new key for foureighty

This commit is contained in:
Cyryl Płotnicki 2021-06-27 08:38:54 +01:00
parent a3bcabc184
commit b425f839d0

View file

@ -1,35 +1,32 @@
{ config, pkgs, ... }:
{
imports = [
./security.nix
];
security.acme.email = "admin@cyplo.dev";
security.acme.acceptTerms = true;
services.fail2ban.enable = true;
services.openssh = {
enable = true;
permitRootLogin = "prohibit-password";
passwordAuthentication = false;
};
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJlCoSJ/2BHt0RqQUn2L9DPcCEJBJQWpq+74cpmeaGJL cyryl@foureighty"
let
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5Ejx5CAPUfHVXi4GL4WmnZaG8eiiOmsW/a0o1bs1GF cyryl@foureighty"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDN/2C59i+ucvSa9FLCHlVPJp0zebLOcw0+hnBYwy0cY cyryl@skinnyv"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwZ4M6lT2yzg8iarCzsLADAuXS4BUkLTt1+mKCECczk nix-builder@brix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALNEUIxbENTdhSWzYupGFn/q+AGe0diBOTMyiZAmv7F nix-builder@vultr1"
];
users.users.nix-builder = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJlCoSJ/2BHt0RqQUn2L9DPcCEJBJQWpq+74cpmeaGJL cyryl@foureighty"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDN/2C59i+ucvSa9FLCHlVPJp0zebLOcw0+hnBYwy0cY cyryl@skinnyv"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwZ4M6lT2yzg8iarCzsLADAuXS4BUkLTt1+mKCECczk nix-builder@brix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALNEUIxbENTdhSWzYupGFn/q+AGe0diBOTMyiZAmv7F nix-builder@vultr1"
in
{
imports = [
./security.nix
];
};
security.acme.email = "admin@cyplo.dev";
security.acme.acceptTerms = true;
nix.trustedUsers = [ "root" "nix-builder" ];
}
services.fail2ban.enable = true;
services.openssh = {
enable = true;
permitRootLogin = "prohibit-password";
passwordAuthentication = false;
};
users.extraUsers.root.openssh.authorizedKeys.keys = authorizedKeys;
users.users.nix-builder = {
isNormalUser = true;
openssh.authorizedKeys.keys = authorizedKeys;
};
nix.trustedUsers = [ "root" "nix-builder" ];
}