diff --git a/.config/linux/system/flake.nix b/.config/linux/system/flake.nix index 53ab48b..f2a9a3d 100644 --- a/.config/linux/system/flake.nix +++ b/.config/linux/system/flake.nix @@ -14,6 +14,7 @@ ./module/common/Nix.nix ./module/common/Package.nix ./module/common/Root.nix + ./module/common/Sshd.nix ./module/common/Swap.nix ./module/common/Users.nix ]; @@ -29,7 +30,6 @@ ./module/Gnome.nix ./module/PowersaveIntel.nix ./module/Print.nix - ./module/Sshd.nix ]; specialArgs.inputs = inputs; system = "x86_64-linux"; @@ -45,7 +45,6 @@ ./module/Gnome.nix ./module/PowersaveAmd.nix ./module/Print.nix - ./module/Sshd.nix ./module/VirtManager.nix ./module/Voronind.nix ]; @@ -53,6 +52,16 @@ system = "x86_64-linux"; }; + nixosConfigurations.fsight = nixpkgs.lib.nixosSystem { + modules = [ + self.nixosModules.common + ./host/fsight/Configuration.nix + ./module/Docker.nix + ]; + specialArgs.inputs = inputs; + system = "x86_64-linux"; + }; + nixosConfigurations.home = nixpkgs.lib.nixosSystem { modules = [ self.nixosModules.common @@ -63,7 +72,6 @@ ./module/Ftpd.nix ./module/Gnome.nix ./module/PowersaveAmd.nix - ./module/Sshd.nix ./module/Voronind.nix ]; specialArgs.inputs = inputs; @@ -81,7 +89,6 @@ ./module/Gnome.nix ./module/PowersaveAmd.nix ./module/Print.nix - ./module/Sshd.nix ./module/Voronind.nix ]; specialArgs.inputs = inputs; @@ -98,7 +105,6 @@ ./module/PowersaveIntel.nix ./module/Powerlimit.nix ./module/Print.nix - ./module/Sshd.nix ./module/Voronind.nix ]; specialArgs.inputs = inputs; diff --git a/.config/linux/system/host/fsight/Configuration.nix b/.config/linux/system/host/fsight/Configuration.nix new file mode 100644 index 0000000..048afcc --- /dev/null +++ b/.config/linux/system/host/fsight/Configuration.nix @@ -0,0 +1,16 @@ +{ config, pkgs, lib, ... }: + +{ + imports = [ + ./HardwareConfiguration.nix + ]; + + # Root password. + users.users.root.hashedPassword = lib.mkForce "$y$j9T$d4HfwutZr.eNHuLJYRuro/$7swZfgCNS6jEXHFCxsW5um/68jX9BRiiZD1BYcm/gD/"; + + # Network. + networking.hostName = "fsight"; + + # Do not touch ever. + system.stateVersion = "23.11"; +} diff --git a/.config/linux/system/host/fsight/HardwareConfiguration.nix b/.config/linux/system/host/fsight/HardwareConfiguration.nix new file mode 100644 index 0000000..727f599 --- /dev/null +++ b/.config/linux/system/host/fsight/HardwareConfiguration.nix @@ -0,0 +1,29 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/a0a14d13-561e-4182-8a9a-4ef2c5be1b8b"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens32.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/.config/linux/system/module/Sshd.nix b/.config/linux/system/module/common/Sshd.nix similarity index 97% rename from .config/linux/system/module/Sshd.nix rename to .config/linux/system/module/common/Sshd.nix index 6d351fc..e0b7373 100644 --- a/.config/linux/system/module/Sshd.nix +++ b/.config/linux/system/module/common/Sshd.nix @@ -2,7 +2,7 @@ { services.openssh = { - enable = true; + enable = true; allowSFTP = true; ports = [ 22143 ]; listenAddresses = [ @@ -13,22 +13,22 @@ ]; settings = { AllowUsers = [ "root" ]; - PermitRootLogin = "yes"; LoginGraceTime = "1m"; - StrictModes = false; MaxAuthTries = 1; MaxSessions = 10; + PermitRootLogin = "yes"; + StrictModes = false; - UsePAM = true; UseDns = false; + UsePAM = true; - PasswordAuthentication = true; + GSSAPIAuthentication = false; + HostbasedAuthentication = false; KbdInteractiveAuthentication = true; + KerberosAuthentication = false; + PasswordAuthentication = true; PermitEmptyPasswords = false; PubkeyAuthentication = false; - HostbasedAuthentication = false; - KerberosAuthentication = false; - GSSAPIAuthentication = false; }; }; }