629f8f02d7
Clears all logs on reboot, clears data after 100MB or after 1day, whatever comes first.
59 lines
1.9 KiB
Nix
59 lines
1.9 KiB
Nix
{
|
|
services = {
|
|
openssh = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
settings.PasswordAuthentication = false;
|
|
};
|
|
|
|
journald = {
|
|
storage = "volatile";
|
|
extraConfig = ''
|
|
SystemMaxUse=100M
|
|
MaxRetentionSec=1d
|
|
'';
|
|
};
|
|
};
|
|
|
|
nix = {
|
|
settings.auto-optimise-store = true;
|
|
gc = {
|
|
automatic = true;
|
|
options = "--delete-older-than 7d";
|
|
dates = "daily";
|
|
};
|
|
};
|
|
|
|
# clean on boot
|
|
boot.tmp.cleanOnBoot = true;
|
|
|
|
# enable doas instead of sudo
|
|
security = {
|
|
sudo.enable = false;
|
|
|
|
doas = {
|
|
enable = true;
|
|
extraRules = [{
|
|
groups = [ "wheel" ];
|
|
persist = true;
|
|
}];
|
|
};
|
|
};
|
|
|
|
# always allow unfree
|
|
nixpkgs.config.allowUnfree = true;
|
|
environment.variables = {
|
|
NIXPKGS_ALLOW_UNFREE = "1";
|
|
};
|
|
|
|
# enable nftables based firewall
|
|
networking.nftables = {
|
|
enable = true;
|
|
};
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpGGdH8BpCM9pUSANM9vYA4b/V2zGJK+GGpi8N/Qp+j32TRD6UsA0g42o4tL72Hsv3PKUU5vaZaXjeSSZYpwaNCe1aR7ehBesEvcgeiU66jBQ6JfMoArF+ZreveXQvtYeqcN6Iyijcu7vyqWIcybT5yOEiylQhB2bUd5lVR9KDAW3z6zhiVPxGmC8D09uZVxsGPfAPxyKvRs6Jkq0d67nDI9yUOtRJEdMvrDDhGzHQhKRuxl+NHtYCOa9octFZMcpEssmUOS97KNgBhglSZlz4a5PKUO7NmLZEgrCjw/aAKyepRenB3a7R/20lJvsN4YsIAR/rVH6bdrYhWKOjUrXm3PFPBs7CxdMP9qs4LEM1AMJ0dTw40AE94HfvilEV3HV+WSjen1dcHJNrSQiOAfXZPVjkkmnrum6p3R1gPcezhrGuWZv/RDgJIflo6Kd3heCe9gk1tV/lYswm5l9Cpg5gIUiMd01UfXI4FvxFQcE4AIBs8UHOhorIbjDbNTeZoBxXZFWMRUTVNR37hZRBnp/Ept0WOsIhlqi0V/oGRAilVy2a0Xs9dwX785W8Q9g5weT+fUR71huTjEEQnz7/VGcOPE64mD3yh7rmxYi6wMjoG6/NxzRBs4KRux5q+MAHxl0jDCgV+0fx78xtlH9Zb3/d5cgZ4TwPeIElS4g1b5FFBQ== eyjhb@key"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPuma8g+U8Wh+4mLvZoV9V+ngPqxjuIG4zhsbaTeXq65 eyjhb@chronos"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGee4uz+HDOj4Y4ANOhWJhoc4mMLP1gz6rpKoMueQF2J rendal@popper"
|
|
];
|
|
}
|