~sircmpwn/builds.sr.ht

builds.sr.ht/images/nixos/base-system-configuration.nix -rw-r--r-- 1.1 KiB
48fa5794Dhruvin Gandhi alpine: run setup-timezone conditionally 7 days ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
{ pkgs, ... }:

{
  # passwordless ssh server
  services.openssh = {
    enable = true;
    permitRootLogin = "yes";
    extraConfig = "PermitEmptyPasswords yes";
  };

  users = {
    mutableUsers = false;
    # build user
    extraUsers."build" = {
      isNormalUser = true;
      uid = 1000;
      extraGroups = [ "wheel" ];
      password = "";
    };
    users.root.password = "";
  };
  security.sudo.wheelNeedsPassword = false;
  nix.trustedUsers = [ "root" "build" ];

  # builds.sr.ht-image-specific network settings
  networking = {
    hostName = "build";
    dhcpcd.enable = false;
    defaultGateway.address = "10.0.2.2";
    usePredictableInterfaceNames = false; # so that we just get eth0 and not some weird id
    interfaces."eth0".ipv4.addresses = [{
      address = "10.0.2.15";
      prefixLength = 25;
    }];
    enableIPv6 = false;
    nameservers = [
      # OpenNIC anycast
      "185.121.177.177"
      "169.239.202.202"
      # Google as a fallback :(
      "8.8.8.8"
    ];
    firewall.allowedTCPPorts = [ 22 ]; # allow ssh
  };

  environment.systemPackages = with pkgs; [
    gitMinimal
    mercurial
    curl
    gnupg
  ];
}