From 37f5f73a761cdf9e3d94ecb67c7df0f5d0c6811b Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sun, 24 Sep 2023 14:56:07 +0200 Subject: [PATCH] sshd module, home-shared-modules --- modules/default.nix | 1 + modules/desktop/default.nix | 10 ------ modules/server.nix | 22 +++---------- modules/sshd.nix | 13 ++++++++ modules/users/home-manager.nix | 46 ++------------------------- modules/users/home-shared-modules.nix | 44 +++++++++++++++++++++++++ modules/users/vinzenz-home.nix | 1 - 7 files changed, 66 insertions(+), 71 deletions(-) create mode 100644 modules/sshd.nix create mode 100644 modules/users/home-shared-modules.nix diff --git a/modules/default.nix b/modules/default.nix index 9ae0dec..841095e 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -5,6 +5,7 @@ modulesCfg: {lib, ...}: { ./nixpkgs.nix ./globalinstalls.nix ./server.nix + ./sshd.nix ] ++ (map (path: (import path modulesCfg)) [ ./hardware diff --git a/modules/desktop/default.nix b/modules/desktop/default.nix index cb56ba0..66ede1e 100644 --- a/modules/desktop/default.nix +++ b/modules/desktop/default.nix @@ -27,16 +27,6 @@ in { # Enable CUPS to print documents. printing.enable = true; - - # Enable the OpenSSH daemon. - openssh = { - enable = true; - settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; }; # Enable sound with pipewire. diff --git a/modules/server.nix b/modules/server.nix index a79adad..a3db927 100644 --- a/modules/server.nix +++ b/modules/server.nix @@ -11,26 +11,14 @@ in { }; config = lib.mkIf cfg.enable { - services = { - # Enable the OpenSSH daemon. - openssh = { - enable = true; - settings = { - # PermitRootLogin = "no"; # this is managed through authorized keys - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - }; - networking.firewall = { enable = true; allowedTCPPortRanges = [ - { - # ssh - from = 22; - to = 22; - } + # { + # # ssh + # from = 22; + # to = 22; + # } ]; }; }; diff --git a/modules/sshd.nix b/modules/sshd.nix new file mode 100644 index 0000000..747eeac --- /dev/null +++ b/modules/sshd.nix @@ -0,0 +1,13 @@ +{...}: { + config = { + services.openssh = { + enable = true; + openFirewall = true; + settings = { + PermitRootLogin = "without-password"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + }; +} diff --git a/modules/users/home-manager.nix b/modules/users/home-manager.nix index 4601b8d..73adcc6 100644 --- a/modules/users/home-manager.nix +++ b/modules/users/home-manager.nix @@ -13,53 +13,13 @@ useUserPackages = true; useGlobalPkgs = true; + # defaults for users + sharedModules = import ./home-shared-modules.nix; + users = { ronja = lib.mkIf (builtins.elem "ronja" config.my.enabledUsers) (import ./ronja-home.nix); vinzenz = lib.mkIf (builtins.elem "vinzenz" config.my.enabledUsers) (import ./vinzenz-home.nix); }; - - sharedModules = [ - # set stateVersion - {home.stateVersion = "22.11";} - # make nano the default editor - { - home = { - sessionVariables.EDITOR = "nano"; - file.".nanorc".text = lib.mkDefault '' - set linenumbers - set mouse - ''; - }; - } - # command line niceness - { - programs = { - command-not-found.enable = true; - dircolors.enable = true; - - zsh = { - enable = true; - enableSyntaxHighlighting = true; - enableAutosuggestions = true; - enableVteIntegration = true; - }; - }; - } - # common git config - { - programs = { - git = { - enable = true; - extraConfig.init.defaultBranch = "main"; - }; - - gh = { - enable = true; - enableGitCredentialHelper = true; - }; - }; - } - ]; }; }; } diff --git a/modules/users/home-shared-modules.nix b/modules/users/home-shared-modules.nix new file mode 100644 index 0000000..b2bd91a --- /dev/null +++ b/modules/users/home-shared-modules.nix @@ -0,0 +1,44 @@ +[ + # set stateVersion + { + home.stateVersion = "22.11"; + } + # make nano the default editor + { + home = { + sessionVariables.EDITOR = "nano"; + file.".nanorc".text = '' + set linenumbers + set mouse + ''; + }; + } + # command line niceness + { + programs = { + command-not-found.enable = true; + dircolors.enable = true; + + zsh = { + enable = true; + enableSyntaxHighlighting = true; + enableAutosuggestions = true; + enableVteIntegration = true; + }; + }; + } + # common git config + { + programs = { + git = { + enable = true; + extraConfig.init.defaultBranch = "main"; + }; + + gh = { + enable = true; + enableGitCredentialHelper = true; + }; + }; + } +] diff --git a/modules/users/vinzenz-home.nix b/modules/users/vinzenz-home.nix index 477b649..3ee1b64 100644 --- a/modules/users/vinzenz-home.nix +++ b/modules/users/vinzenz-home.nix @@ -75,7 +75,6 @@ extraConfig = { pull.ff = "only"; - init.defaultBranch = "main"; merge.tool = "kdiff3"; push.autoSetupRemote = "true"; };