You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
99 lines
3.1 KiB
99 lines
3.1 KiB
{ pkgs, config, inputs, ...}:
|
|
|
|
{
|
|
time.timeZone = "Europe/Berlin";
|
|
console.keyMap = "de";
|
|
|
|
nix.nixPath = [
|
|
"nixpkgs=${inputs.nixpkgs}"
|
|
];
|
|
|
|
users.mutableUsers = false;
|
|
|
|
users.users."root" = {
|
|
hashedPasswordFile = config.sops.secrets."root/password".path;
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2nkarN0+uSuP5sGwDCb9KRu+FCjO/+da4VypGanPUZ fooker@k-2so"
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyA8xe6Ej6DpzYSFlyhf3P3QIE1spZAETSa3G/zJ4BjXxO0S4jKsA+Qah6mua2ZIWiRXF6o9JCYsdFKndn1uAzRrHwUk9LCspiI3bsl+EwrBhUbWYnMj2Atp9vMB1SJ6i6RKvDg1YZuvxi4H23MYs3B5a3TBRTlveBxGtZ8Q/YtVDwdW/v1WNAxYe2bz/LFxPNPry6REdGXCuA4cz5s/+ilhRvFQKHbJwC+/SxJIcTY6RAvOFh9wfus2NF0FaEPkwwLLDwxaMOaALwmzGmiBIi/XF3qnSYyPScmEwuq03jmM8qPhJHUHEaxp/cLkjqDWtu+SziEBJ3fu/y/A+vqBS9w== christianpape"
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyv3iq+CbKCFCVqQuvSZ4A9fcmCUgm3edS56mfboIEYALrygcoL7gCo5nsrSqvNhUnRE//VCBenIlG+5nUP6vm1H9tg6g+uBVwrJduiueXUOhl/TNRxj6+mB0lg3a9mVGdnbY7lw1xg8pgcuaDKBDM0LyFa0alpsfwnUaVidvHnue0XVd0MRI75KAILg8W1y2vyxxacjlogAJwEFLFUUZm8BSDSGioCw48+HOQvyi9CpkxJeu689yIvFSX2KIDj1YXwK9C1qqcHZnMyvylgkmE+Uz8hWLGcODHP1ZuYJwgEdfTM4zGZAPyFYnFBQ59ccNRTZk8JcfeI6P5M12MfeJaAW4ucutQO77HJgbrfAn8xXgqOcQIboVJ3fM2fUIHZ5i9A1n0R32sJbkWkH9qKW9B+d4SxyHAEvh6m+xwM7GjAPsKtTu9+8JJjVDRnh7PjRGPvoAvc6TArM8Q7fjC9XsNMvc8Cx+opDyJNgOQC13goACDjTqHvvX5wLY5MDKQwN8= gepperth@robolab8"
|
|
];
|
|
|
|
packages = with pkgs; [
|
|
vim
|
|
wget
|
|
curl
|
|
tmux
|
|
fd
|
|
ripgrep
|
|
htop
|
|
iotop
|
|
iftop
|
|
file
|
|
];
|
|
};
|
|
|
|
# system.autoUpgrade = {
|
|
# enable = true;
|
|
#
|
|
# flake = inputs.self.outPath;
|
|
# flags = [
|
|
# "--update-input" "nixpkgs"
|
|
# ];
|
|
#
|
|
# dates = "02:00";
|
|
# randomizedDelaySec = "45min";
|
|
# };
|
|
|
|
services.haveged.enable = true;
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
settings.PermitRootLogin = "without-password";
|
|
};
|
|
|
|
services.snmpd = {
|
|
enable = true;
|
|
package = pkgs.net-snmp.overrideAttrs (old: {
|
|
patches = old.patches ++ [
|
|
(pkgs.fetchpatch {
|
|
name = "modern-linux-compat.patch";
|
|
url = "https://patch-diff.githubusercontent.com/raw/net-snmp/net-snmp/pull/785.patch";
|
|
hash = "sha256-ZSF16RacrHddH50inHdmDYnu+fDS5eZd4PgK62s5C4g=";
|
|
})
|
|
];
|
|
});
|
|
configText = ''
|
|
rocommunity public 193.174.29.55/32
|
|
rocommunity public 127.0.0.1/8
|
|
rocommunity6 public ::1/64
|
|
|
|
com2sec notConfigUser default public
|
|
com2sec6 notConfigUser default public
|
|
|
|
group notConfigGroup v1 notConfigUser
|
|
group notConfigGroup v2c notConfigUser
|
|
|
|
access notConfigGroup "" any noauth exact systemview none none
|
|
view systemview included .1.3.6.1.2.1.1
|
|
view systemview included .1.3.6.1.2.1.25.1.1
|
|
|
|
dontLogTCPWrappersConnects yes
|
|
'';
|
|
};
|
|
|
|
networking.firewall = {
|
|
allowedTCPPorts = [
|
|
22 # SSH
|
|
];
|
|
allowedUDPPorts = [
|
|
161 # SNMP
|
|
];
|
|
};
|
|
|
|
sops.secrets."root/password" = {
|
|
sopsFile = ./secrets/root.yaml;
|
|
neededForUsers = true;
|
|
};
|
|
}
|
|
|