diff options
-rw-r--r-- | cloudkrebs.nix | 62 | ||||
-rw-r--r-- | modules/lass/networking-cloudkrebs.nix | 14 | ||||
-rw-r--r-- | modules/lass/retiolum-cloudkrebs.nix | 21 |
3 files changed, 97 insertions, 0 deletions
diff --git a/cloudkrebs.nix b/cloudkrebs.nix new file mode 100644 index 000000000..6df0ee4f9 --- /dev/null +++ b/cloudkrebs.nix @@ -0,0 +1,62 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ./modules/tv/base-cac-CentOS-7-64bit.nix + ./modules/lass/retiolum-cloudkrebs.nix + ./modules/lass/networking-cloudkrebs.nix + ]; + + nix.maxJobs = 1; + + #activationScripts + #split up and move into base + + #TODO move into modules + users.extraUsers = { + #main user + root = { + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors" + ]; + hashedPassword = "$6$3CFU7MPj$qr1cn6p2kvZRdt1pueBLC1WLzV7KPbk8Qi11Wq8l2sVT0JFMf8BOULJOx8xS1KXqZHnUW1p7VN3dZ1VUepQGj."; + }; + lass = { + uid = 1337; + name = "lass"; + #isNormalUser = true; + group = "users"; + createHome = true; + home = "/home/lass"; + useDefaultShell = true; + isSystemUser = false; + description = "lassulus"; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors" + ]; + hashedPassword = "$6$3CFU7MPj$qr1cn6p2kvZRdt1pueBLC1WLzV7KPbk8Qi11Wq8l2sVT0JFMf8BOULJOx8xS1KXqZHnUW1p7VN3dZ1VUepQGj."; + }; + }; + + environment.systemPackages = with pkgs; [ + ]; + + services.openssh = { + enable = true; + hostKeys = [ + # XXX bits here make no science + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + permitRootLogin = "yes"; + }; + + networking.firewall = { + enable = true; + + allowedTCPPorts = [ + 22 + ]; + }; + +} diff --git a/modules/lass/networking-cloudkrebs.nix b/modules/lass/networking-cloudkrebs.nix new file mode 100644 index 000000000..7982da007 --- /dev/null +++ b/modules/lass/networking-cloudkrebs.nix @@ -0,0 +1,14 @@ +{...}: +{ + networking.hostName = "cloudkrebs"; + networking.interfaces.enp2s1.ip4 = [ + { + address = "104.167.112.39"; + prefixLength = 24; + } + ]; + networking.defaultGateway = "104.167.112.1"; + networking.nameservers = [ + "8.8.8.8" + ]; +} diff --git a/modules/lass/retiolum-cloudkrebs.nix b/modules/lass/retiolum-cloudkrebs.nix new file mode 100644 index 000000000..445907fad --- /dev/null +++ b/modules/lass/retiolum-cloudkrebs.nix @@ -0,0 +1,21 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ./retiolum.nix + ]; + + services.retiolum = { + enable = true; + hosts = ../hosts; + privateKeyFile = "/etc/nixos/secrets/cloudkrebs.retiolum.rsa_key.priv"; + connectTo = [ + "fastpoke" + "gum" + "ire" + ]; + }; + + networking.firewall.allowedTCPPorts = [ 655 ]; + networking.firewall.allowedUDPPorts = [ 655 ]; +} |