Add openssh server config

2024-07-27 23:25:56 +02:00 · 2024-07-27 23:25:56 +02:00 · f8128b6331
commit f8128b6331
parent b533102019
5 changed files with 28 additions and 1 deletions
--- a/hosts/server/Anton/data.nix
+++ b/hosts/server/Anton/data.nix
@ -1,19 +0,0 @@
-{ pkgs, ... }:
-{
-
-  environment.systemPackages = with pkgs; [
-    mergerfs
-  ];
-
-  fileSystems."/storage" = {
-    fsType = "fuse.mergerfs";
-    device = "/mnt/disks/*";
-    options = ["cache.files=partial" "dropcacheonclose=true" "category.create=mfs"];
-  };
-
-  services.snapraid = {
-    enable = true;
-
-  };
-
-}
--- a/hosts/server/Anton/default.nix
+++ b/hosts/server/Anton/default.nix
@ -1,11 +0,0 @@
-{ pkgs, ... }:
-{
-
-  imports = [
-
-    ./disko.nix
-    ./hardware-configuration.nix
-
-  ];
-
-}
--- a/hosts/server/Anton/disko.nix
+++ b/hosts/server/Anton/disko.nix
@ -1,52 +0,0 @@
-{
-  disko.devices = {
-    disk = {
-      root-drive = {
-        type = "disk";
-        device = "/dev/disk/by-id/wwn-0x5001b44ebc0b613a";
-        content = {
-          type = "gpt";
-          partitions = {
-            ESP = {
-              priority = 1;
-              name = "ESP";
-              size = "512M";
-              type = "EF00";
-              content = {
-                type = "filesystem";
-                format = "vfat";
-                mountpoint = "/boot";
-              };
-            };
-            root = {
-              size = "100%";
-              content = {
-                type = "btrfs";
-                extraArgs = [ "-f" ]; # Override existing partition
-                # Subvolumes must set a mountpoint in order to be mounted,
-                # unless their parent is mounted
-                subvolumes = {
-                  # Subvolume name is different from mountpoint
-                  "/rootfs" = {
-                    mountOptions = [ "compress=zstd" "noatime" ];
-                    mountpoint = "/";
-                  };
-                  # Subvolume name is the same as the mountpoint
-                  "/home" = {
-                    mountOptions = [ "compress=zstd" "noatime" ];
-                    mountpoint = "/home";
-                  };
-                  # Parent is not mounted so the mountpoint must be set
-                  "/nix" = {
-                    mountOptions = [ "compress=zstd" "noatime" ];
-                    mountpoint = "/nix";
-                  };
-                };
-              };
-            };
-          };
-        };
-      };
-    };
-  };
-}
--- a/hosts/server/default.nix
+++ b/hosts/server/default.nix
@ -0,0 +1,7 @@
+{ pkgs, ... }:
+{
+
+  imports = [
+    ./ssh-server.nix
+  ];
+}
--- a/hosts/server/ssh-server.nix
+++ b/hosts/server/ssh-server.nix
@ -0,0 +1,20 @@
+{ pkgs, ... }:
+{
+
+  services.openssh = {
+    enable = true;
+    ports = [ 22 ];
+    settings = {
+      PasswordAuthentication = false;
+      AllowUsers = null; # Allows all users by default. Can be [ "user1" "user2" ]
+      UseDns = true;
+      X11Forwarding = false;
+      PermitRootLogin = "prohibit-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
+    };
+  };
+
+  users.users.willifan.openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMRriQfw3pusl04fGhCNVoRRpye71ZwkDXAtKB/FP1DLXA4cYrwjLzv/fG1hXi7lAMp2vLiABAg/UaTE8roGzlt62XsFNwc1TI5M8m67J0kLkCtz3MkIixe/3GOFXr03g80DPncLyoIYPvvNd/TftTBK4yrrZPvMJaRrZhW/QdLPQpdHalcNRZ4bnBOCtCoqQ6RGrRi2EeKaJDYIFNl13b9FxrXEJcXnbSDdr1KI3q7a+vkefI2knUf2Uk7ufOWTQ1aqc0heGtCNlHzwZUzW/dfrpPmoVPq3Fqxqd9uXqxMk1Z3VnOwWcK3VXfzzBXKTsX0MaUgF1EqxibkYs9bDZqLEXoRucBqk3wwMPy8RJXqQOupoqa2xEOoduBf1qDHEEm69coHCpPm2mQVUrwsPrmTHmOjh9ir0mkVBDRgHvhq/ctQTVO5/SE2NCgPdlvUV5s44LLsUyxBp5JWwXZWlVys+7Dhil6mtRDcH4CXceJn0VZ61Zv2jrCTxQjKsroitSkNbpAkKajQ9moLMAblsSwJzl3uvJJ3ydlxjZefwTO/GjyuJMY2sIU2Tu0YbIVgMyq5L782LduVlyWj+RLWoEu19OfMqQvTWhJnQPAbR82qGzlfTGRLUxoY+G5MYipJwgrBQ2TnpWvfpTrZxFrglSfekz0v54lWzNZpW+irImh4w== willifan@proton.me"
+  ];
+
+}