79 lines
1.7 KiB
Nix
79 lines
1.7 KiB
Nix
{
|
|
config,
|
|
machine,
|
|
...
|
|
}: {
|
|
age.secrets.secret2.file = ../../secrets/secret2.age;
|
|
boot.tmp.cleanOnBoot = true;
|
|
boot.loader.grub.devices = ["nodev"];
|
|
environment.persistence."/nix/persist" = {
|
|
enable = true;
|
|
hideMounts = true;
|
|
directories = [
|
|
"/var/log"
|
|
"/var/lib/nixos"
|
|
"/var/lib/systemd/coredump"
|
|
"/etc/NetworkManager/system-connections"
|
|
];
|
|
files = [
|
|
"/etc/machine-id"
|
|
"/etc/ly/save.txt"
|
|
];
|
|
users."mtgmonkey" = {
|
|
directories = [
|
|
".local/share/zoxide"
|
|
".ssh"
|
|
];
|
|
files = [
|
|
".bash_history"
|
|
".brush_history"
|
|
];
|
|
};
|
|
};
|
|
i18n.defaultLocale = "de_DE.UTF-8";
|
|
networking = {
|
|
dhcpcd.enable = true;
|
|
firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [80 443];
|
|
allowedUDPPorts = [80 443];
|
|
};
|
|
hostName = machine.hostname;
|
|
domain = "";
|
|
};
|
|
nix.settings = {
|
|
experimental-features = [
|
|
"nix-command"
|
|
"flakes"
|
|
];
|
|
allow-import-from-derivation = true;
|
|
};
|
|
programs.noshell.enable = true;
|
|
services.openssh = {
|
|
enable = true;
|
|
allowSFTP = false;
|
|
ports = [5522];
|
|
settings = {
|
|
PermitRootLogin = "no";
|
|
PasswordAuthentication = false;
|
|
KbdInteractiveAuthentication = true;
|
|
};
|
|
extraConfig = ''
|
|
AllowTcpForwarding no
|
|
AllowAgentForwarding no
|
|
MaxAuthTries 3
|
|
MaxSessions 4
|
|
TCPKeepAlive no
|
|
'';
|
|
};
|
|
system.stateVersion = "26.05";
|
|
time.timeZone = "Europe/Berlin";
|
|
users.users."mtgmonkey" = {
|
|
isNormalUser = true;
|
|
description = "mtgmonkey";
|
|
hashedPasswordFile = builtins.toString config.age.secrets.secret2.path;
|
|
extraGroups = ["wheel"];
|
|
openssh.authorizedKeys.keys = machine.pub-keys.ssh;
|
|
};
|
|
}
|