From 211ab56adf2dd91732feb0c75332321206e0d499 Mon Sep 17 00:00:00 2001 From: ene Date: Thu, 19 Jan 2023 14:02:04 +0100 Subject: Feat: User configuration, with secure passwords The passwords will be stored in a specific password file, which because it isn't part of this repository is secure. Refs: #9 --- configuration.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'configuration.nix') diff --git a/configuration.nix b/configuration.nix index 600201d..baf982a 100644 --- a/configuration.nix +++ b/configuration.nix @@ -3,7 +3,9 @@ ./hardware-configuration.nix ./packages.nix ./networking.nix # network configuration that just works + ./users.nix ./services/minecraft.nix + ]; boot.cleanTmpDir = true; @@ -17,10 +19,6 @@ passwordAuthentication = false; extraConfig = "PrintMotd yes\n"; # this could be done with pam }; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils" - ]; system.stateVersion = "22.11"; } -- cgit 1.4.1 From cf63e4141cf072b7b942bff23e023890e767a3b1 Mon Sep 17 00:00:00 2001 From: ene Date: Sat, 21 Jan 2023 07:41:32 +0100 Subject: Fix: Resolve merge conflicts --- configuration.nix | 8 -------- hardware-configuration.nix | 9 +++++---- services/opensshd.nix | 27 +++++++++++++-------------- 3 files changed, 18 insertions(+), 26 deletions(-) (limited to 'configuration.nix') diff --git a/configuration.nix b/configuration.nix index 75701ad..8fc047a 100644 --- a/configuration.nix +++ b/configuration.nix @@ -4,7 +4,6 @@ ./packages.nix ./networking.nix # network configuration that just works ./users.nix - ./services/minecraft.nix ./services/minecraft.nix ./services/rust-motd.nix @@ -16,13 +15,6 @@ networking.hostName = "server1"; networking.domain = "vhack.eu"; - # openssh config - services.openssh = { - enable = true; - passwordAuthentication = false; - extraConfig = "PrintMotd yes\n"; # this could be done with pam - }; - system.stateVersion = "22.11"; } # vim: ts=2 diff --git a/hardware-configuration.nix b/hardware-configuration.nix index 9fcbe2b..76cdb1e 100644 --- a/hardware-configuration.nix +++ b/hardware-configuration.nix @@ -19,13 +19,14 @@ fsType = "btrfs"; options = ["subvol=storage" "compress-force=zstd"]; }; - "/etc/nixos" = { - device = "/srv/nix-config"; - options = ["bind"]; - }; "/boot" = { device = "/dev/vda3"; options = ["subvol=boot" "compress-force=zstd"]; }; + + "/etc/nixos" = { + device = "/srv/nix-config"; + options = ["bind"]; + }; }; } diff --git a/services/opensshd.nix b/services/opensshd.nix index 4bd38fd..cb9f2ba 100644 --- a/services/opensshd.nix +++ b/services/opensshd.nix @@ -1,19 +1,18 @@ -{ config, pkg, ... }: { +{ + config, + pkg, + ... +}: { services.openssh = { enable = true; passwordAuthentication = false; - extraConfig = '' - PrintMotd yes - ''; # this could be done with pam - hostKeys = [{ - comment = "key comment"; - path = "/srv/sshd/ssh_host_ed25519_key"; - rounds = 1000; - type = "ed25519"; - }]; + hostKeys = [ + { + comment = "key comment"; + path = "/srv/sshd/ssh_host_ed25519_key"; + rounds = 1000; + type = "ed25519"; + } + ]; }; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils" - ]; } -- cgit 1.4.1