From f9b24f3015d518207fb40c8de5dea8d5de182977 Mon Sep 17 00:00:00 2001 From: TheArcaneBrony Date: Sun, 2 Apr 2023 15:27:27 +0200 Subject: Improve SSH config --- modules/base.nix | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/modules/base.nix b/modules/base.nix index 3b34ff3..c9657e4 100755 --- a/modules/base.nix +++ b/modules/base.nix @@ -22,6 +22,8 @@ }; timeout = 1; }; + # Emma - Is this secure? + #initrd.network.ssh.enable = true; }; networking = { @@ -39,14 +41,39 @@ useDHCP = false; nameservers = [ "1.1.1.1" ]; defaultGateway = "192.168.1.1"; + + extraHosts = '' + 192.168.1.2 secrets.spacebar.local + ''; }; services = { openssh = { enable = true; - }; + banner = [ + " yg__ _ay yggggy $@@ " + " @@@@@gg@@@@  a@@~~~~ yy_yggy yggy_yy _yaggy _yggy_ $@@yagy_ _agy_yy,yy_yg" + "g@@~~~$~~~$@$ `?@@@gy @@@~~R@@_@@P~~@@@y@@F~~~g@@~_$@$$@@F~~@@La@@~~4@@L@@@F~" + "@@@yyy@yyy@@@ y___y@@F@@$__g@@M@@L__a@@4@@y___4@@~~~~~$@@__y@@F$@$__y@@L@@$ " + "`?PPPPPPPPPF~ fR@@@P~ @@F4@@P~ ~4@@P~RR ~4@@@P ~4@@@P 4RF?@@P~ ~R@RFRRFRRF " + "  @@F " + ]; + settings = { + PasswordAuthentication = false; + GatewyPorts = "yes"; + KbdInteractiveAuthentication = false; + }; + startWhenNeeded = true; + }; }; + security = { + sudo = { + wheelNeedsPassword = false; + execWheelOnly = true; + } + polkit.enable = true; + }; environment.systemPackages = with pkgs; [ wget @@ -70,8 +97,6 @@ i18n.defaultLocale = "en_US.UTF-8"; nix.settings.experimental-features = [ "nix-command" "flakes" ]; nixpkgs.config.allowUnfree = true; - security.sudo.wheelNeedsPassword = false; - security.polkit.enable = true; sound.enable = false; system.stateVersion = "22.11"; # DO NOT EDIT! } -- cgit 1.4.1