nixos/machines/_base.nix

85 lines
1.9 KiB
Nix
Raw Normal View History

{ pkgs, modulesPath, config, ... }:
2023-01-25 11:48:44 +00:00
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
# every server needs teh ldap client for admins
../applications/ldap_client.nix
2023-01-25 11:48:44 +00:00
];
# flakes are essensial
nix.settings.experimental-features = [ "nix-command" "flakes" ];
system.stateVersion = "22.11";
services.openssh = {
enable = true;
permitRootLogin = "prohibit-password";
};
users.users.root = {
initialHashedPassword = "";
openssh.authorizedKeys.keys = [
# no obligation to have name attached to keys
# Root account
2023-01-25 11:48:44 +00:00
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin"
# Brendan Golden
2023-01-25 11:48:44 +00:00
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer"
2023-01-25 11:48:44 +00:00
];
};
2023-06-14 20:06:44 +00:00
# skynet-admin will always be added, individual servers can override the grpoups option
services.skynet_ldap_client.enable = true;
networking = {
2023-04-20 23:53:25 +00:00
# every sever needs to be accessable over ssh for admin use at least
firewall.allowedTCPPorts = [22];
# explisitly stating this is good
defaultGateway = "193.1.99.65";
# cannot use our own it seems?
nameservers = [
# ns1
2023-04-23 03:22:01 +00:00
"193.1.99.120"
2023-04-24 19:19:32 +00:00
# ns2
"193.1.99.109"
# Cloudflare
2023-04-23 03:22:01 +00:00
#"1.1.1.1"
# Google
2023-04-23 03:22:01 +00:00
#"8.8.8.8"
# Quad9
2023-04-23 03:22:01 +00:00
#"9.9.9.9"
];
};
# make sure resolved uses our dns servers
services.resolved = {
#enable = true;
# use teh above nameservers as the fallback dns
fallbackDns = config.networking.nameservers;
};
2023-01-25 11:48:44 +00:00
environment.systemPackages = [
# for flakes
pkgs.git
# useful tools
pkgs.ncdu_2
pkgs.htop
pkgs.nano
pkgs.nmap
2023-04-19 19:42:00 +00:00
pkgs.bind
2023-06-11 21:11:39 +00:00
pkgs.zip
pkgs.traceroute
pkgs.openldap
2023-01-25 11:48:44 +00:00
];
}