32 lines
672 B
Nix
32 lines
672 B
Nix
{ pkgs, ... }:
|
|
{
|
|
# system
|
|
boot = {
|
|
isContainer = true;
|
|
tmpOnTmpfs = true;
|
|
};
|
|
nix = {
|
|
extraOptions = "experimental-features = nix-command flakes";
|
|
package = pkgs.nixUnstable;
|
|
};
|
|
system.stateVersion = "21.11";
|
|
|
|
# network
|
|
networking.useDHCP = false;
|
|
systemd.network.enable = false;
|
|
services.resolved.enable = false;
|
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
|
services.openssh = {
|
|
startWhenNeeded = true;
|
|
permitRootLogin = "prohibit-password";
|
|
};
|
|
users.users.root.openssh.authorizedKeys.keyFiles = [
|
|
../astro.pub
|
|
];
|
|
|
|
environment.noXlibs = false;
|
|
environment.systemPackages = with pkgs; [
|
|
git tcpdump
|
|
];
|
|
}
|