This commit is contained in:
parent
af3dc8b59e
commit
e94b793bc7
4 changed files with 20 additions and 9 deletions
|
@ -9,7 +9,14 @@
|
|||
openssh = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
|
||||
allowSFTP = false;
|
||||
challengeResponseAuthentication = false;
|
||||
settings = {
|
||||
AllowAgentForwarding = false;
|
||||
AllowStreamLocalForwarding = false;
|
||||
AllowTcpForwarding = true;
|
||||
AuthenticationMethods = "publickey";
|
||||
KexAlgorithms = [
|
||||
"curve25519-sha256"
|
||||
"curve25519-sha256@libssh.org"
|
||||
|
@ -19,7 +26,7 @@
|
|||
];
|
||||
PasswordAuthentication = false;
|
||||
PermitRootLogin = "prohibit-password";
|
||||
StreamLocalBindUnlink = "yes";
|
||||
X11Forwarding = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -7,10 +7,8 @@
|
|||
"nix-command"
|
||||
"flakes"
|
||||
];
|
||||
trusted-users = [
|
||||
"@wheel"
|
||||
"winston"
|
||||
];
|
||||
allowed-users = [ "root" ];
|
||||
trusted-users = [ "root" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
13
flake.nix
13
flake.nix
|
@ -22,8 +22,15 @@
|
|||
modules = [
|
||||
{
|
||||
nixpkgs = {
|
||||
config.allowUnfree = true;
|
||||
inherit overlays;
|
||||
config.allowUnfreePredicate =
|
||||
pkg:
|
||||
builtins.elem (nixpkgs.lib.getName pkg) [
|
||||
"elasticsearch"
|
||||
"satisfactory-server"
|
||||
"steamworks-sdk-redist"
|
||||
"valheim-server"
|
||||
];
|
||||
};
|
||||
}
|
||||
./hosts/main-node
|
||||
|
@ -65,12 +72,10 @@
|
|||
|
||||
devShells.default = pkgs.mkShell {
|
||||
inherit (config.pre-commit.devShell) shellHook;
|
||||
buildInputs = [
|
||||
packages = [
|
||||
inputs'.agenix.packages.agenix
|
||||
pkgs.age-plugin-yubikey
|
||||
pkgs.unstable.deploy-rs
|
||||
pkgs.unstable.nh
|
||||
pkgs.unstable.nixd
|
||||
self'.formatter
|
||||
];
|
||||
};
|
||||
|
|
|
@ -30,6 +30,7 @@ let
|
|||
Group = "wakapi";
|
||||
|
||||
DynamicUser = true;
|
||||
NoNewPrivileges = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
|
|
Loading…
Reference in a new issue