infra/modules/nixos/common/security.nix

{
  # Make sure that the firewall is enabled, even if it's the default.
  networking.firewall.enable = true;

  # allow to access emergency shell with a password
  boot.initrd.systemd.emergencyAccess = "$6$he2fblfl/H7I.kvz$WbSCMXu8ztmqfj5jG4czqvu/rkMHxufxqHgy1urzXFSN.jZB4QiW5lOjR08vk8pZTyim3TT1wFkMaNE9zZ3sc1";

  services.openssh = {
    hostKeys = [
      {
        path = "/etc/ssh/ssh_host_ed25519_key";
        type = "ed25519";
      }
    ];
  };
}
Modularise setup, add hardening config 2019-08-11 19:53:02 +01:00			`{`
roles/security: allow sudo without password (#63) Encourage users to SSH as their own users. Wser accounts were not able to `sudo` as they don't have a password associated to them. 2021-03-08 20:00:02 +00:00			`# Make sure that the firewall is enabled, even if it's the default.`
			`networking.firewall.enable = true;`
Modularise setup, add hardening config 2019-08-11 19:53:02 +01:00
modules/nixos/common: add initrd emergencyAccess 2024-07-25 20:37:35 +10:00			`# allow to access emergency shell with a password`
			`boot.initrd.systemd.emergencyAccess = "$6$he2fblfl/H7I.kvz$WbSCMXu8ztmqfj5jG4czqvu/rkMHxufxqHgy1urzXFSN.jZB4QiW5lOjR08vk8pZTyim3TT1wFkMaNE9zZ3sc1";`

roles/security: only allow ssh_host_ed25519_key 2023-04-25 10:21:07 +10:00			`services.openssh = {`
			`hostKeys = [`
format tree 2024-07-24 19:05:26 +10:00			`{`
			`path = "/etc/ssh/ssh_host_ed25519_key";`
			`type = "ed25519";`
			`}`
roles/security: only allow ssh_host_ed25519_key 2023-04-25 10:21:07 +10:00			`];`
			`};`
Modularise setup, add hardening config 2019-08-11 19:53:02 +01:00			`}`
No results found.