mirror of
https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git
synced 2026-02-04 09:10:01 +01:00
93cf6f4a63
sshguard doesn't actually work as it currently stands, also the builtin PerSourcePenalty functionality in SSH is more aggressive than sshguard is able to catch anyway. It might've been reasonable if we were using it for anything other than SSH, but it doesn't seem like we are.
52 lines
1.3 KiB
Nix
52 lines
1.3 KiB
Nix
{ fp, pkgs, values, ... }:
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
|
|
(fp /base)
|
|
./services/nginx
|
|
|
|
./services/calendar-bot.nix
|
|
#./services/git-mirrors
|
|
./services/minecraft-heatmap.nix
|
|
./services/mysql.nix
|
|
./services/postgres.nix
|
|
|
|
./services/matrix
|
|
];
|
|
|
|
sops.defaultSopsFile = fp /secrets/bicep/bicep.yaml;
|
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
|
sops.age.generateKey = true;
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
networking.hostName = "bicep";
|
|
|
|
#systemd.network.networks."30-enp6s0f0" = values.defaultNetworkConfig // {
|
|
systemd.network.networks."30-ens18" = values.defaultNetworkConfig // {
|
|
#matchConfig.Name = "enp6s0f0";
|
|
matchConfig.Name = "ens18";
|
|
address = with values.hosts.bicep; [ (ipv4 + "/25") (ipv6 + "/64") ]
|
|
++ (with values.services.turn; [ (ipv4 + "/25") (ipv6 + "/64") ]);
|
|
};
|
|
systemd.network.wait-online = {
|
|
anyInterface = true;
|
|
};
|
|
|
|
# There are no smart devices
|
|
services.smartd.enable = false;
|
|
|
|
# we are a vm now
|
|
services.qemuGuest.enable = true;
|
|
|
|
# Enable the OpenSSH daemon.
|
|
services.openssh.enable = true;
|
|
|
|
# Do not change, even during upgrades.
|
|
# See https://search.nixos.org/options?show=system.stateVersion
|
|
system.stateVersion = "22.11";
|
|
}
|