31 lines
726 B
Nix
31 lines
726 B
Nix
{config, ...}: {
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
nix.settings.experimental-features = ["nix-command" "flakes"];
|
|
|
|
customOps.owner = "toufy";
|
|
customOps.domain = {
|
|
name = "toufy";
|
|
tld = "me";
|
|
};
|
|
|
|
sops.secrets."ssh/authorizedKeys/owner" = {};
|
|
|
|
users.users.root.openssh.authorizedKeys.keyFiles = [
|
|
config.sops.secrets."ssh/authorizedKeys/owner".path
|
|
];
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
ports = [22];
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
KbdInteractiveAuthentication = false;
|
|
AllowUsers = null;
|
|
UseDns = true;
|
|
X11Forwarding = false;
|
|
PermitRootLogin = "prohibit-password";
|
|
};
|
|
};
|
|
}
|