nixos/machines/_base.nix

{ pkgs, modulesPath, ... }:

{
  imports = [
    (modulesPath + "/virtualisation/proxmox-lxc.nix")
  ];

  # flakes are essensial
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  system.stateVersion = "22.11";

  services.openssh = {
    enable = true;
    permitRootLogin = "prohibit-password";
  };

  users.users.root = {
    initialHashedPassword = "";

    openssh.authorizedKeys.keys = [
      # no obligation to have name attached to keys

      # Root account
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin"

      # Brendan Golden
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb"

      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer"
    ];
  };


  networking = {
    # every sever needs to be accessable over ssh for admin use at least
    firewall.allowedTCPPorts = [22];

    # explisitly stating this is good
    defaultGateway = "193.1.99.65";

    # cannot use our own it seems?
    nameservers = [
      # ns2
      "193.1.99.109"
      # ns1
      "193.1.99.120"

      # Cloudflare
      #"1.1.1.1"
      # Google
      #"8.8.8.8"
      # Quad9
      #"9.9.9.9"
    ];
  };


  environment.systemPackages = [
    # for flakes
    pkgs.git
    # useful tools
    pkgs.ncdu_2
    pkgs.htop
    pkgs.nano
    pkgs.nmap
    pkgs.bind
  ];
}
fix: eol conversion round 2 2023-01-25 11:48:44 +00:00			`{ pkgs, modulesPath, ... }:`

			`{`
			`imports = [`
			`(modulesPath + "/virtualisation/proxmox-lxc.nix")`
			`];`

			`# flakes are essensial`
			`nix.settings.experimental-features = [ "nix-command" "flakes" ];`

			`system.stateVersion = "22.11";`

			`services.openssh = {`
			`enable = true;`
			`permitRootLogin = "prohibit-password";`
			`};`

			`users.users.root = {`
			`initialHashedPassword = "";`

			`openssh.authorizedKeys.keys = [`
ssh: added thenobrainer to the ssh keys and rekied the secrets 2023-04-23 15:43:52 +00:00			`# no obligation to have name attached to keys`

			`# Root account`
fix: eol conversion round 2 2023-01-25 11:48:44 +00:00			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin"`
ssh: added thenobrainer to the ssh keys and rekied the secrets 2023-04-23 15:43:52 +00:00
			`# Brendan Golden`
fix: eol conversion round 2 2023-01-25 11:48:44 +00:00			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb"`
ssh: added thenobrainer to the ssh keys and rekied the secrets 2023-04-23 15:43:52 +00:00
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer"`
fix: eol conversion round 2 2023-01-25 11:48:44 +00:00			`];`
			`};`


fix: set dns and gateway for alls ervers 2023-04-20 08:16:28 +00:00			`networking = {`
fix: centralise the ports 2023-04-20 23:53:25 +00:00			`# every sever needs to be accessable over ssh for admin use at least`
			`firewall.allowedTCPPorts = [22];`

fix: set dns and gateway for alls ervers 2023-04-20 08:16:28 +00:00			`# explisitly stating this is good`
			`defaultGateway = "193.1.99.65";`

			`# cannot use our own it seems?`
			`nameservers = [`
dns: still some kinks with the dns but its easing out 2023-04-20 22:46:43 +00:00			`# ns2`
dns: got a working letsencrypt setup 2023-04-23 03:22:01 +00:00			`"193.1.99.109"`
dns: still some kinks with the dns but its easing out 2023-04-20 22:46:43 +00:00			`# ns1`
dns: got a working letsencrypt setup 2023-04-23 03:22:01 +00:00			`"193.1.99.120"`
dns: still some kinks with the dns but its easing out 2023-04-20 22:46:43 +00:00
			`# Cloudflare`
dns: got a working letsencrypt setup 2023-04-23 03:22:01 +00:00			`#"1.1.1.1"`
dns: still some kinks with the dns but its easing out 2023-04-20 22:46:43 +00:00			`# Google`
dns: got a working letsencrypt setup 2023-04-23 03:22:01 +00:00			`#"8.8.8.8"`
dns: still some kinks with the dns but its easing out 2023-04-20 22:46:43 +00:00			`# Quad9`
dns: got a working letsencrypt setup 2023-04-23 03:22:01 +00:00			`#"9.9.9.9"`
fix: set dns and gateway for alls ervers 2023-04-20 08:16:28 +00:00			`];`
			`};`


fix: eol conversion round 2 2023-01-25 11:48:44 +00:00			`environment.systemPackages = [`
			`# for flakes`
			`pkgs.git`
			`# useful tools`
			`pkgs.ncdu_2`
			`pkgs.htop`
			`pkgs.nano`
			`pkgs.nmap`
feat: added bind for dns stuff 2023-04-19 19:42:00 +00:00			`pkgs.bind`
fix: eol conversion round 2 2023-01-25 11:48:44 +00:00			`];`
			`}`