2023-06-14 19:30:33 +00:00
|
|
|
{ pkgs, modulesPath, config, ... }:
|
2023-01-25 11:48:44 +00:00
|
|
|
|
|
|
|
{
|
|
|
|
imports = [
|
|
|
|
(modulesPath + "/virtualisation/proxmox-lxc.nix")
|
2023-06-14 20:04:29 +00:00
|
|
|
|
|
|
|
# every server needs teh ldap client for admins
|
|
|
|
../applications/ldap_client.nix
|
2023-01-25 11:48:44 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
# flakes are essensial
|
|
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
|
|
|
|
system.stateVersion = "22.11";
|
|
|
|
|
|
|
|
services.openssh = {
|
|
|
|
enable = true;
|
|
|
|
permitRootLogin = "prohibit-password";
|
|
|
|
};
|
|
|
|
|
|
|
|
users.users.root = {
|
|
|
|
initialHashedPassword = "";
|
|
|
|
|
|
|
|
openssh.authorizedKeys.keys = [
|
2023-04-23 15:43:52 +00:00
|
|
|
# no obligation to have name attached to keys
|
|
|
|
|
|
|
|
# Root account
|
2023-01-25 11:48:44 +00:00
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin"
|
2023-04-23 15:43:52 +00:00
|
|
|
|
|
|
|
# Brendan Golden
|
2023-01-25 11:48:44 +00:00
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb"
|
2023-04-23 15:43:52 +00:00
|
|
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer"
|
2023-01-25 11:48:44 +00:00
|
|
|
];
|
|
|
|
};
|
|
|
|
|
2023-06-14 20:06:44 +00:00
|
|
|
# skynet-admin will always be added, individual servers can override the grpoups option
|
|
|
|
services.skynet_ldap_client.enable = true;
|
2023-06-14 20:04:29 +00:00
|
|
|
|
2023-04-20 08:16:28 +00:00
|
|
|
networking = {
|
2023-04-20 23:53:25 +00:00
|
|
|
# every sever needs to be accessable over ssh for admin use at least
|
|
|
|
firewall.allowedTCPPorts = [22];
|
|
|
|
|
2023-04-20 08:16:28 +00:00
|
|
|
# explisitly stating this is good
|
|
|
|
defaultGateway = "193.1.99.65";
|
|
|
|
|
|
|
|
# cannot use our own it seems?
|
|
|
|
nameservers = [
|
2023-04-20 22:46:43 +00:00
|
|
|
# ns1
|
2023-04-23 03:22:01 +00:00
|
|
|
"193.1.99.120"
|
2023-04-24 19:19:32 +00:00
|
|
|
# ns2
|
2023-06-14 19:30:33 +00:00
|
|
|
"193.1.99.109"
|
2023-04-20 22:46:43 +00:00
|
|
|
|
|
|
|
# Cloudflare
|
2023-04-23 03:22:01 +00:00
|
|
|
#"1.1.1.1"
|
2023-04-20 22:46:43 +00:00
|
|
|
# Google
|
2023-04-23 03:22:01 +00:00
|
|
|
#"8.8.8.8"
|
2023-04-20 22:46:43 +00:00
|
|
|
# Quad9
|
2023-04-23 03:22:01 +00:00
|
|
|
#"9.9.9.9"
|
2023-04-20 08:16:28 +00:00
|
|
|
];
|
|
|
|
};
|
|
|
|
|
2023-06-14 19:30:33 +00:00
|
|
|
# make sure resolved uses our dns servers
|
|
|
|
services.resolved = {
|
|
|
|
#enable = true;
|
|
|
|
# use teh above nameservers as the fallback dns
|
|
|
|
fallbackDns = config.networking.nameservers;
|
|
|
|
};
|
|
|
|
|
2023-04-20 08:16:28 +00:00
|
|
|
|
2023-01-25 11:48:44 +00:00
|
|
|
environment.systemPackages = [
|
|
|
|
# for flakes
|
|
|
|
pkgs.git
|
|
|
|
# useful tools
|
|
|
|
pkgs.ncdu_2
|
|
|
|
pkgs.htop
|
|
|
|
pkgs.nano
|
|
|
|
pkgs.nmap
|
2023-04-19 19:42:00 +00:00
|
|
|
pkgs.bind
|
2023-06-11 21:11:39 +00:00
|
|
|
pkgs.zip
|
2023-06-14 19:30:33 +00:00
|
|
|
pkgs.traceroute
|
2023-06-15 13:29:06 +00:00
|
|
|
pkgs.openldap
|
2023-01-25 11:48:44 +00:00
|
|
|
];
|
|
|
|
}
|