nixos-config/hosts/felixalbpc/configuration.nix

73 lines
1.8 KiB
Nix
Raw Normal View History

{ config, pkgs, lib, ... }:
{
imports =
[
../../base.nix
./hardware-configuration.nix
./desktop
];
networking = {
interfaces.eno1 = {
useDHCP = true;
ipv6.addresses = [
{ address = "2001:700:300:22::15"; prefixLength = 64; }
];
};
tempAddresses = "disabled";
hostName = "felixalbpc";
nameservers = [ "129.241.0.200" "129.241.0.201" "2001:700:300::200" "2001:700:300::201" ];
domain = "it.ntnu.no";
hostId = "f458d6aa";
2024-12-11 10:37:52 +01:00
search = [
"it.ntnu.no"
"ntnu.no"
];
# Allow SSH from IT and SSH gateways
firewall.extraCommands = ''
# IT VPN
iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.117.0/24 -j nixos-fw-accept
ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:301:12::/63 -j nixos-fw-accept
# SSHGW
iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.160.72/32 -j nixos-fw-accept
ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:300:6::72/128 -j nixos-fw-accept
# SSHGW
iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.210.217/32 -j nixos-fw-accept
ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:300:1900::1:217/128 -j nixos-fw-accept
'';
firewall.extraStopCommands = ''
iptables -F nixos-fw
ip6tables -F nixos-fw
'';
};
console.keyMap = "no";
nixpkgs.config = {
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"copilot.vim"
"keymapp"
2024-12-01 12:41:41 +01:00
"tlclient"
];
};
services.openssh.openFirewall = false;
users.users.felixalb = {
uid = 1328256;
openssh.authorizedKeys.keys = [ ];
};
hardware.keyboard.zsa.enable = true;
system.stateVersion = "24.05";
}