cyplo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

new key for foureighty

Browse source
This commit is contained in:
Cyryl Płotnicki 2021-06-27 08:38:54 +01:00
parent a3bcabc184
commit b425f839d0
1 changed files with 25 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
nixos/server-security.nix
View file

@ -1,35 +1,32 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ let
imports = [ authorizedKeys = [
./security.nix "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5Ejx5CAPUfHVXi4GL4WmnZaG8eiiOmsW/a0o1bs1GF cyryl@foureighty"
];
security.acme.email = "admin@cyplo.dev";
security.acme.acceptTerms = true;
services.fail2ban.enable = true;
services.openssh = {
enable = true;
permitRootLogin = "prohibit-password";
passwordAuthentication = false;
};
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJlCoSJ/2BHt0RqQUn2L9DPcCEJBJQWpq+74cpmeaGJL cyryl@foureighty"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDN/2C59i+ucvSa9FLCHlVPJp0zebLOcw0+hnBYwy0cY cyryl@skinnyv" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDN/2C59i+ucvSa9FLCHlVPJp0zebLOcw0+hnBYwy0cY cyryl@skinnyv"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwZ4M6lT2yzg8iarCzsLADAuXS4BUkLTt1+mKCECczk nix-builder@brix" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwZ4M6lT2yzg8iarCzsLADAuXS4BUkLTt1+mKCECczk nix-builder@brix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALNEUIxbENTdhSWzYupGFn/q+AGe0diBOTMyiZAmv7F nix-builder@vultr1" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALNEUIxbENTdhSWzYupGFn/q+AGe0diBOTMyiZAmv7F nix-builder@vultr1"
]; ];
in
users.users.nix-builder = { {
isNormalUser = true; imports = [
openssh.authorizedKeys.keys = [ ./security.nix
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJlCoSJ/2BHt0RqQUn2L9DPcCEJBJQWpq+74cpmeaGJL cyryl@foureighty"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDN/2C59i+ucvSa9FLCHlVPJp0zebLOcw0+hnBYwy0cY cyryl@skinnyv"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwZ4M6lT2yzg8iarCzsLADAuXS4BUkLTt1+mKCECczk nix-builder@brix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALNEUIxbENTdhSWzYupGFn/q+AGe0diBOTMyiZAmv7F nix-builder@vultr1"
]; ];
}; security.acme.email = "admin@cyplo.dev";
security.acme.acceptTerms = true;
nix.trustedUsers = [ "root" "nix-builder" ]; services.fail2ban.enable = true;
}
services.openssh = {
enable = true;
permitRootLogin = "prohibit-password";
passwordAuthentication = false;
};
users.extraUsers.root.openssh.authorizedKeys.keys = authorizedKeys;
users.users.nix-builder = {
isNormalUser = true;
openssh.authorizedKeys.keys = authorizedKeys;
};
nix.trustedUsers = [ "root" "nix-builder" ];
}