pyrox.dev
1{ pkgs, ... }:
2let
3 inherit (import ./../ssh-keys.nix pkgs)
4 snakeOilPrivateKey
5 snakeOilPublicKey
6 ;
7in
8{
9 networking.firewall.allowedTCPPorts = [ 80 ];
10
11 systemd.services.mock-google-metadata = {
12 description = "Mock Google metadata service";
13 serviceConfig.Type = "simple";
14 serviceConfig.ExecStart = "${pkgs.python3}/bin/python ${./server.py}";
15 environment = {
16 SNAKEOIL_PUBLIC_KEY = snakeOilPublicKey;
17 };
18 wantedBy = [ "multi-user.target" ];
19 after = [ "network.target" ];
20 };
21
22 services.openssh.enable = true;
23 services.openssh.settings.KbdInteractiveAuthentication = false;
24 services.openssh.settings.PasswordAuthentication = false;
25
26 security.googleOsLogin.enable = true;
27
28 # Mock google service
29 networking.interfaces.lo.ipv4.addresses = [
30 {
31 address = "169.254.169.254";
32 prefixLength = 32;
33 }
34 ];
35}