Commit 2aeb4af
Changed files (4)
modules
nixos
vars
modules/nixos/base/networking.nix
@@ -13,23 +13,6 @@
};
};
- networking.firewall = {
- allowedTCPPortRanges = [
- {
- # KDE Connect
- from = 1714;
- to = 1764;
- }
- ];
- allowedUDPPortRanges = [
- {
- # KDE Connect
- from = 1714;
- to = 1764;
- }
- ];
- };
-
# Use an NTP server located in the mainland of China to synchronize the system time
networking.timeServers = [
"ntp.aliyun.com" # Aliyun NTP Server
modules/nixos/base/ssh.nix
@@ -0,0 +1,18 @@
+{lib, ...}: {
+ # Or disable the firewall altogether.
+ networking.firewall.enable = lib.mkDefault false;
+ # Enable the OpenSSH daemon.
+ services.openssh = {
+ enable = true;
+ settings = {
+ # root user is used for remote deployment.
+ PermitRootLogin = "prohibit-password";
+ PasswordAuthentication = false; # disable password login
+ };
+ openFirewall = true;
+ };
+
+ # Add terminfo database of all known terminals to the system profile.
+ # https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/config/terminfo.nix
+ environment.enableAllTerminfo = true;
+}
modules/nixos/base/user-group.nix
@@ -28,5 +28,6 @@
# root's ssh key are mainly used for remote deployment
users.users.root = {
inherit (myvars) initialHashedPassword;
+ openssh.authorizedKeys.keys = myvars.sshAuthorizedKeys;
};
}
vars/default.nix
@@ -5,4 +5,8 @@
networking = import ./networking.nix {inherit lib;};
# generated by `mkpasswd -m scrypt`
initialHashedPassword = "$7$CU..../....xQnray7Ah6GYybfmtsxmF.$k0F/eaOC2.9gXwXp0jgMrFM.fnMtFqYi3GZFaaJGsl3";
+ # Public Keys that can be used to login to all my PC and servers.
+ sshAuthorizedKeys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIyxd+nyK9cnULmzXIMhE1/rIB3VMsJ6SuWV4Ha8oE0F hpcesia@kevin"
+ ];
}