From 82d6747d8b3deb42e490fb8f4f62ed45fe59711c Mon Sep 17 00:00:00 2001 From: punkfairie Date: Sat, 8 Mar 2025 20:20:53 -0800 Subject: [PATCH] feat: Preparing to deploy on marley{centre,net} --- modules/home/programs/cli/ssh/default.nix | 4 ++-- modules/nixos/bundles/server/default.nix | 1 - modules/nixos/services/openssh/default.nix | 2 +- systems/x86_64-linux/marleycentre/default.nix | 16 +++++++++++----- systems/x86_64-linux/marleynet/default.nix | 15 ++++++++++----- 5 files changed, 24 insertions(+), 14 deletions(-) diff --git a/modules/home/programs/cli/ssh/default.nix b/modules/home/programs/cli/ssh/default.nix index e1927f1..2f45934 100644 --- a/modules/home/programs/cli/ssh/default.nix +++ b/modules/home/programs/cli/ssh/default.nix @@ -15,12 +15,12 @@ in { # %d - local user's home directory # %r - remote username matchBlocks = { - "tty.marleycentre" = { + "marleycentre" = { hostname = "10.10.10.69"; identityFile = "%d/.ssh/%r@marleycentre"; }; - "tty.marleynet" = { + "marleynet" = { hostname = "10.69.69.2"; port = 222; identityFile = "%d/.ssh/%r@marleynet"; diff --git a/modules/nixos/bundles/server/default.nix b/modules/nixos/bundles/server/default.nix index a9d6753..66ca284 100644 --- a/modules/nixos/bundles/server/default.nix +++ b/modules/nixos/bundles/server/default.nix @@ -23,7 +23,6 @@ in { }; services = { - ddclient = enabled; docker = enabled; openssh = enabled; }; diff --git a/modules/nixos/services/openssh/default.nix b/modules/nixos/services/openssh/default.nix index 5452421..e0d0578 100644 --- a/modules/nixos/services/openssh/default.nix +++ b/modules/nixos/services/openssh/default.nix @@ -11,7 +11,7 @@ in { services.openssh = { enable = true; settings = { - PermitRootLogin = "no"; + PermitRootLogin = "prohibit-password"; }; }; }; diff --git a/systems/x86_64-linux/marleycentre/default.nix b/systems/x86_64-linux/marleycentre/default.nix index 1429738..a6c4ebc 100644 --- a/systems/x86_64-linux/marleycentre/default.nix +++ b/systems/x86_64-linux/marleycentre/default.nix @@ -9,12 +9,18 @@ in { bundles.server = enabled; }; - users.users.marley.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAHOJsPkSBBw03QEFRtxnIdLF3OxNdU6T9LuklnkYfVw marley@nyx" + users.users = { + marley.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAHOJsPkSBBw03QEFRtxnIdLF3OxNdU6T9LuklnkYfVw marley@nyx" - # iphone - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+hMOzQBPmi6Rjw7fYvwn43w1Dgk+GEooGPnQz2RTcK Generated By Termius" - ]; + # iphone + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+hMOzQBPmi6Rjw7fYvwn43w1Dgk+GEooGPnQz2RTcK Generated By Termius" + ]; + + root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBvLgGqr22sT1e+pvda5VDA92uCbVHbd61AjIQOA7pXZ marley@nyx" + ]; + }; networking.firewall = { allowedTCPPorts = [6881]; diff --git a/systems/x86_64-linux/marleynet/default.nix b/systems/x86_64-linux/marleynet/default.nix index 45ce16a..1778a3c 100644 --- a/systems/x86_64-linux/marleynet/default.nix +++ b/systems/x86_64-linux/marleynet/default.nix @@ -7,14 +7,19 @@ in { marleyos = { bundles.server = enabled; + services.ddclient = enabled; }; - users.users.marley.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDcKsDGK8C5W6eRsJQSdAOTFVZnkKRWjnyn4iDR8zMi7 marley@nyx" + users.users = { + marley.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDcKsDGK8C5W6eRsJQSdAOTFVZnkKRWjnyn4iDR8zMi7 marley@nyx" - # iphone - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+hMOzQBPmi6Rjw7fYvwn43w1Dgk+GEooGPnQz2RTcK Generated By Termius" - ]; + # iphone + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+hMOzQBPmi6Rjw7fYvwn43w1Dgk+GEooGPnQz2RTcK Generated By Termius" + ]; + + root.openssh.authorizedKeys.keys = []; + }; system.stateVersion = "24.05"; }