hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(hosts): use modules/ssh with sensible defaults

Browse Source
This commit is contained in:
Hektor Misplon
2026-03-11 14:49:23 +01:00
parent b9bdd36a05
commit 828b5d7374
8 changed files with 11 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
hosts/andromache/default.nix
View File

@@ -35,7 +35,7 @@ in
../../modules/audio
../../modules/localization
../../modules/fonts
../../modules/ssh/hardened-openssh.nix
../../modules/ssh
../../modules/storage
../../modules/stylix
(import ../../modules/secrets { inherit lib inputs config; })
@@ -111,18 +111,11 @@ in
];
};
services = {
locate = {
services.locate = {
enable = true;
package = pkgs.plocate;
};
openssh = {
enable = true;
harden = true;
};
};
networking = {
# TODO: generate unique hostId on actual host with: head -c 8 /etc/machine-id
hostId = "80eef97e";

6
hosts/astyanax/default.nix
View File

@@ -34,7 +34,7 @@ in
../../modules/users
../../modules/localization
../../modules/fonts
../../modules/ssh/hardened-openssh.nix
../../modules/ssh
../../modules/storage
../../modules/stylix
(import ../../modules/secrets { inherit lib inputs config; })
@@ -100,10 +100,6 @@ in
services = {
fwupd.enable = true;
openssh = {
enable = true;
harden = true;
};
locate = {
enable = true;
package = pkgs.plocate;

9
hosts/eetion-02/default.nix
View File

@@ -10,7 +10,7 @@ in
{
imports = [
./hard.nix
../../modules/ssh/hardened-openssh.nix
../../modules/ssh
];
ssh = {
@@ -59,13 +59,6 @@ in
security.sudo.wheelNeedsPassword = false;
services = {
openssh = {
enable = true;
harden = true;
};
};
environment.systemPackages = with pkgs; [
vim
git

7
hosts/eetion/default.nix
View File

@@ -10,7 +10,7 @@ in
{
imports = [
./hard.nix
../../modules/ssh/hardened-openssh.nix
../../modules/ssh
];
ssh = {
@@ -52,11 +52,6 @@ in
security.sudo.wheelNeedsPassword = false;
services = {
openssh = {
enable = true;
harden = true;
};
paperless = {
enable = true;
passwordFile = "/etc/paperless-admin-pass";

7
hosts/hecuba/default.nix
View File

@@ -15,7 +15,7 @@ in
inputs.disko.nixosModules.disko
../../modules/common
./hard.nix
../../modules/ssh/hardened-openssh.nix
../../modules/ssh
../../modules/docker
../../modules/uptime-kuma
];
@@ -78,9 +78,4 @@ in
enable = true;
maxretry = 5;
};
services.openssh = {
enable = true;
harden = true;
};
}

6
hosts/vm/default.nix
View File

@@ -24,7 +24,7 @@ in
../../modules/localization
../../modules/x
../../modules/fonts
../../modules/ssh/hardened-openssh.nix
../../modules/ssh
../../modules/storage
(import ../../modules/secrets {
inherit lib inputs config;
@@ -63,9 +63,5 @@ in
services = {
qemuGuest.enable = true;
spice-vdagentd.enable = true;
openssh = {
enable = true;
harden = true;
};
};
}

18
images/sd-image-orange-pi-aarch64.nix
View File

@@ -12,7 +12,7 @@ let
in
{
imports = [
../modules/ssh/hardened-openssh.nix
../modules/ssh
];
ssh.username = username;
@@ -37,21 +37,5 @@ in
security.sudo.wheelNeedsPassword = false;
services.openssh = {
enable = true;
harden = true;
};
# sdImage.postBuildCommands =
# let
# bootloaderPackage = pkgs.ubootOrangePiZero2;
# bootloaderSubpath = "/u-boot-sunxi-with-spl.bin";
# in
# ''
# dd if=${bootloaderPackage}${bootloaderSubpath} of=$img \
# bs=8 seek=1024 \
# conv=notrunc
# '';
system.stateVersion = "26.05";
}

7
images/sd-image-raspberry-pi-aarch64.nix
View File

@@ -12,7 +12,7 @@ let
in
{
imports = [
../modules/ssh/hardened-openssh.nix
../modules/ssh
];
ssh.username = username;
@@ -60,11 +60,6 @@ in
security.sudo.wheelNeedsPassword = false;
services.openssh = {
enable = true;
harden = true;
};
environment.systemPackages = with pkgs; [
libraspberrypi
];