forked from fediversity/fediversity
		
	
		
			
				
	
	
		
			63 lines
		
	
	
	
		
			1.3 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			63 lines
		
	
	
	
		
			1.3 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
| { config, lib, ... }:
 | |
| 
 | |
| let
 | |
|   inherit (lib) mkDefault;
 | |
| 
 | |
| in
 | |
| {
 | |
|   config = {
 | |
|     services.openssh = {
 | |
|       enable = true;
 | |
|       settings.PasswordAuthentication = false;
 | |
|     };
 | |
| 
 | |
|     networking = {
 | |
|       hostName = config.procolixVm.name;
 | |
|       domain = config.procolixVm.domain;
 | |
| 
 | |
|       ## REVIEW: Do we actually need that, considering that we have static IPs?
 | |
|       useDHCP = mkDefault true;
 | |
| 
 | |
|       interfaces = {
 | |
|         eth0 = {
 | |
|           ipv4 = {
 | |
|             addresses = [
 | |
|               {
 | |
|                 inherit (config.procolixVm.ipv4) address prefixLength;
 | |
|               }
 | |
|             ];
 | |
|           };
 | |
|           ipv6 = {
 | |
|             addresses = [
 | |
|               {
 | |
|                 inherit (config.procolixVm.ipv6) address prefixLength;
 | |
|               }
 | |
|             ];
 | |
|           };
 | |
|         };
 | |
|       };
 | |
| 
 | |
|       defaultGateway = {
 | |
|         address = config.procolixVm.ipv4.gateway;
 | |
|         interface = "eth0";
 | |
|       };
 | |
|       defaultGateway6 = {
 | |
|         address = config.procolixVm.ipv6.gateway;
 | |
|         interface = "eth0";
 | |
|       };
 | |
| 
 | |
|       nameservers = [
 | |
|         "95.215.185.6"
 | |
|         "95.215.185.7"
 | |
|         "2a00:51c0::5fd7:b906"
 | |
|         "2a00:51c0::5fd7:b907"
 | |
|       ];
 | |
| 
 | |
|       firewall.enable = false;
 | |
|       nftables = {
 | |
|         enable = true;
 | |
|         rulesetFile = ./nftables-ruleset.nft;
 | |
|       };
 | |
|     };
 | |
|   };
 | |
| }
 |