forked from Fediversity/Fediversity
63 lines
1.3 KiB
Nix
63 lines
1.3 KiB
Nix
{ config, lib, ... }:
|
|
|
|
let
|
|
inherit (lib) mkDefault;
|
|
|
|
in
|
|
{
|
|
config = {
|
|
services.openssh = {
|
|
enable = true;
|
|
settings.PasswordAuthentication = false;
|
|
};
|
|
|
|
networking = {
|
|
hostName = config.procolixVm.name;
|
|
domain = config.procolixVm.domain;
|
|
|
|
## REVIEW: Do we actually need that, considering that we have static IPs?
|
|
useDHCP = mkDefault true;
|
|
|
|
interfaces = {
|
|
eth0 = {
|
|
ipv4 = {
|
|
addresses = [
|
|
{
|
|
inherit (config.procolixVm.ipv4) address prefixLength;
|
|
}
|
|
];
|
|
};
|
|
ipv6 = {
|
|
addresses = [
|
|
{
|
|
inherit (config.procolixVm.ipv6) address prefixLength;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
defaultGateway = {
|
|
address = config.procolixVm.ipv4.gateway;
|
|
interface = "eth0";
|
|
};
|
|
defaultGateway6 = {
|
|
address = config.procolixVm.ipv6.gateway;
|
|
interface = "eth0";
|
|
};
|
|
|
|
nameservers = [
|
|
"95.215.185.6"
|
|
"95.215.185.7"
|
|
"2a00:51c0::5fd7:b906"
|
|
"2a00:51c0::5fd7:b907"
|
|
];
|
|
|
|
firewall.enable = false;
|
|
nftables = {
|
|
enable = true;
|
|
rulesetFile = ./nftables-ruleset.nft;
|
|
};
|
|
};
|
|
};
|
|
}
|