nixos/tests/google-oslogin/server.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / tests / google-oslogin / server.nix

at 23.11-pre 844 B view raw

 1{ pkgs, ... }:
 2let
 3  inherit (import ./../ssh-keys.nix pkgs)
 4    snakeOilPrivateKey snakeOilPublicKey;
 5in {
 6  networking.firewall.allowedTCPPorts = [ 80 ];
 7
 8  systemd.services.mock-google-metadata = {
 9    description = "Mock Google metadata service";
10    serviceConfig.Type = "simple";
11    serviceConfig.ExecStart = "${pkgs.python3}/bin/python ${./server.py}";
12    environment = {
13      SNAKEOIL_PUBLIC_KEY = snakeOilPublicKey;
14    };
15    wantedBy = [ "multi-user.target" ];
16    after = [ "network.target" ];
17  };
18
19  services.openssh.enable = true;
20  services.openssh.settings.KbdInteractiveAuthentication = false;
21  services.openssh.settings.PasswordAuthentication = false;
22
23  security.googleOsLogin.enable = true;
24
25  # Mock google service
26  networking.interfaces.lo.ipv4.addresses = [ { address = "169.254.169.254"; prefixLength = 32; } ];
27}