{ pkgs, lib, config, ... }: { pub-solar-os.networking.domain = "test.pub.solar"; security.acme.defaults.server = "https://ca.${config.pub-solar-os.networking.domain}/acme/acme/directory"; security.pki.certificates = [ (builtins.readFile ./step/certs/root_ca.crt) ]; services.openssh = { enable = true; openFirewall = true; settings = { PermitRootLogin = lib.mkForce "yes"; PermitEmptyPasswords = lib.mkForce "yes"; PasswordAuthentication = lib.mkForce true; }; }; security.pam.services.sshd.allowNullPassword = true; virtualisation.forwardPorts = let address = (builtins.elemAt config.networking.interfaces.eth0.ipv4.addresses 0).address; lastAddressPart = builtins.elemAt (lib.strings.splitString "." address) 3; in [ { from = "host"; host.port = 2000 + (lib.strings.toInt lastAddressPart); guest.port = 22; } ]; networking.interfaces.eth0.useDHCP = false; networking.hosts = { "192.168.1.1" = [ "ca.${config.pub-solar-os.networking.domain}" ]; "192.168.1.2" = [ "client.${config.pub-solar-os.networking.domain}" ]; "192.168.1.3" = [ "${config.pub-solar-os.networking.domain}" "www.${config.pub-solar-os.networking.domain}" "auth.${config.pub-solar-os.networking.domain}" ]; }; }