1 files changed, 69 insertions, 0 deletions

diff --git a/old/modules/cloudkrebs/default.nix b/old/modules/cloudkrebs/default.nix
new file mode 100644
index 00000000..938447e0
--- /dev/null
+++ b/old/modules/cloudkrebs/default.nix
@@ -0,0 +1,69 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ../tv/base-cac-CentOS-7-64bit.nix
+    ../lass/retiolum-cloudkrebs.nix
+    ./networking.nix
+    ../../secrets/cloudkrebs-pw.nix
+    ../lass/sshkeys.nix
+    ../lass/base.nix
+    ../common/nixpkgs.nix
+  ];
+
+  nixpkgs = {
+    url = "https://github.com/Lassulus/nixpkgs";
+    rev = "b42ecfb8c61e514bf7733b4ab0982d3e7e27dacb";
+  };
+
+  nix.maxJobs = 1;
+
+  #activationScripts
+  #split up and move into base
+
+  #TODO move into modules
+  users.extraUsers = {
+    #main user
+    root = {
+      openssh.authorizedKeys.keys = [
+        config.sshKeys.lass.pub
+      ];
+    };
+    mainUser = {
+      uid = 1337;
+      name = "lass";
+      #isNormalUser = true;
+      group = "users";
+      createHome = true;
+      home = "/home/lass";
+      useDefaultShell = true;
+      isSystemUser = false;
+      description = "lassulus";
+      extraGroups = [ "wheel" ];
+      openssh.authorizedKeys.keys = [
+        config.sshKeys.lass.pub
+      ];
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+  ];
+
+  services.openssh = {
+    enable = true;
+    hostKeys = [
+      # XXX bits here make no science
+      { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+    ];
+    permitRootLogin = "yes";
+  };
+
+  networking.firewall = {
+    enable = true;
+
+    allowedTCPPorts = [
+      22
+    ];
+  };
+
+}