62 lines
1.8 KiB
Nix
62 lines
1.8 KiB
Nix
{pkgs, ...}: let
|
|
updateScript = pkgs.writeShellScriptBin "rebuild" ''
|
|
#!/bin/sh
|
|
nixos-rebuild switch --flake /etc/nixos#distrust --impure
|
|
'';
|
|
tor-hostname = import ../helpers/tor-hostname.nix {inherit pkgs;};
|
|
in {
|
|
environment.systemPackages = with pkgs; [vim btop git alejandra statix deadnix] ++ [updateScript tor-hostname];
|
|
|
|
nix.settings.experimental-features = ["nix-command" "flakes"];
|
|
|
|
boot.tmp.cleanOnBoot = true;
|
|
zramSwap.enable = true;
|
|
networking.hostName = "distrust";
|
|
|
|
services = {
|
|
openssh = {
|
|
enable = true;
|
|
ports = [292];
|
|
settings.PasswordAuthentication = false;
|
|
};
|
|
fail2ban.enable = true;
|
|
endlessh = {
|
|
enable = true;
|
|
port = 22;
|
|
openFirewall = true;
|
|
};
|
|
};
|
|
|
|
users.users.root.hashedPassword = "!";
|
|
users.users.anon = {
|
|
isNormalUser = true;
|
|
extraGroups = ["wheel"];
|
|
hashedPassword = "$6$GAyfgaTQgaBipAbb$gF/9YBh2ucVa/9vDQvEu9DVjSbsqdvSoXwA5RX0kP7.xdCfLqXhGBLlSXHg0e4rkLLd6zI1gRTWd4TfMjnnpS/";
|
|
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxah5pnxmk+P7HtwRsryDoAHZsDs5RcGP9IPCNg1KFe cardno:16_179_196"];
|
|
};
|
|
security.sudo.wheelNeedsPassword = true;
|
|
|
|
systemd = {
|
|
services.clear-var-log = {
|
|
description = "Clear /var/log directory";
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
ExecStart = "${pkgs.coreutils}/bin/rm -rf /var/log/*";
|
|
User = "root";
|
|
Group = "root";
|
|
};
|
|
};
|
|
timers.clear-var-log = {
|
|
description = "Hourly timer to clear /var/log";
|
|
wants = ["clear-var-log.service"];
|
|
timerConfig = {
|
|
OnCalendar = "hourly";
|
|
Persistent = true;
|
|
Unit = "clear-var-log.service";
|
|
};
|
|
wantedBy = ["timers.target"];
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "25.05";
|
|
}
|