summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2018-04-05 12:50:05 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2018-04-05 12:50:05 +0200
commit84a37a8ef41712840e1a2462b6edc6eab56346d5 (patch)
tree25ddc07fe842d53602da1a1d000f8b0db80cc2bf
parentf32b865802509c11b534917a25fbe762ca7c7f08 (diff)
downloadnixos-84a37a8ef41712840e1a2462b6edc6eab56346d5.tar
nixos-84a37a8ef41712840e1a2462b6edc6eab56346d5.tar.gz
nixos-84a37a8ef41712840e1a2462b6edc6eab56346d5.tar.bz2
nixos-84a37a8ef41712840e1a2462b6edc6eab56346d5.tar.xz
nixos-84a37a8ef41712840e1a2462b6edc6eab56346d5.zip
More stuff on odin
-rw-r--r--odin.nix32
-rw-r--r--ymir.nix8
2 files changed, 26 insertions, 14 deletions
diff --git a/odin.nix b/odin.nix
index 447566a7..24129d38 100644
--- a/odin.nix
+++ b/odin.nix
@@ -39,7 +39,17 @@
39 39
40 programs.zsh.enable = true; 40 programs.zsh.enable = true;
41 41
42 services.openssh.enable = true; 42 services.openssh = {
43 enable = true;
44 passwordAuthentication = false;
45 challengeResponseAuthentication = false;
46 extraConfig = ''
47 AllowGroups ssh
48 '';
49 };
50 users.groups."ssh" = {
51 members = ["root"];
52 };
43 53
44 networking.firewall = { 54 networking.firewall = {
45 enable = true; 55 enable = true;
@@ -57,9 +67,19 @@
57 openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles; 67 openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles;
58 }; 68 };
59 69
60 # This value determines the NixOS release with which your system is to be 70 services.journald = {
61 # compatible, in order to avoid breaking some software such as database 71 rateLimitBurst = 0;
62 # servers. You should change this only after NixOS release notes say you 72 };
63 # should. 73
64 system.stateVersion = "18.09"; # Did you read the comment? 74 services.haveged.enable = true;
75
76 system.autoUpgrade.enable = true;
77 system.stateVersion = "18.09";
78
79 systemd.services."nixos-upgrade" = {
80 path = with pkgs; [ git ];
81 preStart = ''
82 git -C /etc/nixos pull --recurse-submodules
83 '';
84 };
65} 85}
diff --git a/ymir.nix b/ymir.nix
index 0f8e36a0..7f582980 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -209,10 +209,6 @@ in rec {
209 openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles; 209 openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles;
210 }; 210 };
211 211
212 services.ntp = {
213 enable = false;
214 };
215
216 # List services that you want to enable: 212 # List services that you want to enable:
217 213
218 services.openssh = { 214 services.openssh = {
@@ -243,10 +239,6 @@ in rec {
243 ]; 239 ];
244 }; 240 };
245 241
246 services.timesyncd = {
247 enable = true;
248 };
249
250 services.journald = { 242 services.journald = {
251 rateLimitBurst = 0; 243 rateLimitBurst = 0;
252 }; 244 };