summaryrefslogtreecommitdiffstats
path: root/modules/cloudkrebs/default.nix
blob: 938447e0ec41955dccc89cddfd4ccdd586d80dd1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
{ config, pkgs, ... }:

{
  imports = [
    ../tv/base-cac-CentOS-7-64bit.nix
    ../lass/retiolum-cloudkrebs.nix
    ./networking.nix
    ../../secrets/cloudkrebs-pw.nix
    ../lass/sshkeys.nix
    ../lass/base.nix
    ../common/nixpkgs.nix
  ];

  nixpkgs = {
    url = "https://github.com/Lassulus/nixpkgs";
    rev = "b42ecfb8c61e514bf7733b4ab0982d3e7e27dacb";
  };

  nix.maxJobs = 1;

  #activationScripts
  #split up and move into base

  #TODO move into modules
  users.extraUsers = {
    #main user
    root = {
      openssh.authorizedKeys.keys = [
        config.sshKeys.lass.pub
      ];
    };
    mainUser = {
      uid = 1337;
      name = "lass";
      #isNormalUser = true;
      group = "users";
      createHome = true;
      home = "/home/lass";
      useDefaultShell = true;
      isSystemUser = false;
      description = "lassulus";
      extraGroups = [ "wheel" ];
      openssh.authorizedKeys.keys = [
        config.sshKeys.lass.pub
      ];
    };
  };

  environment.systemPackages = with pkgs; [
  ];

  services.openssh = {
    enable = true;
    hostKeys = [
      # XXX bits here make no science
      { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
    ];
    permitRootLogin = "yes";
  };

  networking.firewall = {
    enable = true;

    allowedTCPPorts = [
      22
    ];
  };

}