73 lines
1.6 KiB
Nix
73 lines
1.6 KiB
Nix
{ pkgs, modulesPath, ... }:
|
|
|
|
{
|
|
imports = [
|
|
(modulesPath + "/virtualisation/proxmox-lxc.nix")
|
|
];
|
|
|
|
# flakes are essensial
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
system.stateVersion = "22.11";
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
permitRootLogin = "prohibit-password";
|
|
};
|
|
|
|
users.users.root = {
|
|
initialHashedPassword = "";
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
# no obligation to have name attached to keys
|
|
|
|
# Root account
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin"
|
|
|
|
# Brendan Golden
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb"
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer"
|
|
];
|
|
};
|
|
|
|
security.sudo.extraRules = [
|
|
# admin group has sudo access
|
|
{ groups = [ "skynet-admins" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; }
|
|
];
|
|
|
|
networking = {
|
|
# every sever needs to be accessable over ssh for admin use at least
|
|
firewall.allowedTCPPorts = [22];
|
|
|
|
# explisitly stating this is good
|
|
defaultGateway = "193.1.99.65";
|
|
|
|
# cannot use our own it seems?
|
|
nameservers = [
|
|
# ns1
|
|
"193.1.99.120"
|
|
# ns2
|
|
#"193.1.99.109"
|
|
|
|
# Cloudflare
|
|
#"1.1.1.1"
|
|
# Google
|
|
#"8.8.8.8"
|
|
# Quad9
|
|
#"9.9.9.9"
|
|
];
|
|
};
|
|
|
|
|
|
environment.systemPackages = [
|
|
# for flakes
|
|
pkgs.git
|
|
# useful tools
|
|
pkgs.ncdu_2
|
|
pkgs.htop
|
|
pkgs.nano
|
|
pkgs.nmap
|
|
pkgs.bind
|
|
];
|
|
}
|