/
|
|
|
|
secrets.phobos_ssh = { mode = "0400"; };
|
|
|
|
# You may need to manualy remove `/run/secrets` if modified
|
|
|
|
};
|
|
|
|
|
|
|
|
config.system.activationScripts = {
|
|
|
|
# Create /var/lib/fic/** directories
|
|
|
|
makeFicDirs = lib.stringAfter [ "var" ] ''
|
|
|
|
mkdir -p /var/lib/fic/dashboard;
|
|
|
|
mkdir -p /var/lib/fic/files;
|
|
|
|
mkdir -p /var/lib/fic/pki;
|
|
|
|
mkdir -p /var/lib/fic/raw_files;
|
|
|
|
mkdir -p /var/lib/fic/settings;
|
|
|
|
mkdir -p /var/lib/fic/settingsdist;
|
|
|
|
mkdir -p /var/lib/fic/ssh;
|
|
|
|
mkdir -p /var/lib/fic/submissions;
|
|
|
|
mkdir -p /var/lib/fic/sync;
|
|
|
|
mkdir -p /var/lib/fic/teams;
|
|
|
|
mkdir -p /var/log/frontend;
|
|
|
|
'';
|
|
|
|
# Create docker network
|
|
|
|
createDockerNetworkPhobos =
|
|
|
|
let
|
|
|
|
docker = config.virtualisation.oci-containers.backend;
|
|
|
|
dockerBin = "${pkgs.${docker}}/bin/${docker}";
|
|
|
|
in
|
|
|
|
''
|
|
|
|
${dockerBin} network inspect phobos-lan >/dev/null 2>&1 \
|
|
|
|
|| ${dockerBin} network create phobos-lan --subnet 172.18.0.0/24
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
config = {
|
|
|
|
networking.hostName = "phobos";
|
|
|
|
|
|
|
|
# This is needed to install fic related pkgs
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
|
|
|
# To switch, remove `phobos-lan` from the networks before running nixos-rebuild
|
|
|
|
# ```
|
|
|
|
# ${dockerBin} network rm phobos-lan
|
|
|
|
# ```
|
|
|
|
virtualisation.docker.enable = true;
|
|
|
|
virtualisation.podman.enable = false;
|
|
|
|
virtualisation.oci-containers.backend = "docker";
|
|
|
|
};
|
|
|
|
}
|