From 3cd6c1c94152b6d89759de5de1f869e3f1ed07cf Mon Sep 17 00:00:00 2001 From: Henrik Date: Sun, 26 Oct 2025 15:14:09 +0100 Subject: [PATCH] added an ssh key for neo --- nix/configuration.nix | 10 ++++------ nix/modules/security.nix | 17 +++++++++++++++++ nix/modules/ssh.nix | 8 -------- nix/users/keys/neo.pub | 1 + nix/users/users.nix | 9 ++++++--- 5 files changed, 28 insertions(+), 17 deletions(-) create mode 100644 nix/modules/security.nix delete mode 100644 nix/modules/ssh.nix create mode 100644 nix/users/keys/neo.pub diff --git a/nix/configuration.nix b/nix/configuration.nix index 4f346c1..e582626 100644 --- a/nix/configuration.nix +++ b/nix/configuration.nix @@ -3,7 +3,7 @@ { imports = [ ./users/users.nix - ./modules/ssh.nix + ./modules/security.nix ./vps/hetzner/hardware-configuration.nix ./modules/zsh.nix ]; @@ -54,9 +54,9 @@ diskSize = 5000; # 5GB, needed to prevent docker error running out of space # Networking configuration - #forwardPorts = [ - # { from = "host"; host.port = 2222; guest.port = 22; } - #]; + forwardPorts = [ + { from = "host"; host.port = 2222; guest.port = 22; } + ]; }; # Add VM-specific users @@ -69,8 +69,6 @@ packages = with pkgs; [ ]; }; - security.sudo.wheelNeedsPassword = false; - # VM-specific packages environment.systemPackages = with pkgs; [ ]; diff --git a/nix/modules/security.nix b/nix/modules/security.nix new file mode 100644 index 0000000..9b5d71e --- /dev/null +++ b/nix/modules/security.nix @@ -0,0 +1,17 @@ +{ config, pkgs, inputs, ... }: + +{ + # providing an ssh configuration + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; # Disable root login + PasswordAuthentication = false; # Force SSH key auth only + PubkeyAuthentication = true; # Enable SSH keys + }; + ports = [ 22 ]; + }; + + # other security hardening options can go here + security.sudo.wheelNeedsPassword = false; +} \ No newline at end of file diff --git a/nix/modules/ssh.nix b/nix/modules/ssh.nix deleted file mode 100644 index 0888514..0000000 --- a/nix/modules/ssh.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, pkgs, inputs, ... }: - -{ - services.openssh = { - enable = true; - # permitRootLogin = "no"; - }; -} \ No newline at end of file diff --git a/nix/users/keys/neo.pub b/nix/users/keys/neo.pub new file mode 100644 index 0000000..b29ecdc --- /dev/null +++ b/nix/users/keys/neo.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtePfzkSorgiFNuol/pEYlR0HToDCy9fk8PPfZWMuf3 henrik@strange \ No newline at end of file diff --git a/nix/users/users.nix b/nix/users/users.nix index 8d25f0e..b4e24aa 100644 --- a/nix/users/users.nix +++ b/nix/users/users.nix @@ -5,15 +5,18 @@ users.defaultUserShell = pkgs.zsh; users.users.neo = { isNormalUser = true; - description = "Matrix User 1"; + description = "Neovim only user"; extraGroups = [ "networkmanager" "wheel" ]; shell = pkgs.zsh; packages = with pkgs; [ ]; + openssh.authorizedKeys.keyFiles = [ + ./keys/neo.pub + ]; }; users.users.morpheus = { isNormalUser = true; - description = "Matrix User 2"; + description = "Insert joke here"; extraGroups = [ "networkmanager" "wheel" ]; shell = pkgs.zsh; packages = with pkgs; [ ]; @@ -21,7 +24,7 @@ users.users.trinity = { isNormalUser = true; - description = "Matrix User 3"; + description = "Named after an atom bomb test"; extraGroups = [ "networkmanager" "wheel" ]; shell = pkgs.zsh; packages = with pkgs; [ ];