felixalb/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

felixalbpc: Configure openstackclient, keymapp, keyring, ssh-agent

Browse Source
This commit is contained in:
Felix Albrigtsen
2024-11-05 13:20:59 +01:00
parent 9fe5f0aae7
commit 157c54ae65
4 changed files with 50 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
hosts/felixalbpc/configuration.nix
View File

@@ -21,6 +21,26 @@
nameservers = [ "129.241.0.200" "129.241.0.201" "2001:700:300::200" "2001:700:300::201" ];
domain = "it.ntnu.no";
hostId = "f458d6aa";
# Allow SSH from IT and SSH gateways
firewall.extraCommands = ''
# IT VPN
iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.117.0/24 -j nixos-fw-accept
ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:301:12::/63 -j nixos-fw-accept
# SSHGW
iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.160.72/32 -j nixos-fw-accept
ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:300:6::72/128 -j nixos-fw-accept
# SSHGW
iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.210.217/32 -j nixos-fw-accept
ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:300:1900::1:217/128 -j nixos-fw-accept
'';
firewall.extraStopCommands = ''
iptables -F nixos-fw
ip6tables -F nixos-fw
'';
};
console.keyMap = "no";
@@ -28,14 +48,19 @@
nixpkgs.config = {
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"copilot.vim"
"keymapp"
];
};
services.openssh.openFirewall = false;
users.users.felixalb = {
uid = 1328256;
openssh.authorizedKeys.keys = [ ];
};
hardware.keyboard.zsa.enable = true;
system.stateVersion = "24.05";
}