foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-02-12 00:18:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

nixos/suites/server: fix default SSH server settings

Browse Source
This commit is contained in:
Gabriel Arazas 2024-09-28 19:00:30 +08:00
parent 88f5715fe1
commit 2efee4c1a7
No known key found for this signature in database
GPG Key ID: 62104B43D00AA360
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
modules/nixos/_private/suites/server.nix
View File

@ -14,15 +14,15 @@ in
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (lib.mkMerge [
({ {
assertions = [{ assertions = lib.singleton {
assertion = assertion =
!config.suites.desktop.enable || !config.suites.server.enable; !config.suites.desktop.enable || !config.suites.server.enable;
message = '' message = ''
Desktop profile is also enabled. The profiles `desktop` and `server` Desktop profile is also enabled. The profiles `desktop` and `server`
are mutually exclusive. are mutually exclusive.
''; '';
}]; };
# Set the time zone. We're making it easier to track by assigning a # Set the time zone. We're making it easier to track by assigning a
# universal time zone and what could be more universal than the # universal time zone and what could be more universal than the
@ -36,15 +36,15 @@ in
# Most servers will have to be accessed for debugging so it is here. But # Most servers will have to be accessed for debugging so it is here. But
# be sure to set the appropriate public keys for the users from that # be sure to set the appropriate public keys for the users from that
# server. # server.
services.openssh = lib.mkDefault { services.openssh = {
enable = true; enable = lib.mkDefault true;
settings = { settings = {
# Making it verbose for services such as fail2ban. # Making it verbose for services such as fail2ban.
LogLevel = "VERBOSE"; LogLevel = "VERBOSE";
# Both are good for hardening as it only requires the keyfiles. # Both are good for hardening as it only requires the keyfiles.
PasswordAuthentication = "no"; PasswordAuthentication = false;
PermitRootLogin = "no"; PermitRootLogin = "no";
}; };
}; };
@ -67,7 +67,7 @@ in
# We're only going to deal with servers in English. # We're only going to deal with servers in English.
i18n.defaultLocale = lib.mkForce "en_US.UTF-8"; i18n.defaultLocale = lib.mkForce "en_US.UTF-8";
i18n.supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ]; i18n.supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
}) }
(lib.mkIf cfg.auto-upgrade.enable { (lib.mkIf cfg.auto-upgrade.enable {
system.autoUpgrade = { system.autoUpgrade = {