1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
{
artautil,
config,
lib,
...
}: {
sops.defaultSopsFile = ../../../secrets/${config.networking.hostName}/secrets.yaml;
time.timeZone = "Europe/Helsinki";
# NOTE: There should ever only be a single network interface in my VMs.
# If this changes, consider taking this out and figuring another way
# to do this, e.g. defining the main interface in the base role or something.
networking.usePredictableInterfaceNames = false;
/*
networking.defaultGateway = {
address = "10.1.1.1";
interface = "eth0";
};
*/
networking.nameservers = ["10.1.2.3"];
/*
networking.interfaces."eth0".ipv4.addresses = [
{
address = artautil.getIPv4 "vm" config.networking.hostName;
prefixLength = 24;
}
];
*/
nix.settings.trusted-users = ["root"];
users.users.root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAlif3ABIk0YSx++A+sEeRYPNMMZWLcDuoTKhmcCL6K jonni@liljamo.com"
];
};
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = lib.mkForce false;
KbdInteractiveAuthentication = lib.mkForce false;
PermitRootLogin = lib.mkForce "prohibit-password";
};
};
services = {
journald.extraConfig = "SystemMaxUse=4G";
cron.systemCronJobs = [
"0 22 * * * root journalctl --vacuum-time=7d"
];
};
}