79 lines
1.8 KiB
Nix
79 lines
1.8 KiB
Nix
{ lib, pkgs, ... }:
|
|
{
|
|
|
|
nix.settings = {
|
|
experimental-features = lib.mkDefault "nix-command flakes";
|
|
trusted-users = [ "root" "@wheel" ];
|
|
};
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
boot.tmp.useTmpfs = true;
|
|
|
|
virtualisation.docker.enable = true;
|
|
|
|
programs.bash.shellInit = ''
|
|
cd /root/host
|
|
export HISTFILE=$HOME/host/bash_history
|
|
export HISTSIZE=10000
|
|
'';
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
vim
|
|
wget
|
|
|
|
# required for ppc wiki publish.sh
|
|
git
|
|
rsync
|
|
nodejs
|
|
];
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAgNB1nsKZ5KXnmR6KWjQLfwhFKDispw24o8M7g/nbR me@bitwarden"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/mCDzCBE2J1jGnEhhtttIRMKkXMi1pKCAEkxu+FAim me@main"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGw5kYmBQl8oolNg2VUlptvvSrFSESfeuWpsXRovny0x me@phone"
|
|
];
|
|
services.openssh = {
|
|
enable = true;
|
|
# require public key authentication for better security
|
|
settings.PasswordAuthentication = false;
|
|
settings.KbdInteractiveAuthentication = false;
|
|
settings.PermitRootLogin = "yes";
|
|
|
|
settings.X11Forwarding = true;
|
|
|
|
extraConfig = ''
|
|
X11UseLocalhost no
|
|
'';
|
|
};
|
|
|
|
/*
|
|
system.activationScripts.addDefaultRoute = {
|
|
text = ''
|
|
ip route add default via dev eth0
|
|
'';
|
|
};
|
|
*/
|
|
|
|
networking = {
|
|
defaultGateway = "192.168.1.4";
|
|
# Use systemd-resolved inside the container
|
|
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
|
|
useHostResolvConf = lib.mkForce false;
|
|
#useNetworkd = true;
|
|
/*
|
|
interfaces.eth0.ipv4.routes = [
|
|
{
|
|
via = "192.168.101.1";
|
|
address = "default";
|
|
prefixLength = 24;
|
|
}
|
|
];
|
|
*/
|
|
};
|
|
services.resolved.enable = true;
|
|
networking.firewall.enable = false;
|
|
#systemd.network.enable = true;
|
|
|
|
system.stateVersion = "24.11";
|
|
}
|