DEVELOPMENT ENVIRONMENT

~liljamo/nix-arta

ref: abc0bc75e9fa8f4a4e6ca42932ea63851fee84b4 nix-arta/systems/profiles/vm/vm.nix -rw-r--r-- 1.0 KiB
abc0bc75Jonni Liljamo feat(systems/profiles/vm): add vm profile 2 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
{
  artautil,
  config,
  lib,
  ...
}: {
  sops.defaultSopsFile = ../../../secrets/${config.networking.hostName}/secrets.yaml;

  time.timeZone = "Europe/Helsinki";

  networking.defaultGateway = {
    address = "10.1.2.1";
    interface = "eth0";
  };
  networking.nameservers = ["10.1.2.3"];
  networking.interfaces."eth0".ipv4.addresses = [
    {
      address = artautil.getIPv4 config.networking.hostName;
      prefixLength = 24;
    }
  ];

  nix.settings.trusted-users = ["root"];

  users.users.root = {
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAlif3ABIk0YSx++A+sEeRYPNMMZWLcDuoTKhmcCL6K jonni@liljamo.com"
    ];
  };

  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = lib.mkForce false;
      KbdInteractiveAuthentication = lib.mkForce false;
      PermitRootLogin = lib.mkForce "prohibit-password";
    };
  };

  services = {
    journald.extraConfig = "SystemMaxUse=4G";
    cron.systemCronJobs = [
      "0 22 * * * root journalctl --vacuum-time=7d"
    ];
  };
}