{ pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; # flakes are essensial nix.settings.experimental-features = [ "nix-command" "flakes" ]; system.stateVersion = "22.11"; services.openssh = { enable = true; permitRootLogin = "prohibit-password"; }; users.users.root = { initialHashedPassword = ""; openssh.authorizedKeys.keys = [ # no obligation to have name attached to keys # Root account "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin" # Brendan Golden "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer" ]; }; security.sudo.extraRules = [ # admin group has sudo access { groups = [ "skynet-admins" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; } ]; networking = { # every sever needs to be accessable over ssh for admin use at least firewall.allowedTCPPorts = [22]; # explisitly stating this is good defaultGateway = "193.1.99.65"; # cannot use our own it seems? nameservers = [ # ns1 "193.1.99.120" # ns2 #"193.1.99.109" # Cloudflare #"1.1.1.1" # Google #"8.8.8.8" # Quad9 #"9.9.9.9" ]; }; environment.systemPackages = [ # for flakes pkgs.git # useful tools pkgs.ncdu_2 pkgs.htop pkgs.nano pkgs.nmap pkgs.bind pkgs.zip ]; }