52 lines
1.1 KiB
Nix
52 lines
1.1 KiB
Nix
{
|
|
services = {
|
|
openssh = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
settings.PasswordAuthentication = false;
|
|
};
|
|
|
|
journald.extraConfig = "SystemMaxUse=100M";
|
|
};
|
|
|
|
nix = {
|
|
settings.auto-optimise-store = true;
|
|
gc = {
|
|
automatic = true;
|
|
options = "--delete-older-than 7d";
|
|
dates = "daily";
|
|
};
|
|
};
|
|
|
|
# clean on boot
|
|
boot.tmp.cleanOnBoot = true;
|
|
|
|
# enable doas instead of sudo
|
|
security = {
|
|
sudo.enable = false;
|
|
|
|
doas = {
|
|
enable = true;
|
|
extraRules = [{
|
|
groups = [ "wheel" ];
|
|
persist = true;
|
|
}];
|
|
};
|
|
};
|
|
|
|
# always allow unfree
|
|
nixpkgs.config.allowUnfree = true;
|
|
environment.variables = {
|
|
NIXPKGS_ALLOW_UNFREE = "1";
|
|
};
|
|
|
|
# enable nftables based firewall
|
|
networking.nftables = {
|
|
enable = true;
|
|
};
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPuma8g+U8Wh+4mLvZoV9V+ngPqxjuIG4zhsbaTeXq65 eyjhb@chronos"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGee4uz+HDOj4Y4ANOhWJhoc4mMLP1gz6rpKoMueQF2J rendal@popper"
|
|
];
|
|
}
|