things

configuration.nix

@@ -55,7 +55,8 @@
   users.users.root = {
     packages = with pkgs; [
       kitty # for terminfo
-      neofetch # for shits and giggles
+      fastfetch # for shits and giggles
+      tmux
     ];
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICW1+Ml8R9x1LCJaZ8bIZ1qIV4HCuZ6x7DziFW+0Nn5T xengi@kanae_2022-12-09"
@@ -69,16 +70,25 @@
   };
 
   networking = {
+    hostname = "matrix";
+    domain = "berlin.ccc.de";
+    nameservers = [
+      "2606:4700:4700::1111#one.one.one.one"
+      "2620:fe::fe#dns.quad9.net"
+    ];
+    useDHCP = false;
     useNetworkd = true;
-    nftables.enable = true;
     dhcpcd.enable = false;
+    nftables.enable = true;
+    tempAddresses = "disabled";
     firewall = {
       enable = true;
       allowedTCPPorts = [
-        22 # SSH
+        22
         80 # HTTP/1
         443 # HTTP/2
         8448 # Matrix federation
+        10022 # SSH
       ];
       allowedUDPPorts = [
         443 # HTTP/3
@@ -94,7 +104,7 @@
     fstrim.enable = false; # Let Proxmox host handle fstrim
     openssh = {
       enable = true;
-      openFirewall = true;
+      ports = [ 22 10022 ];
       settings = {
         PermitEmptyPasswords = "no";
         PermitRootLogin = "prohibit-password";
@@ -111,6 +121,10 @@
          \/_/\/_/\/_/\/__/\/_/ \/__/ \/_/   \/_/\//\/_/   \/____/\/____/\/____/ \/___/
       '';
     };
+    sshguard = {
+      enable = true;
+      services = [ "sshd" ];
+    };
     # Cache DNS lookups to improve performance
     resolved = {
       enable = true;