ctucx.git: nixfiles

ctucx' nixfiles

commit 98afeee225bdd103d24de18ba0f36c1f90c30180
parent 475cfcbd3b98d8a491339cbe31ded92204b8a109
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sun, 10 Oct 2021 14:45:21 +0200

common/openssh: disable password-auth, use socket-activation
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/configurations/common.nix b/configurations/common.nix
@@ -46,11 +46,11 @@
     };
 
     openssh = {
-      enable                          = true;
-      ports                           = [ 22 ];
-      passwordAuthentication          = true;
-      challengeResponseAuthentication = false;
-      permitRootLogin                 = "without-password";
+      enable                 = true;
+      startWhenNeeded        = true;
+      ports                  = [ 22 ];
+      passwordAuthentication = false;
+      permitRootLogin        = "without-password";
     };
   };
 

@@ -67,7 +67,9 @@
     leah = {
       isNormalUser                  = true;
       initialPassword               = "foobar123";
-      openssh.authorizedKeys.keys   = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829" ];
+      openssh.authorizedKeys.keys   = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:6445161"
+      ];
       extraGroups                   = [ "wheel" ]; # Enable ‘sudo’ for the user.
     };
   };
diff --git a/machines/briefkasten/configuration.nix b/machines/briefkasten/configuration.nix
@@ -51,7 +51,7 @@
 
     firewall = {
       enable = true;
-      allowedTCPPorts = [ 22 ];
+#      allowedTCPPorts = [ ];
     };
   };