Merge pull request 'Format: First formatting with Alejandra' (#2) from ene/nixos-server:server1 into server1

Reviewed-on: https://git.sils.li/vhack.eu/nixos-server/pulls/2 Reviewed-by: sils <sils@sils.li>
author: sils <sils@sils.li> 2023-01-08 00:03:49 +0100
committer: sils <sils@sils.li> 2023-01-08 00:03:49 +0100
commit: 473f5c2a87eb6aecf93fcab873fa16d07e7bcb9e (patch)
tree: 6745f07b44524b73ece4244e6318bdecdd10da9c
parent: some people lose keys (diff)
parent: Feat: Some security for ssh (diff)
download: nixos-server-473f5c2a87eb6aecf93fcab873fa16d07e7bcb9e.zip
4 files changed, 56 insertions, 32 deletions
diff --git a/configuration.nix b/configuration.nix
index e531a8e..852a6ee 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -1,21 +1,26 @@
-{ pkgs, ... }: {
+{pkgs, ...}: {
   imports = [
     ./hardware-configuration.nix
     ./packages.nix
-    ./networking.nix # generated at runtime by nixos-infect
-    
+    ./networking.nix # network configuration that just works
   ];
 
   boot.cleanTmpDir = true;
   zramSwap.enable = true;
   networking.hostName = "server1";
   networking.domain = "vhack.eu";
-  services.openssh.enable = true;
+
+  # openssh config
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+    extraConfig = "PrintMotd yes\n"; # this could be done with pam
+  };
   users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2mYuiOuIb13E3wJRYPHOFN/dR5ySFozG2I/18HBSRJ dt@DESKTOP-IDOHVE" 
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils" 
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils"
   ];
 
   system.stateVersion = "22.11";
 }
+# vim: ts=2
diff --git a/hardware-configuration.nix b/hardware-configuration.nix
index e8756e4..c4fe39a 100644
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@@ -1,9 +1,10 @@
-{ modulesPath, ... }:
-{
-  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+{modulesPath, ...}: {
+  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
   boot.loader.grub.device = "/dev/vda";
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
-  boot.initrd.kernelModules = [ "nvme" "btrfs" ];
-  fileSystems."/" = { device = "/dev/vda3"; fsType = "ext4"; };
-  
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
+  boot.initrd.kernelModules = ["nvme" "btrfs"];
+  fileSystems."/" = {
+    device = "/dev/vda3";
+    fsType = "ext4";
+  };
 }
diff --git a/networking.nix b/networking.nix
index 9b254e0..26d6719 100644
--- a/networking.nix
+++ b/networking.nix
@@ -1,9 +1,10 @@
-{ lib, ... }: {
+{lib, ...}: {
   # This file was populated at runtime with the networking
   # details gathered from the active system.
   networking = {
-    nameservers = [ "8.8.8.8"
- ];
+    nameservers = [
+      "8.8.8.8"
+    ];
     defaultGateway = "89.58.56.1";
     defaultGateway6 = "fe80::1";
     dhcpcd.enable = false;
@@ -11,20 +12,38 @@
     interfaces = {
       eth0 = {
         ipv4.addresses = [
-          { address="89.58.58.33"; prefixLength=22; }
+          {
+            address = "89.58.58.33";
+            prefixLength = 22;
+          }
         ];
         ipv6.addresses = [
-          { address="2a03:4000:6a:3f3:6422:6dff:fe82:939b"; prefixLength=64; }
-{ address="fe80::6422:6dff:fe82:939b"; prefixLength=64; }
+          {
+            address = "2a03:4000:6a:3f3:6422:6dff:fe82:939b";
+            prefixLength = 64;
+          }
+          {
+            address = "fe80::6422:6dff:fe82:939b";
+            prefixLength = 64;
+          }
+        ];
+        ipv4.routes = [
+          {
+            address = "89.58.56.1";
+            prefixLength = 32;
+          }
+        ];
+        ipv6.routes = [
+          {
+            address = "fe80::1";
+            prefixLength = 128;
+          }
         ];
-        ipv4.routes = [ { address = "89.58.56.1"; prefixLength = 32; } ];
-        ipv6.routes = [ { address = "fe80::1"; prefixLength = 128; } ];
       };
-      
     };
   };
   services.udev.extraRules = ''
     ATTR{address}=="66:22:6d:82:93:9b", NAME="eth0"
-    
+
   '';
 }
diff --git a/packages.nix b/packages.nix
index ea6daf3..4d33c6e 100644
--- a/packages.nix
+++ b/packages.nix
@@ -1,10 +1,9 @@
-{ pkgs, ...}:
-{
-	environment.systemPackages = with pkgs; [
-		jre_minimal
-		git
-		zsh
-		neovim
-		btrfs-progs
-	];
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    jre_minimal
+    git
+    zsh
+    neovim
+    btrfs-progs
+  ];
 }
author	sils <sils@sils.li>	2023-01-08 00:03:49 +0100
committer	sils <sils@sils.li>	2023-01-08 00:03:49 +0100
commit	473f5c2a87eb6aecf93fcab873fa16d07e7bcb9e (patch)
tree	6745f07b44524b73ece4244e6318bdecdd10da9c
parent	some people lose keys (diff)
parent	Feat: Some security for ssh (diff)
download	nixos-server-473f5c2a87eb6aecf93fcab873fa16d07e7bcb9e.zip