nix/nixos/consensus/configuration.nix

{pkgs, ...}: {
  imports = [
    ./hardware-configuration.nix
  ];
  environment.systemPackages = with pkgs; [
    git
    vim
  ];
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = false;
  swapDevices = [
    {
      device = "/var/swapfile";
      size = 4 * 1024;
    }
  ];
  networking = {
    hostName = "consensus";
    firewall = {
      enable = true;
      allowedTCPPorts = [
        22
        2022
        6443
        25565
        30001
        30303
      ];
      allowedUDPPorts = [
        30001
        30303
      ];
      logRefusedConnections = true;
    };
  };
  services = {
    k3s = {
      enable = true;
      role = "server";
      extraFlags = toString [
        "--disable=traefik"
      ];
    };
    openssh = {
      enable = true;
      ports = [2022];
      settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "prohibit-password";
      };
    };
  };
  users.users = {
    root = {
      openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM4Zr0PFN7QdOG2aJ+nuzRCK6caulrpY6bphA1Ppl8Y e@t14''];
    };
    e = {
      isNormalUser = true;
      extraGroups = ["wheel"];
      home = "/home/e";
      openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM4Zr0PFN7QdOG2aJ+nuzRCK6caulrpY6bphA1Ppl8Y e@t14''];
    };
  };
  security.sudo.wheelNeedsPassword = false;
  nix.settings.trusted-users = ["e"];
  system.stateVersion = "23.11";
}