43 lines
1.2 KiB
Nix
43 lines
1.2 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
authorizedKeys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDa2qAxpUEFeBYl2wlzDa/x37TAAy5pOBHv50OXUrV5 cyryl@thinky"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBKc/pKrkWLaq6IdfcFqBV3PnPwhTEUh2rOP5g6I5OBd cyryl@airy"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPbJNY48F1Vn11aDX5hJSj4oS2NIKEH2busqoyQTLIvk cyryl@bolty"
|
|
];
|
|
in {
|
|
imports = [./security.nix];
|
|
security.acme.defaults.email = "admin@cyplo.dev";
|
|
security.acme.acceptTerms = true;
|
|
|
|
services.fail2ban.enable = true;
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "prohibit-password";
|
|
PasswordAuthentication = false;
|
|
};
|
|
};
|
|
|
|
users.extraUsers.root.openssh.authorizedKeys.keys = authorizedKeys;
|
|
users.users.nix-builder = {
|
|
isNormalUser = true;
|
|
openssh.authorizedKeys.keys = authorizedKeys;
|
|
};
|
|
|
|
users.users.cyryl = {
|
|
isNormalUser = true;
|
|
openssh.authorizedKeys.keys = authorizedKeys;
|
|
};
|
|
|
|
nix = {
|
|
settings.trusted-users = ["root" "nix-builder" "cyryl"];
|
|
sshServe.enable = true;
|
|
sshServe.keys = authorizedKeys;
|
|
};
|
|
}
|