Unify user configuration, update to nixos-21.11

2021-12-18 09:58:36 +01:00 · 2021-12-18 09:58:36 +01:00 · 9ad2284444
commit 9ad2284444
parent bb394d63a6
7 changed files with 37 additions and 41 deletions
--- a/config/common/services/nginx.nix
+++ b/config/common/services/nginx.nix
@ -9,6 +9,8 @@
    recommendedProxySettings = true;
    recommendedTlsSettings = true;

+		clientMaxBodySize = "100M";
+
    # Only allow PFS-enabled ciphers with AES256
    sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";

@ -24,7 +26,7 @@
      #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;

      # Minimize information leaked to other domains
-      add_header 'Referrer-Policy' 'origin-when-cross-origin';
+      add_header 'Referrer-Policy' 'same-origin';

      # Disable embedding as a frame
      add_header X-Frame-Options DENY;
--- a/config/common/users.nix
+++ b/config/common/users.nix
@ -0,0 +1,19 @@
+{ ... }:
+{
+	users.users = {
+		emelie = {
+			isNormalUser = true;
+			extraGroups = [ "wheel" ];
+			openssh.authorizedKeys.keys = [
+				"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICO4LyBsW1YuUA6i3EL/IZhchSvk7reO4qgRmR/tdQPU emelie@flap"
+			];
+		};
+		amanda = {
+			isNormalUser = true;
+			extraGroups = [ "wheel" ];
+			openssh.authorizedKeys.keys = [
+				"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILwmREgBmckocQerEfO4XhB+dbKDsZopok37ePWHwCEj id_ed25519"
+			];
+		};
+	};
+}