forked from Fediversity/Fediversity
74 lines
1.4 KiB
Nix
74 lines
1.4 KiB
Nix
{ config, lib, ... }:
|
|
|
|
let
|
|
inherit (lib) mkOption mkDefault;
|
|
|
|
in
|
|
{
|
|
options = {
|
|
procolix.vm = {
|
|
name = mkOption { };
|
|
ip4 = mkOption { };
|
|
ip6 = mkOption { };
|
|
};
|
|
};
|
|
|
|
config = {
|
|
services.openssh = {
|
|
enable = true;
|
|
settings.PasswordAuthentication = false;
|
|
};
|
|
|
|
networking = {
|
|
hostName = config.procolix.vm.name;
|
|
domain = "procolix.com";
|
|
|
|
## REVIEW: Do we actually need that, considering that we have static IPs?
|
|
useDHCP = mkDefault true;
|
|
|
|
interfaces = {
|
|
eth0 = {
|
|
ipv4 = {
|
|
addresses = [
|
|
{
|
|
address = config.procolix.vm.ip4;
|
|
prefixLength = 24;
|
|
}
|
|
];
|
|
};
|
|
ipv6 = {
|
|
addresses = [
|
|
{
|
|
address = config.procolix.vm.ip6;
|
|
prefixLength = 64;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
defaultGateway = {
|
|
address = "185.206.232.1";
|
|
interface = "eth0";
|
|
};
|
|
defaultGateway6 = {
|
|
address = "2a00:51c0:12:1201::1";
|
|
interface = "eth0";
|
|
};
|
|
|
|
nameservers = [
|
|
"95.215.185.6"
|
|
"95.215.185.7"
|
|
"2a00:51c0::5fd7:b906"
|
|
"2a00:51c0::5fd7:b907"
|
|
];
|
|
|
|
firewall.enable = false;
|
|
nftables = {
|
|
enable = true;
|
|
rulesetFile = ./nftables-ruleset.nft;
|
|
};
|
|
};
|
|
};
|
|
}
|