2023-06-01 19:03:20 +01:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
let
|
2021-06-27 08:38:54 +01:00
|
|
|
authorizedKeys = [
|
2022-07-07 19:43:00 +01:00
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty"
|
2021-05-31 09:15:44 +01:00
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDN/2C59i+ucvSa9FLCHlVPJp0zebLOcw0+hnBYwy0cY cyryl@skinnyv"
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwZ4M6lT2yzg8iarCzsLADAuXS4BUkLTt1+mKCECczk nix-builder@brix"
|
2022-09-26 10:51:40 +01:00
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDa2qAxpUEFeBYl2wlzDa/x37TAAy5pOBHv50OXUrV5 cyryl@thinky"
|
2021-05-31 09:15:44 +01:00
|
|
|
];
|
2022-03-10 12:25:23 +00:00
|
|
|
in {
|
2023-06-01 19:03:20 +01:00
|
|
|
imports = [ ./security.nix ];
|
2022-06-03 21:45:58 +01:00
|
|
|
security.acme.defaults.email = "admin@cyplo.dev";
|
2021-11-22 19:32:26 +00:00
|
|
|
security.acme.acceptTerms = true;
|
2021-06-27 08:38:54 +01:00
|
|
|
|
2021-11-22 19:32:26 +00:00
|
|
|
services.fail2ban.enable = true;
|
2021-06-27 08:38:54 +01:00
|
|
|
|
2021-11-22 19:32:26 +00:00
|
|
|
services.openssh = {
|
|
|
|
enable = true;
|
2023-06-01 19:03:20 +01:00
|
|
|
settings = {
|
|
|
|
PermitRootLogin = "prohibit-password";
|
|
|
|
PasswordAuthentication = false;
|
|
|
|
};
|
2021-11-22 19:32:26 +00:00
|
|
|
};
|
2021-06-27 08:38:54 +01:00
|
|
|
|
2021-11-22 19:32:26 +00:00
|
|
|
users.extraUsers.root.openssh.authorizedKeys.keys = authorizedKeys;
|
|
|
|
users.users.nix-builder = {
|
|
|
|
isNormalUser = true;
|
|
|
|
openssh.authorizedKeys.keys = authorizedKeys;
|
|
|
|
};
|
2021-05-31 09:15:44 +01:00
|
|
|
|
2023-06-01 19:03:20 +01:00
|
|
|
nix.settings.trusted-users = [ "root" "nix-builder" ];
|
2022-12-25 19:46:20 +00:00
|
|
|
nix.sshServe.enable = true;
|
|
|
|
nix.sshServe.keys = authorizedKeys;
|
2021-11-22 19:32:26 +00:00
|
|
|
}
|