jordan/nix-config
1
1
Fork 0
Code Issues 14 Pull Requests Actions Projects 3 Wiki Activity

hosts/server: always add root SSH key
All checks were successful
Check flake / build-amd64-linux (push) Successful in 4m20s
Details

Browse Source
This commit is contained in:
Jordan Holt 2025-03-30 17:01:51 +01:00
parent 863a02769f
commit ae4a0ebf84
Signed by: jordan
GPG Key ID: B8CFFF61F1CCF520
4 changed files with 16 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
hosts/mail/default.nix
View File

@ -1,6 +1,5 @@
{ {
inputs, inputs,
lib,
... ...
}: }:
@ -25,18 +24,6 @@
}; };
}; };
users = {
users = {
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
];
};
};
};
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
modules = { modules = {
services = { services = {
borgmatic = { borgmatic = {

16
hosts/server.nix
View File

@ -1,7 +1,11 @@
{ {
lib,
... ...
}: }:
let
inherit (lib) mkForce;
in
{ {
imports = [ imports = [
./common.nix ./common.nix
@ -29,6 +33,16 @@
# }; # };
}; };
users = {
users = {
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
];
};
};
};
systemd = { systemd = {
enableEmergencyMode = false; enableEmergencyMode = false;
@ -56,6 +70,8 @@
]; ];
}; };
services.openssh.settings.PermitRootLogin = mkForce "prohibit-password";
modules.services.tailscale = { modules.services.tailscale = {
enable = true; enable = true;
restrictSSH = false; restrictSSH = false;

9
hosts/skycam/default.nix
View File

@ -1,7 +1,6 @@
{ {
inputs, inputs,
config, config,
lib,
pkgs, pkgs,
... ...
}: }:
@ -82,14 +81,6 @@
}; };
}; };
users.users.root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
];
};
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
systemd.services.ustreamer = { systemd.services.ustreamer = {
enable = true; enable = true;
description = "uStreamer service"; description = "uStreamer service";

8
hosts/vps1/default.nix
View File

@ -1,5 +1,4 @@
{ {
lib,
... ...
}: }:
@ -41,19 +40,12 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaaS+KMAEAymZhIJGC4LK8aMhUzhpmloUgvP2cxeBH4 jellyfin" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaaS+KMAEAymZhIJGC4LK8aMhUzhpmloUgvP2cxeBH4 jellyfin"
]; ];
}; };
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
];
};
}; };
groups = { groups = {
jellyfin = { }; jellyfin = { };
}; };
}; };
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
modules = { modules = {
services = { services = {
borgmatic = { borgmatic = {