67 lines
1.7 KiB
Nix
67 lines
1.7 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
imports =
|
|
[
|
|
../../base.nix
|
|
./hardware-configuration.nix
|
|
./desktop
|
|
];
|
|
|
|
networking = {
|
|
interfaces.eno1 = {
|
|
useDHCP = true;
|
|
ipv6.addresses = [
|
|
{ address = "2001:700:300:22::15"; prefixLength = 64; }
|
|
];
|
|
};
|
|
|
|
tempAddresses = "disabled";
|
|
hostName = "felixalbpc";
|
|
nameservers = [ "129.241.0.200" "129.241.0.201" "2001:700:300::200" "2001:700:300::201" ];
|
|
domain = "it.ntnu.no";
|
|
hostId = "f458d6aa";
|
|
|
|
# Allow SSH from IT and SSH gateways
|
|
firewall.extraCommands = ''
|
|
# IT VPN
|
|
iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.117.0/24 -j nixos-fw-accept
|
|
ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:301:12::/63 -j nixos-fw-accept
|
|
|
|
# SSHGW
|
|
iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.160.72/32 -j nixos-fw-accept
|
|
ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:300:6::72/128 -j nixos-fw-accept
|
|
|
|
# SSHGW
|
|
iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.210.217/32 -j nixos-fw-accept
|
|
ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:300:1900::1:217/128 -j nixos-fw-accept
|
|
'';
|
|
|
|
firewall.extraStopCommands = ''
|
|
iptables -F nixos-fw
|
|
ip6tables -F nixos-fw
|
|
'';
|
|
};
|
|
|
|
console.keyMap = "no";
|
|
|
|
nixpkgs.config = {
|
|
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
|
|
"copilot.vim"
|
|
"keymapp"
|
|
];
|
|
};
|
|
|
|
services.openssh.openFirewall = false;
|
|
|
|
users.users.felixalb = {
|
|
uid = 1328256;
|
|
openssh.authorizedKeys.keys = [ ];
|
|
};
|
|
|
|
hardware.keyboard.zsa.enable = true;
|
|
|
|
system.stateVersion = "24.05";
|
|
}
|
|
|