73 lines
1.4 KiB
Nix
73 lines
1.4 KiB
Nix
{pkgs, ...}: {
|
|
nix.settings.experimental-features = ["nix-command" "flakes"];
|
|
|
|
networking = {
|
|
useNetworkd = false;
|
|
networkmanager.enable = false;
|
|
useDHCP = false;
|
|
|
|
nftables.enable = true;
|
|
|
|
firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [
|
|
2222
|
|
];
|
|
allowedUDPPorts = [];
|
|
};
|
|
};
|
|
|
|
services = {
|
|
openssh = {
|
|
enable = true;
|
|
|
|
ports = [2222];
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
PermitRootLogin = "no";
|
|
AllowUsers = ["foxora"];
|
|
UseDns = false; # enables rDNS lookup
|
|
X11Forwarding = false;
|
|
};
|
|
};
|
|
};
|
|
|
|
virtualisation.containers.enable = true;
|
|
virtualisation = {
|
|
podman = {
|
|
enable = true;
|
|
defaultNetwork.settings.dns_enabled = true;
|
|
};
|
|
};
|
|
|
|
users.users.foxora = {
|
|
isNormalUser = true;
|
|
extraGroups = ["wheel"];
|
|
|
|
packages = with pkgs; [
|
|
tree
|
|
];
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVzP3nOFprtX2Gpeq0myQXC0kifNCLmpVaxjELfRFlQ aurora@nixarawrui"
|
|
];
|
|
};
|
|
|
|
# ensures that the mount for "/home/foxora" has the correct permissions
|
|
systemd.tmpfiles.rules = [
|
|
"d /home/foxora 0700 foxora users -"
|
|
];
|
|
|
|
environment = {
|
|
systemPackages = with pkgs; [
|
|
neovim
|
|
wget
|
|
];
|
|
|
|
variables = {
|
|
EDITOR = "nvim";
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "25.11";
|
|
}
|