Add changes that hadn't been pushed to the repo as well

2024-11-20 12:41:13 +01:00 · 2024-11-20 12:41:13 +01:00 · fe0c69f6d9
commit fe0c69f6d9
parent aad7a984c2
1 changed files with 13 additions and 1 deletions
--- a/infra/vm02187/configuration.nix
+++ b/infra/vm02187/configuration.nix
@ -159,7 +159,8 @@
                ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, echo-reply, echo-request, nd-neighbor-solicit,  nd-router-advert, nd-neighbor-advert, packet-too-big, parameter-problem, time-exceeded } accept

                # open tcp ports: sshd (22)
-                ip saddr $ssh_allow tcp dport {ssh} accept
+                # ip saddr $ssh_allow tcp dport {ssh} accept
+                tcp dport {ssh} accept

                # open tcp ports: snmp (161)
                ip saddr $snmp_allow udp dport {snmp} accept
@ -214,6 +215,15 @@
    packages = with pkgs; [ ];
  };

+  users.users.valentin = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOJzgwAYAoMexc1fBJxU08YmsiU9T4Ua8QFeE4/kZNZ5"
+    ];
+    packages = with pkgs; [ ];
+  };
+
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
@ -238,6 +248,8 @@

  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
+  services.openssh.settings.PasswordAuthentication = false;
+  security.sudo.wheelNeedsPassword = false;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions