Initial commit

modules/server/containers.nix

@@ -0,0 +1,36 @@
+{ host, lib, config, ... }: {
+  networking.nat = {
+    enable = true;
+    # Use "ve-*" when using nftables instead of iptables
+    internalInterfaces = ["ve-+"];
+    externalInterface = "ens18";
+    enableIPv6 = false;
+  };
+
+  containers =
+    if builtins.pathExists ../../hosts/${host}/containers
+    then let
+      containers_files' = builtins.readDir ../../hosts/${host}/containers;
+      containers_files = lib.concatMapAttrs
+        (container: _: {
+          ${lib.removeSuffix ".nix" container} = {};
+        }) containers_files';
+
+    in builtins.mapAttrs (container: _: {
+      autoStart = true;
+      bindMounts = builtins.mapAttrs (_: value: { hostPath = value; isReadOnly = false; }) config.container.${container}.config.binds;
+      tmpfs = [ "/" ];
+      config = { lib, ... }: with lib; {
+        imports = [
+          ../../hosts/${host}/containers/${container}.nix
+          # ../containers
+          ../global/nix.nix
+          ../global/dnscrypt-proxy.nix
+        ];
+        options = {
+          binds = mkOption { type = types.attrs; default = {}; };
+        };
+      };
+    }) containers_files
+    else {};
+}

modules/server/openssh.nix

@@ -0,0 +1,19 @@
+{ username, ... }: let
+  keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkHOpdBpYV3KJV+AtBK3jD6MLDZzAwh9HFt0LsLxBV0" # Old key
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDEDqpSiQpbSsClh6UGb7Z2DA1Hy+EyePzTy+5hEVD/A" # Main key
+  ];
+in {
+  users.users.${username}.openssh.authorizedKeys.keys = keys;
+  users.users.root.openssh.authorizedKeys.keys = keys;
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+      PermitRootLogin = "prohibit-password";
+    };
+    ports = [ 22 ];
+    openFirewall = true;
+  };
+}