blob: 2e8731389daefb5b2df74557105fc7cf9ef0e93a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
{ config, pkgs, lib, depot, ... }:
let
ipv6 = "2a01:4f9:2a:1bc6::/64";
ipv4 = "95.216.27.158";
gatewayv4 = "95.216.27.129";
netmaskv4 = "255.255.255.192";
in
{
config = {
boot = {
kernelParams = [
"ip=${ipv4}::${gatewayv4}:${netmaskv4}::eth0:none"
];
initrd.network = {
enable = true;
ssh = {
# ssh_config:
# Host ingeborg-unlock
# User root
# HostName ingeborg.sterni.lv
# AddressFamily inet # kernel commandline only gives ipv4
# Port 22
# UserKnownHostsFile /home/lukas/.ssh/initrd_known_hosts
enable = true;
authorizedKeys = depot.users.sterni.keys.all;
hostKeys = [
"/etc/nixos/unlock_rsa_key_openssh"
"/etc/nixos/unlock_ed25519_key_openssh"
];
};
postCommands = ''
echo 'cryptsetup-askpass' >> /root/.profile
'';
};
};
networking = {
usePredictableInterfaceNames = false;
useDHCP = false;
interfaces."eth0".useDHCP = false;
hostName = "ingeborg";
firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [ 22 ];
};
};
systemd.network = {
enable = true;
networks."eth0".extraConfig = ''
[Match]
Name = eth0
[Network]
Address = ${ipv6}
Gateway = fe80::1
Address = ${ipv4}/27
Gateway = ${gatewayv4}
'';
};
};
}
|