Merge branch 'main' of ssh://git.berlin.ccc.de/cccb/matrix

2025-12-05 21:34:08 +01:00 · 2025-12-05 21:34:08 +01:00 · 1889afea8d
commit 1889afea8d
parent a9714a1d6c 4ec1302a68
4 changed files with 35 additions and 13 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -49,13 +49,13 @@
  proxmoxLXC = {
    manageNetwork = false;
    manageHostName = false;
-    privileged = true;
+    privileged = false;
  };

  users.users.root = {
    packages = with pkgs; [
      kitty # for terminfo
-      neofetch # for shits and giggles
+      fastfetch # for shits and giggles
    ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICW1+Ml8R9x1LCJaZ8bIZ1qIV4HCuZ6x7DziFW+0Nn5T xengi@kanae_2022-12-09"
@ -69,9 +69,17 @@
  };

  networking = {
+    hostName = "matrix";
+    domain = "berlin.ccc.de";
+    nameservers = [
+      "2606:4700:4700::1111#one.one.one.one"
+      "2620:fe::fe#dns.quad9.net"
+    ];
+    useDHCP = false;
    useNetworkd = true;
-    nftables.enable = true;
    dhcpcd.enable = false;
+    nftables.enable = true;
+    tempAddresses = "disabled";
    firewall = {
      enable = true;
      allowedTCPPorts = [
@ -94,7 +102,6 @@
    fstrim.enable = false; # Let Proxmox host handle fstrim
    openssh = {
      enable = true;
-      openFirewall = true;
      settings = {
        PermitEmptyPasswords = "no";
        PermitRootLogin = "prohibit-password";
@ -111,6 +118,10 @@
         \/_/\/_/\/_/\/__/\/_/ \/__/ \/_/   \/_/\//\/_/   \/____/\/____/\/____/ \/___/
      '';
    };
+    sshguard = {
+      enable = true;
+      services = [ "sshd" ];
+    };
    # Cache DNS lookups to improve performance
    resolved = {
      enable = true;