53 lines
1.3 KiB
Nix
53 lines
1.3 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
system.stateVersion = "25.05";
|
|
|
|
imports =
|
|
[
|
|
./modules/bootloader.nix
|
|
./modules/hardware-configuration.nix # Include the results of the hardware scan.
|
|
./modules/networking.nix
|
|
./modules/users.nix
|
|
./modules/audio.nix
|
|
./modules/printing.nix
|
|
./modules/localization.nix
|
|
./modules/x.nix
|
|
];
|
|
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
programs.git.enable = true;
|
|
programs.firefox.enable = true;
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
environment.systemPackages = with pkgs; [ neovim ];
|
|
|
|
services.spice-vdagentd.enable = true;
|
|
services.openssh = {
|
|
enable = true;
|
|
startWhenNeeded = true;
|
|
settings = {
|
|
## hardening
|
|
PermitRootLogin = "no";
|
|
MaxAuthTries = 3;
|
|
LoginGraceTime = "1m";
|
|
PasswordAuthentication = false;
|
|
PermitEmptyPasswords = false;
|
|
ChallengeResponseAuthentication = false;
|
|
KerberosAuthentication = false;
|
|
GSSAPIAuthentication = false;
|
|
X11Forwarding = false;
|
|
PermitUserEnvironment = false;
|
|
AllowAgentForwarding = false;
|
|
AllowTcpForwarding = false;
|
|
PermitTunnel = false;
|
|
## sshd_config defaults on Arch Linux
|
|
KbdInteractiveAuthentication = false;
|
|
UsePAM = true;
|
|
PrintMotd = false;
|
|
};
|
|
};
|
|
}
|