forked from pub-solar/infra
teutat3s
701c62dd69
Co-authored-by: b12f <b12f@noreply.git.pub.solar> Co-authored-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
51 lines
1.3 KiB
Nix
51 lines
1.3 KiB
Nix
{
|
|
pkgs,
|
|
lib,
|
|
config,
|
|
...
|
|
}:
|
|
{
|
|
pub-solar-os.networking.domain = "test.pub.solar";
|
|
|
|
security.acme.defaults.server = "https://ca.${config.pub-solar-os.networking.domain}/acme/acme/directory";
|
|
|
|
security.pki.certificates = [ (builtins.readFile ./step/certs/root_ca.crt) ];
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
settings = {
|
|
PermitRootLogin = lib.mkForce "yes";
|
|
PermitEmptyPasswords = lib.mkForce "yes";
|
|
PasswordAuthentication = lib.mkForce true;
|
|
};
|
|
};
|
|
|
|
security.pam.services.sshd.allowNullPassword = true;
|
|
|
|
virtualisation.forwardPorts =
|
|
let
|
|
address = (builtins.elemAt config.networking.interfaces.eth0.ipv4.addresses 0).address;
|
|
lastAddressPart = builtins.elemAt (lib.strings.splitString "." address) 3;
|
|
in
|
|
[
|
|
{
|
|
from = "host";
|
|
host.port = 2000 + (lib.strings.toInt lastAddressPart);
|
|
guest.port = 22;
|
|
}
|
|
];
|
|
|
|
networking.interfaces.eth0.useDHCP = false;
|
|
|
|
networking.hosts = {
|
|
"192.168.1.1" = [ "ca.${config.pub-solar-os.networking.domain}" ];
|
|
"192.168.1.2" = [ "client.${config.pub-solar-os.networking.domain}" ];
|
|
"192.168.1.3" = [
|
|
"${config.pub-solar-os.networking.domain}"
|
|
"www.${config.pub-solar-os.networking.domain}"
|
|
"auth.${config.pub-solar-os.networking.domain}"
|
|
];
|
|
};
|
|
}
|