fooker
/
ldap-linuxlab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
55 KiB
Branch: main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
ldap-linuxlab/system.nix

99 lines
3.1 KiB
Raw Permalink Normal View History

Initial
2 months ago
Add admin
2 months ago
Initial
2 months ago
Enables SNMP agent
2 months ago
Initial
2 months ago
  1. { pkgs, config, inputs, ...}:
  3. {
  4. time.timeZone = "Europe/Berlin";
  5. console.keyMap = "de";
  7. nix.nixPath = [
  8. "nixpkgs=${inputs.nixpkgs}"
  9. ];
  11. users.mutableUsers = false;
  13. users.users."root" = {
  14. hashedPasswordFile = config.sops.secrets."root/password".path;
  16. openssh.authorizedKeys.keys = [
  17. "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2nkarN0+uSuP5sGwDCb9KRu+FCjO/+da4VypGanPUZ fooker@k-2so"
  18. "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyA8xe6Ej6DpzYSFlyhf3P3QIE1spZAETSa3G/zJ4BjXxO0S4jKsA+Qah6mua2ZIWiRXF6o9JCYsdFKndn1uAzRrHwUk9LCspiI3bsl+EwrBhUbWYnMj2Atp9vMB1SJ6i6RKvDg1YZuvxi4H23MYs3B5a3TBRTlveBxGtZ8Q/YtVDwdW/v1WNAxYe2bz/LFxPNPry6REdGXCuA4cz5s/+ilhRvFQKHbJwC+/SxJIcTY6RAvOFh9wfus2NF0FaEPkwwLLDwxaMOaALwmzGmiBIi/XF3qnSYyPScmEwuq03jmM8qPhJHUHEaxp/cLkjqDWtu+SziEBJ3fu/y/A+vqBS9w== christianpape"
  19. "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyv3iq+CbKCFCVqQuvSZ4A9fcmCUgm3edS56mfboIEYALrygcoL7gCo5nsrSqvNhUnRE//VCBenIlG+5nUP6vm1H9tg6g+uBVwrJduiueXUOhl/TNRxj6+mB0lg3a9mVGdnbY7lw1xg8pgcuaDKBDM0LyFa0alpsfwnUaVidvHnue0XVd0MRI75KAILg8W1y2vyxxacjlogAJwEFLFUUZm8BSDSGioCw48+HOQvyi9CpkxJeu689yIvFSX2KIDj1YXwK9C1qqcHZnMyvylgkmE+Uz8hWLGcODHP1ZuYJwgEdfTM4zGZAPyFYnFBQ59ccNRTZk8JcfeI6P5M12MfeJaAW4ucutQO77HJgbrfAn8xXgqOcQIboVJ3fM2fUIHZ5i9A1n0R32sJbkWkH9qKW9B+d4SxyHAEvh6m+xwM7GjAPsKtTu9+8JJjVDRnh7PjRGPvoAvc6TArM8Q7fjC9XsNMvc8Cx+opDyJNgOQC13goACDjTqHvvX5wLY5MDKQwN8= gepperth@robolab8"
  20. ];
  22. packages = with pkgs; [
  23. vim
  24. wget
  25. curl
  26. tmux
  27. fd
  28. ripgrep
  29. htop
  30. iotop
  31. iftop
  32. file
  33. ];
  34. };
  36. # system.autoUpgrade = {
  37. # enable = true;
  38. #
  39. # flake = inputs.self.outPath;
  40. # flags = [
  41. # "--update-input" "nixpkgs"
  42. # ];
  43. #
  44. # dates = "02:00";
  45. # randomizedDelaySec = "45min";
  46. # };
  48. services.haveged.enable = true;
  50. services.openssh = {
  51. enable = true;
  52. settings.PermitRootLogin = "without-password";
  53. };
  55. services.snmpd = {
  56. enable = true;
  57. package = pkgs.net-snmp.overrideAttrs (old: {
  58. patches = old.patches ++ [
  59. (pkgs.fetchpatch {
  60. name = "modern-linux-compat.patch";
  61. url = "https://patch-diff.githubusercontent.com/raw/net-snmp/net-snmp/pull/785.patch";
  62. hash = "sha256-ZSF16RacrHddH50inHdmDYnu+fDS5eZd4PgK62s5C4g=";
  63. })
  64. ];
  65. });
  66. configText = ''
  67. rocommunity public 193.174.29.55/32
  68. rocommunity public 127.0.0.1/8
  69. rocommunity6 public ::1/64
  71. com2sec notConfigUser default public
  72. com2sec6 notConfigUser default public
  74. group notConfigGroup v1 notConfigUser
  75. group notConfigGroup v2c notConfigUser
  77. access notConfigGroup "" any noauth exact systemview none none
  78. view systemview included .1.3.6.1.2.1.1
  79. view systemview included .1.3.6.1.2.1.25.1.1
  81. dontLogTCPWrappersConnects yes
  82. '';
  83. };
  85. networking.firewall = {
  86. allowedTCPPorts = [
  87. 22 # SSH
  88. ];
  89. allowedUDPPorts = [
  90. 161 # SNMP
  91. ];
  92. };
  94. sops.secrets."root/password" = {
  95. sopsFile = ./secrets/root.yaml;
  96. neededForUsers = true;
  97. };
  98. }