{ pkgs, modulesPath, config, ... }: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") # every server needs teh ldap client for admins ../applications/ldap_client.nix ]; # flakes are essensial nix.settings.experimental-features = [ "nix-command" "flakes" ]; system.stateVersion = "22.11"; services.openssh = { enable = true; permitRootLogin = "prohibit-password"; }; users.users.root = { initialHashedPassword = ""; openssh.authorizedKeys.keys = [ # no obligation to have name attached to keys # Root account "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin" # Brendan Golden "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer" ]; }; security.sudo.extraRules = [ # admin group has sudo access { groups = [ "skynet-admins" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; } ]; # skynet-admin will always be added, individual servers can override the grpoups option services.skynet_ldap_client.enable = true; networking = { # every sever needs to be accessable over ssh for admin use at least firewall.allowedTCPPorts = [22]; # explisitly stating this is good defaultGateway = "193.1.99.65"; # cannot use our own it seems? nameservers = [ # ns1 "193.1.99.120" # ns2 "193.1.99.109" # Cloudflare #"1.1.1.1" # Google #"8.8.8.8" # Quad9 #"9.9.9.9" ]; }; # make sure resolved uses our dns servers services.resolved = { #enable = true; # use teh above nameservers as the fallback dns fallbackDns = config.networking.nameservers; }; environment.systemPackages = [ # for flakes pkgs.git # useful tools pkgs.ncdu_2 pkgs.htop pkgs.nano pkgs.nmap pkgs.bind pkgs.zip pkgs.traceroute ]; }