emelie/nix-deploy
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Wiki Activity

Add various changes

Browse source
This commit is contained in:
Emelie Graven 2022-02-26 16:09:12 +01:00
parent 00734e521f
commit f58e968756
Signed by: emelie
GPG key ID: C11123726DBB55A1
10 changed files with 77 additions and 76 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
config/common/services/ssh.nix
View file

@ -1,13 +1,14 @@
{ ... }: { config, ... }:
{ {
services.openssh = { services.openssh = {
enable = true; enable = true;
permitRootLogin = "no"; permitRootLogin = "no";
passwordAuthentication = false; passwordAuthentication = false;
challengeResponseAuthentication = false; challengeResponseAuthentication = false;
hostKeys = [ { "path" = "/etc/ssh/ssh_host_ed25519_key"; "type" = "ed25519"; } ]; hostKeys = [ { path = config.secrets.files.ssh_host_ed25519_key.file; type = "ed25519"; } ];
kexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ]; kexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com" "umac-128-etm@openssh.com" ]; macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com" "umac-128-etm@openssh.com" ];
}; };
programs.ssh.knownHosts = { programs.ssh.knownHosts = {

BIN
config/hosts/grondahl/data/secrets/secrets.nix
View file

Binary file not shown.

BIN
config/hosts/grondahl/data/secrets/ssh_host_ed25519_key Normal file
View file

Binary file not shown.

1
config/hosts/rudiger/configuration.nix
View file

@ -50,6 +50,7 @@
nameservers = [ "1.1.1.1" "1.0.0.1" "2606:4700:4700::1111" "2606:4700:4700::1001" ]; nameservers = [ "1.1.1.1" "1.0.0.1" "2606:4700:4700::1111" "2606:4700:4700::1001" ];
}; };
nix = { nix = {
autoOptimiseStore = true; autoOptimiseStore = true;
trustedUsers = [ trustedUsers = [

BIN
config/hosts/rudiger/data/secrets/secrets.nix
View file

Binary file not shown.

BIN
config/hosts/rudiger/data/secrets/ssh_host_ed25519_key Normal file
View file

Binary file not shown.

1
config/hosts/wind/configuration.nix
View file

@ -34,7 +34,6 @@
networking.interfaces.ens3.ipv6.addresses = [ { address = "2a01:4f9:c010:34cb::1"; prefixLength = 64; } ]; networking.interfaces.ens3.ipv6.addresses = [ { address = "2a01:4f9:c010:34cb::1"; prefixLength = 64; } ];
networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; }; networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
users.users.deploy-web = { users.users.deploy-web = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "nginx" ]; extraGroups = [ "nginx" ];

BIN
config/hosts/wind/data/secrets/secrets.nix
View file

Binary file not shown.

BIN
config/hosts/wind/data/secrets/ssh_host_ed25519_key Normal file
View file

Binary file not shown.

24
config/sources/nix/sources.json
View file

@ -5,10 +5,10 @@
"homepage": "https://github.com/nmattia/niv", "homepage": "https://github.com/nmattia/niv",
"owner": "nmattia", "owner": "nmattia",
"repo": "niv", "repo": "niv",
"rev": "5830a4dd348d77e39a0f3c4c762ff2663b602d4c", "rev": "9cb7ef336bb71fd1ca84fc7f2dff15ef4b033f2a",
"sha256": "1d3lsrqvci4qz2hwjrcnd8h5vfkg8aypq3sjd4g3izbc8frwz5sm", "sha256": "1ajyqr8zka1zlb25jx1v4xys3zqmdy3prbm1vxlid6ah27a8qnzh",
"type": "tarball", "type": "tarball",
"url": "https://github.com/nmattia/niv/archive/5830a4dd348d77e39a0f3c4c762ff2663b602d4c.tar.gz", "url": "https://github.com/nmattia/niv/archive/9cb7ef336bb71fd1ca84fc7f2dff15ef4b033f2a.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"nixos-hardware": { "nixos-hardware": {
@ -17,10 +17,10 @@
"homepage": "", "homepage": "",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "46df95ca81e7e4cf3458cdb4b7d1714b5fce9da5", "rev": "c361b954759195c2ac085fbbed5ad7d513e1585b",
"sha256": "0rxff15a2z9hcs4xkaymdwgqlkjxvyyylcg66qhi23lia995f2ga", "sha256": "0grx60c7qhidnna8d5i6mq4mymwpq8rlkrl275dgchv5yfy451js",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixos-hardware/archive/46df95ca81e7e4cf3458cdb4b7d1714b5fce9da5.tar.gz", "url": "https://github.com/NixOS/nixos-hardware/archive/c361b954759195c2ac085fbbed5ad7d513e1585b.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"nixpkgs": { "nixpkgs": {
@ -29,10 +29,10 @@
"homepage": "", "homepage": "",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c6019d8efb5530dcf7ce98086b8e091be5ff900a", "rev": "c28fb0a4671ff2715c1922719797615945e5b6a0",
"sha256": "1havpwch8wkbhw0y2q3rnx4z0dz66msxb1agynrgvkw4qmm2hbpj", "sha256": "1qzvhxcsxb6s410xlfs4ggcvm1xbbd4jrazy6cpxc1rkrxbyz0kk",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/c6019d8efb5530dcf7ce98086b8e091be5ff900a.tar.gz", "url": "https://github.com/NixOS/nixpkgs/archive/c28fb0a4671ff2715c1922719797615945e5b6a0.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"nixus": { "nixus": {
@ -41,10 +41,10 @@
"homepage": "", "homepage": "",
"owner": "Infinisil", "owner": "Infinisil",
"repo": "nixus", "repo": "nixus",
"rev": "817ef8a9a9e37e9fbf414507daaf8e477640e1c7", "rev": "60ea7eb5e18d58ac7742234855b7192112fd4049",
"sha256": "1lrns4lm7kskg7vcdw3m3kpwn669q7qbrmj8n24399ghr699v70h", "sha256": "0c9jkhd6xmgaw2gzbcsf7k1p42sn8dyhla71x1bp902mnfdgjsxx",
"type": "tarball", "type": "tarball",
"url": "https://github.com/Infinisil/nixus/archive/817ef8a9a9e37e9fbf414507daaf8e477640e1c7.tar.gz", "url": "https://github.com/Infinisil/nixus/archive/60ea7eb5e18d58ac7742234855b7192112fd4049.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
} }
} }