{
artautil,
config,
lib,
...
}: {
sops.defaultSopsFile = ../../../secrets/${config.networking.hostName}/secrets.yaml;
time.timeZone = "Europe/Helsinki";
networking.defaultGateway = {
address = "10.1.2.1";
interface = "eth0";
};
networking.nameservers = ["10.1.2.3"];
networking.interfaces."eth0".ipv4.addresses = [
{
address = artautil.getIPv4 config.networking.hostName;
prefixLength = 24;
}
];
nix.settings.trusted-users = ["root"];
users.users.root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAlif3ABIk0YSx++A+sEeRYPNMMZWLcDuoTKhmcCL6K jonni@liljamo.com"
];
};
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = lib.mkForce false;
KbdInteractiveAuthentication = lib.mkForce false;
PermitRootLogin = lib.mkForce "prohibit-password";
};
};
services = {
journald.extraConfig = "SystemMaxUse=4G";
cron.systemCronJobs = [
"0 22 * * * root journalctl --vacuum-time=7d"
];
};
}