From 9f2ecb2329083476c8163b624a9a45a7b688154c Mon Sep 17 00:00:00 2001 From: stupidcomputer Date: Thu, 26 Dec 2024 21:28:25 -0600 Subject: [PATCH] make copernicus have a static ip --- boxes/copernicus/default.nix | 9 +++++++++ boxes/copernicus/hardware-configuration.nix | 7 ------- boxes/copernicus/services/default.nix | 1 + boxes/copernicus/services/sshd.nix | 17 +++++++++++++++++ boxes/netbox/default.nix | 2 +- 5 files changed, 28 insertions(+), 8 deletions(-) create mode 100644 boxes/copernicus/services/sshd.nix diff --git a/boxes/copernicus/default.nix b/boxes/copernicus/default.nix index 8f46b90..3fa3e7d 100644 --- a/boxes/copernicus/default.nix +++ b/boxes/copernicus/default.nix @@ -97,6 +97,15 @@ nixpkgs.config.allowUnfree = true; networking = { hostName = "copernicus"; + interfaces.eno1 = { + useDHCP = true; + ipv4.addresses = [ + { + address = "192.168.1.201"; + prefixLength = 24; + } + ]; + }; firewall = { enable = true; interfaces = { diff --git a/boxes/copernicus/hardware-configuration.nix b/boxes/copernicus/hardware-configuration.nix index a22174d..3af2e40 100644 --- a/boxes/copernicus/hardware-configuration.nix +++ b/boxes/copernicus/hardware-configuration.nix @@ -28,13 +28,6 @@ [ { device = "/dev/disk/by-uuid/fc5366cc-2cec-415e-85dd-7c01a4e4fb4f"; } ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/boxes/copernicus/services/default.nix b/boxes/copernicus/services/default.nix index 47d2875..4d02af4 100644 --- a/boxes/copernicus/services/default.nix +++ b/boxes/copernicus/services/default.nix @@ -3,5 +3,6 @@ { imports = [ ./wireguard.nix + ./sshd.nix ]; } diff --git a/boxes/copernicus/services/sshd.nix b/boxes/copernicus/services/sshd.nix new file mode 100644 index 0000000..70a3380 --- /dev/null +++ b/boxes/copernicus/services/sshd.nix @@ -0,0 +1,17 @@ +{ machines, ...}: + +{ + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + }; + + users.users.usr.openssh.authorizedKeys.keys = [ + machines.copernicus.pubkey + machines.aristotle.pubkey + machines.phone.pubkey + ]; +} diff --git a/boxes/netbox/default.nix b/boxes/netbox/default.nix index 6b9f052..cd2635a 100644 --- a/boxes/netbox/default.nix +++ b/boxes/netbox/default.nix @@ -1,4 +1,4 @@ -{ lib, config, pkgs, machines, ... }: +{ pkgs, ... }: { imports = [