45 lines
994 B
Nix
45 lines
994 B
Nix
{ config, lib, ... }:
|
|
let
|
|
cfg = config.my.utils.lxc-standard;
|
|
in
|
|
{
|
|
options.my.utils.lxc-standard = {
|
|
enable = lib.mkEnableOption "Enable if the host is a service LXC container";
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
age.secrets.snmpd-config.file = ../../secrets/snmpd-config.age;
|
|
|
|
# Enable SSH
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
# Disable password root access. Necessary for Colmena
|
|
PermitRootLogin = "prohibit-password";
|
|
PasswordAuthentication = false;
|
|
};
|
|
};
|
|
|
|
my.utils.serverNodeUsers.enable = true;
|
|
|
|
# Monitor node with node_exporter
|
|
services.prometheus.exporters = {
|
|
node = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
enabledCollectors = [ "systemd" ];
|
|
};
|
|
};
|
|
|
|
# SNMP
|
|
services.snmpd = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
configFile = config.age.secrets.snmpd-config.path;
|
|
};
|
|
|
|
networking.nameservers = [ "192.168.1.2" ];
|
|
|
|
};
|
|
}
|