diff --git a/infra/vm02187/configuration.nix b/infra/vm02187/configuration.nix index 1d73482..9b3718e 100644 --- a/infra/vm02187/configuration.nix +++ b/infra/vm02187/configuration.nix @@ -159,7 +159,8 @@ ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, echo-reply, echo-request, nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert, packet-too-big, parameter-problem, time-exceeded } accept # open tcp ports: sshd (22) - ip saddr $ssh_allow tcp dport {ssh} accept + # ip saddr $ssh_allow tcp dport {ssh} accept + tcp dport {ssh} accept # open tcp ports: snmp (161) ip saddr $snmp_allow udp dport {snmp} accept @@ -214,6 +215,15 @@ packages = with pkgs; [ ]; }; + users.users.valentin = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOJzgwAYAoMexc1fBJxU08YmsiU9T4Ua8QFeE4/kZNZ5" + ]; + packages = with pkgs; [ ]; + }; + # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ @@ -238,6 +248,8 @@ # Enable the OpenSSH daemon. services.openssh.enable = true; + services.openssh.settings.PasswordAuthentication = false; + security.sudo.wheelNeedsPassword = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions