-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbase-system-configuration.nix
53 lines (48 loc) · 1.14 KB
/
base-system-configuration.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
{ pkgs, ... }:
{
# passwordless ssh server
services.openssh = {
enable = true;
permitRootLogin = "yes";
extraConfig = "PermitEmptyPasswords yes";
};
users = {
mutableUsers = false;
# build user
extraUsers."build" = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel" ];
password = "";
};
users.root.password = "";
};
security.sudo.wheelNeedsPassword = false;
nix.trustedUsers = [ "root" "build" ];
# builds.sr.ht-image-specific network settings
networking = {
hostName = "build";
dhcpcd.enable = false;
defaultGateway.address = "10.0.2.2";
usePredictableInterfaceNames = false; # so that we just get eth0 and not some weird id
interfaces."eth0".ipv4.addresses = [{
address = "10.0.2.15";
prefixLength = 25;
}];
enableIPv6 = false;
nameservers = [
# OpenNIC anycast
"185.121.177.177"
"169.239.202.202"
# Google as a fallback :(
"8.8.8.8"
];
firewall.allowedTCPPorts = [ 22 ]; # allow ssh
};
environment.systemPackages = with pkgs; [
#gitMinimal
#mercurial
#curl
#gnupg
];
}