tweaks

2025-11-04 12:48:38 +00:00 · 2025-11-04 12:48:38 +00:00 · 9f40a68eb4
commit 9f40a68eb4
parent 766f143e51
12 changed files with 222 additions and 215 deletions
--- a/system/configuration.nix
+++ b/system/configuration.nix
@ -12,16 +12,18 @@ in {
  zramSwap.enable = true;
  networking.hostName = "distrust";

-  services.openssh = {
-    enable = true;
-    settings.PermitRootLogin = "yes";
-    ports = [292];
-  };
-  services.fail2ban.enable = true;
-  services.endlessh = {
-    enable = true;
-    port = 22;
-    openFirewall = true;
+  services = {
+    openssh = {
+      enable = true;
+      settings.PermitRootLogin = "yes";
+      ports = [292];
+    };
+    fail2ban.enable = true;
+    endlessh = {
+      enable = true;
+      port = 22;
+      openFirewall = true;
+    };
  };

  users.users.root.openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxah5pnxmk=P7HtwRsryDoAHZsDs5RcGP9IPCNg1KFe cardno;16-179-196"];
--- a/system/default.nix
+++ b/system/default.nix
@ -3,6 +3,5 @@
    ./configuration.nix
    ./hardware-configuration.nix
    ./networking.nix
-    <nixpkgs/nixos/modules/profiles/hardened.nix>
  ];
 }
--- a/system/hardware-configuration.nix
+++ b/system/hardware-configuration.nix
@ -1,8 +1,12 @@
 {modulesPath, ...}: {
  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
-  boot.loader.grub.device = "/dev/sda";
-  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
-  boot.initrd.kernelModules = ["nvme"];
+  boot = {
+    loader.grub.device = "/dev/sda";
+    initrd = {
+      availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
+      kernelModules = ["nvme"];
+    };
+  };
  fileSystems."/" = {
    device = "/dev/sda1";
    fsType = "ext4";