{ config, lib, pkgs, ... }: let state-dir = "/state"; # This must be a string! generate-mac = pkgs.lib.network.generate-mac-address; in { boot = { loader.grub.copyKernels = true; #kernelModules = [ "rpcsec_gss_krb5" ]; }; networking = { interfaces = { enp3s0f0.useDHCP = false; enp3s0f1.useDHCP = false; enp4s0f0.useDHCP = false; enp4s0f1.useDHCP = false; intif0.useDHCP = true; }; }; systemd.tmpfiles.rules = [ "L /root/.gnupg - - - - ${state-dir}/user/root/gnupg" "L /root/.ssh/id_rsa - - - - ${state-dir}/user/root/ssh/id_rsa" "L /root/.ssh/id_rsa.pub - - - - ${state-dir}/user/root/ssh/id_rsa.pub" "L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts" ]; services.openssh.hostKeys = [ { path = "${state-dir}/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; } { path = "${state-dir}/ssh/ssh_host_ed25519_key"; type = "ed25519"; bits = 4096; } ]; environment.etc = { "ssh/ssh_host_rsa_key" = { source = "${state-dir}/ssh/ssh_host_rsa_key"; user = "root"; group = "root"; mode = "0400"; }; "ssh/ssh_host_rsa_key.pub" = { source = "${state-dir}/ssh/ssh_host_rsa_key.pub"; user = "root"; group = "root"; mode = "0444"; }; "ssh/ssh_host_ed25519_key" = { source = "${state-dir}/ssh/ssh_host_ed25519_key"; user = "root"; group = "root"; mode = "0400"; }; "ssh/ssh_host_ed25519_key.pub" = { source = "${state-dir}/ssh/ssh_host_ed25519_key.pub"; user = "root"; group = "root"; mode = "0444"; }; nixos.source = "/etc/nixos-live"; adjtime.source = "/state/host/adjtime"; NIXOS.source = "/state/host/NIXOS"; }; security.sudo.extraConfig = '' # Due to rollback, sudo will lecture after every reboot Defaults lecture = never ''; fudo = { secrets = { secret-group = "fudo-secrets"; secret-users = [ "niten" ]; secret-paths = [ "/state/secrets" ]; }; minecraft-clj = { enable = true; state-directory = "/state/services/minecraft-clj"; admins = [ "fudoniten" ]; worlds = { REPLand = { allocated-memory = 16; }; }; }; }; }