2021-04-07 14:03:52 -07:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
2021-04-18 23:24:01 -07:00
|
|
|
let
|
2021-07-25 22:45:36 -07:00
|
|
|
state-dir = "/state"; # This must be a string!
|
2021-04-18 23:24:01 -07:00
|
|
|
|
2022-03-16 09:49:35 -07:00
|
|
|
generate-mac = pkgs.lib.network.generate-mac-address;
|
|
|
|
|
|
2021-04-18 23:24:01 -07:00
|
|
|
in {
|
2021-09-22 18:43:23 -07:00
|
|
|
boot = {
|
|
|
|
|
loader.grub.copyKernels = true;
|
2022-08-22 11:30:18 -07:00
|
|
|
#kernelModules = [ "rpcsec_gss_krb5" ];
|
2021-09-22 18:43:23 -07:00
|
|
|
};
|
2021-07-20 18:28:12 -07:00
|
|
|
|
2021-04-07 14:03:52 -07:00
|
|
|
networking = {
|
|
|
|
|
interfaces = {
|
|
|
|
|
enp3s0f0.useDHCP = false;
|
|
|
|
|
enp3s0f1.useDHCP = false;
|
|
|
|
|
enp4s0f0.useDHCP = false;
|
|
|
|
|
enp4s0f1.useDHCP = false;
|
|
|
|
|
|
2021-07-20 18:28:12 -07:00
|
|
|
intif0.useDHCP = true;
|
2021-04-07 14:03:52 -07:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2021-07-16 12:57:36 -07:00
|
|
|
systemd.tmpfiles.rules = [
|
2021-08-04 12:37:55 -07:00
|
|
|
"L /root/.gnupg - - - - ${state-dir}/user/root/gnupg"
|
|
|
|
|
"L /root/.ssh/id_rsa - - - - ${state-dir}/user/root/ssh/id_rsa"
|
|
|
|
|
"L /root/.ssh/id_rsa.pub - - - - ${state-dir}/user/root/ssh/id_rsa.pub"
|
2021-07-20 18:39:07 -07:00
|
|
|
"L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts"
|
2021-07-26 12:09:47 -07:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
services.openssh.hostKeys = [
|
|
|
|
|
{
|
|
|
|
|
path = "${state-dir}/ssh/ssh_host_rsa_key";
|
|
|
|
|
type = "rsa";
|
|
|
|
|
bits = 4096;
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
path = "${state-dir}/ssh/ssh_host_ed25519_key";
|
|
|
|
|
type = "ed25519";
|
|
|
|
|
bits = 4096;
|
|
|
|
|
}
|
2021-07-16 12:57:36 -07:00
|
|
|
];
|
|
|
|
|
|
2021-07-20 18:28:12 -07:00
|
|
|
environment.etc = {
|
|
|
|
|
"ssh/ssh_host_rsa_key" = {
|
|
|
|
|
source = "${state-dir}/ssh/ssh_host_rsa_key";
|
|
|
|
|
user = "root";
|
|
|
|
|
group = "root";
|
|
|
|
|
mode = "0400";
|
|
|
|
|
};
|
|
|
|
|
"ssh/ssh_host_rsa_key.pub" = {
|
|
|
|
|
source = "${state-dir}/ssh/ssh_host_rsa_key.pub";
|
|
|
|
|
user = "root";
|
|
|
|
|
group = "root";
|
|
|
|
|
mode = "0444";
|
|
|
|
|
};
|
|
|
|
|
"ssh/ssh_host_ed25519_key" = {
|
|
|
|
|
source = "${state-dir}/ssh/ssh_host_ed25519_key";
|
|
|
|
|
user = "root";
|
|
|
|
|
group = "root";
|
|
|
|
|
mode = "0400";
|
|
|
|
|
};
|
|
|
|
|
"ssh/ssh_host_ed25519_key.pub" = {
|
|
|
|
|
source = "${state-dir}/ssh/ssh_host_ed25519_key.pub";
|
|
|
|
|
user = "root";
|
|
|
|
|
group = "root";
|
|
|
|
|
mode = "0444";
|
|
|
|
|
};
|
2021-07-26 12:09:47 -07:00
|
|
|
nixos.source = "/etc/nixos-live";
|
|
|
|
|
adjtime.source = "/state/host/adjtime";
|
|
|
|
|
NIXOS.source = "/state/host/NIXOS";
|
2021-07-20 18:28:12 -07:00
|
|
|
};
|
|
|
|
|
|
2021-07-16 12:57:36 -07:00
|
|
|
security.sudo.extraConfig = ''
|
|
|
|
|
# Due to rollback, sudo will lecture after every reboot
|
|
|
|
|
Defaults lecture = never
|
|
|
|
|
'';
|
2022-10-23 13:36:31 -07:00
|
|
|
|
|
|
|
|
fudo = {
|
|
|
|
|
secrets = {
|
|
|
|
|
secret-group = "fudo-secrets";
|
|
|
|
|
secret-users = [ "niten" ];
|
|
|
|
|
secret-paths = [ "/state/secrets" ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
minecraft-clj = {
|
|
|
|
|
enable = true;
|
|
|
|
|
state-directory = "/state/services/minecraft-clj";
|
|
|
|
|
admins = [ "fudoniten" ];
|
|
|
|
|
worlds = { REPLand = { allocated-memory = 16; }; };
|
|
|
|
|
};
|
|
|
|
|
};
|
2021-04-07 14:03:52 -07:00
|
|
|
}
|
