mirror of
https://gitlab.com/upRootNutrition/dotfiles.git
synced 2025-12-06 21:17:14 -06:00
75 lines
1.4 KiB
Nix
Executable file
75 lines
1.4 KiB
Nix
Executable file
{
|
|
flake,
|
|
...
|
|
}:
|
|
let
|
|
inherit (flake.config.machines.devices) eris;
|
|
in
|
|
{
|
|
microvm.host.enable = true;
|
|
systemd.network = {
|
|
enable = true;
|
|
netdevs."10-br-vms" = {
|
|
netdevConfig = {
|
|
Name = "br-vms";
|
|
Kind = "bridge";
|
|
};
|
|
};
|
|
networks = {
|
|
"20-enp3s0" = {
|
|
matchConfig.Name = "enp3s0";
|
|
networkConfig = {
|
|
Bridge = "br-vms";
|
|
};
|
|
};
|
|
"20-vm" = {
|
|
matchConfig.Name = "vm-*";
|
|
networkConfig = {
|
|
Bridge = "br-vms";
|
|
};
|
|
};
|
|
"30-br-vms" = {
|
|
matchConfig.Name = "br-vms";
|
|
networkConfig = {
|
|
Address = "192.168.50.245/24";
|
|
Gateway = "192.168.50.1";
|
|
DNS = [ "192.168.50.1" ];
|
|
};
|
|
linkConfig.RequiredForOnline = "routable";
|
|
};
|
|
};
|
|
};
|
|
networking = {
|
|
hostName = eris.name;
|
|
networkmanager.enable = false;
|
|
nftables.enable = true;
|
|
useDHCP = false;
|
|
firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [
|
|
22 # SSH
|
|
25 # SMTP
|
|
139 # SMTP
|
|
587 # SMTP
|
|
2525 # SMTP
|
|
9999 # NC
|
|
];
|
|
};
|
|
};
|
|
services = {
|
|
avahi = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
nssmdns4 = true;
|
|
publish = {
|
|
enable = true;
|
|
userServices = true;
|
|
};
|
|
};
|
|
sshd.enable = true;
|
|
openssh = {
|
|
enable = true;
|
|
settings.PasswordAuthentication = false;
|
|
};
|
|
};
|
|
}
|