stockholm/old/modules/cloudkrebs/default.nix
2015-07-16 15:47:28 +02:00

72 lines
1.3 KiB
Nix

{ config, pkgs, ... }:
{
imports = [
../tv/base-cac-CentOS-7-64bit.nix
./retiolum.nix
./networking.nix
../../secrets/cloudkrebs-pw.nix
../lass/sshkeys.nix
../lass/base.nix
../common/nixpkgs.nix
];
nixpkgs = {
url = "https://github.com/Lassulus/nixpkgs";
rev = "b42ecfb8c61e514bf7733b4ab0982d3e7e27dacb";
};
nix.maxJobs = 1;
#tmpfiles Unknown group 'lock' workaround:
users.extraGroups = {
lock.gid = 10001;
};
#TODO move into modules
users.extraUsers = {
#main user
root = {
openssh.authorizedKeys.keys = [
config.sshKeys.lass.pub
];
};
mainUser = {
uid = 1337;
name = "lass";
#isNormalUser = true;
group = "users";
createHome = true;
home = "/home/lass";
useDefaultShell = true;
isSystemUser = false;
description = "lassulus";
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
config.sshKeys.lass.pub
];
};
};
environment.systemPackages = with pkgs; [
];
services.openssh = {
enable = true;
hostKeys = [
# XXX bits here make no science
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
permitRootLogin = "yes";
};
networking.firewall = {
enable = true;
allowedTCPPorts = [
22
];
};
}