1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
{ nodes, config, lib, pkgs, ... }:
{
deployment.buildOnTarget = false;
#this enables the following services: dns
deployment.tags = [ "dnsServer" ];
documentation.nixos.enable = false;
imports = [
./hardware-configuration.nix
];
dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = (pkgs.dns.lib.combinators.host config.networking.primaryIP4 config.networking.primaryIP);
boot = {
# Use the systemd-boot EFI boot loader.
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
initrd.network = {
enable = true;
ssh = {
enable = true;
port = 22;
hostKeys = [ /etc/ssh/ssh_host_rsa_key ];
authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
};
postCommands = ''
ip link set dev ens3 up
ip addr add ${config.networking.primaryIP}/128 dev ens3
ip route add default via fe80::1 dev ens3 onlink
ip addr add ${config.networking.primaryIP4}/22 dev ens3
ip route add default via 89.58.40.1 dev ens3 onlink
echo 'cryptsetup-askpass' >> /root/.profile
'';
};
};
networking = {
primaryIP = "2a03:4000:66:f61::1";
primaryIP4 = "89.58.41.187";
resolvconf.enable = false;
nameservers = [ "8.8.8.8" "1.1.1.1" ];
defaultGateway = {
interface = "ens3";
address = "89.58.40.1";
};
defaultGateway6 = {
interface = "ens3";
address = "fe80::1";
};
interfaces.ens3 = {
ipv4.addresses = [{
address = config.networking.primaryIP4;
prefixLength = 24;
}];
ipv6.addresses = [{
address = config.networking.primaryIP;
prefixLength = 64;
}];
};
};
ctucxConfig.programs = {
gpg.enable = false;
ssh.enable = false;
git.enable = false;
};
system.stateVersion = "23.05";
home-manager.users.leah.home.stateVersion = "23.05";
}