diff options
author | sils <sils@sils.li> | 2023-01-08 00:03:49 +0100 |
---|---|---|
committer | sils <sils@sils.li> | 2023-01-08 00:03:49 +0100 |
commit | 473f5c2a87eb6aecf93fcab873fa16d07e7bcb9e (patch) | |
tree | 6745f07b44524b73ece4244e6318bdecdd10da9c | |
parent | some people lose keys (diff) | |
parent | Feat: Some security for ssh (diff) | |
download | nixos-server-473f5c2a87eb6aecf93fcab873fa16d07e7bcb9e.tar.gz nixos-server-473f5c2a87eb6aecf93fcab873fa16d07e7bcb9e.zip |
Merge pull request 'Format: First formatting with Alejandra' (#2) from ene/nixos-server:server1 into server1
Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/2 Reviewed-by: sils <sils@sils.li>
-rw-r--r-- | configuration.nix | 17 | ||||
-rw-r--r-- | hardware-configuration.nix | 15 | ||||
-rw-r--r-- | networking.nix | 39 | ||||
-rw-r--r-- | packages.nix | 17 |
4 files changed, 56 insertions, 32 deletions
diff --git a/configuration.nix b/configuration.nix index e531a8e..852a6ee 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,21 +1,26 @@ -{ pkgs, ... }: { +{pkgs, ...}: { imports = [ ./hardware-configuration.nix ./packages.nix - ./networking.nix # generated at runtime by nixos-infect - + ./networking.nix # network configuration that just works ]; boot.cleanTmpDir = true; zramSwap.enable = true; networking.hostName = "server1"; networking.domain = "vhack.eu"; - services.openssh.enable = true; + + # openssh config + services.openssh = { + enable = true; + passwordAuthentication = false; + extraConfig = "PrintMotd yes\n"; # this could be done with pam + }; users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2mYuiOuIb13E3wJRYPHOFN/dR5ySFozG2I/18HBSRJ dt@DESKTOP-IDOHVE" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils" ]; system.stateVersion = "22.11"; } +# vim: ts=2 diff --git a/hardware-configuration.nix b/hardware-configuration.nix index e8756e4..c4fe39a 100644 --- a/hardware-configuration.nix +++ b/hardware-configuration.nix @@ -1,9 +1,10 @@ -{ modulesPath, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; +{modulesPath, ...}: { + imports = [(modulesPath + "/profiles/qemu-guest.nix")]; boot.loader.grub.device = "/dev/vda"; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; - boot.initrd.kernelModules = [ "nvme" "btrfs" ]; - fileSystems."/" = { device = "/dev/vda3"; fsType = "ext4"; }; - + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"]; + boot.initrd.kernelModules = ["nvme" "btrfs"]; + fileSystems."/" = { + device = "/dev/vda3"; + fsType = "ext4"; + }; } diff --git a/networking.nix b/networking.nix index 9b254e0..26d6719 100644 --- a/networking.nix +++ b/networking.nix @@ -1,9 +1,10 @@ -{ lib, ... }: { +{lib, ...}: { # This file was populated at runtime with the networking # details gathered from the active system. networking = { - nameservers = [ "8.8.8.8" - ]; + nameservers = [ + "8.8.8.8" + ]; defaultGateway = "89.58.56.1"; defaultGateway6 = "fe80::1"; dhcpcd.enable = false; @@ -11,20 +12,38 @@ interfaces = { eth0 = { ipv4.addresses = [ - { address="89.58.58.33"; prefixLength=22; } + { + address = "89.58.58.33"; + prefixLength = 22; + } ]; ipv6.addresses = [ - { address="2a03:4000:6a:3f3:6422:6dff:fe82:939b"; prefixLength=64; } -{ address="fe80::6422:6dff:fe82:939b"; prefixLength=64; } + { + address = "2a03:4000:6a:3f3:6422:6dff:fe82:939b"; + prefixLength = 64; + } + { + address = "fe80::6422:6dff:fe82:939b"; + prefixLength = 64; + } + ]; + ipv4.routes = [ + { + address = "89.58.56.1"; + prefixLength = 32; + } + ]; + ipv6.routes = [ + { + address = "fe80::1"; + prefixLength = 128; + } ]; - ipv4.routes = [ { address = "89.58.56.1"; prefixLength = 32; } ]; - ipv6.routes = [ { address = "fe80::1"; prefixLength = 128; } ]; }; - }; }; services.udev.extraRules = '' ATTR{address}=="66:22:6d:82:93:9b", NAME="eth0" - + ''; } diff --git a/packages.nix b/packages.nix index ea6daf3..4d33c6e 100644 --- a/packages.nix +++ b/packages.nix @@ -1,10 +1,9 @@ -{ pkgs, ...}: -{ - environment.systemPackages = with pkgs; [ - jre_minimal - git - zsh - neovim - btrfs-progs - ]; +{pkgs, ...}: { + environment.systemPackages = with pkgs; [ + jre_minimal + git + zsh + neovim + btrfs-progs + ]; } |