33 lines
714 B
Nix
33 lines
714 B
Nix
{ config, lib, ... }:
|
|
let
|
|
cfg = config.my.utils.lxc-standard;
|
|
in
|
|
{
|
|
options.my.utils.lxc-standard = {
|
|
enable = lib.mkEnableOption "Enable if the host is a service LXC container";
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
# Enable SSH
|
|
services = {
|
|
openssh.enable = true;
|
|
# Disable password root access. Necessary for Colmena
|
|
openssh.permitRootLogin = "prohibit-password";
|
|
};
|
|
|
|
my.utils.serverNodeUsers.enable = true;
|
|
|
|
# Monitor node with node_exporter
|
|
services.prometheus.exporters = {
|
|
node = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
enabledCollectors = [ "systemd" ];
|
|
};
|
|
};
|
|
|
|
networking.nameservers = [ "192.168.1.2" ];
|
|
|
|
};
|
|
}
|