2 files changed, 26 insertions, 14 deletions
diff --git a/odin.nix b/odin.nix
index 447566a7..24129d38 100644
--- a/odin.nix
+++ b/odin.nix
@@ -39,7 +39,17 @@
  programs.zsh.enable = true;
-  services.openssh.enable = true;
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+    challengeResponseAuthentication = false;
+    extraConfig = ''
+      AllowGroups ssh
+    '';
+  };
+  users.groups."ssh" = {
+    members = ["root"];
+  };
  networking.firewall = {
    enable = true;
@@ -57,9 +67,19 @@
      openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles;
    };
-  # This value determines the NixOS release with which your system is to be
+  services.journald = {
-  # compatible, in order to avoid breaking some software such as database
+    rateLimitBurst = 0;
-  # servers. You should change this only after NixOS release notes say you
+  };
-  # should.
-  system.stateVersion = "18.09"; # Did you read the comment?
+  services.haveged.enable = true;
+  system.autoUpgrade.enable = true;
+  system.stateVersion = "18.09";
+  systemd.services."nixos-upgrade" = {
+    path = with pkgs; [ git ];
+    preStart = ''
+      git -C /etc/nixos pull --recurse-submodules
+    '';
+  };
 }
diff --git a/ymir.nix b/ymir.nix
index 0f8e36a0..7f582980 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -209,10 +209,6 @@ in rec {
        openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles;
      };
-  services.ntp = {
-    enable = false;
-  };
  # List services that you want to enable:
  services.openssh = {
@@ -243,10 +239,6 @@ in rec {
              ];
  };
-  services.timesyncd = {
-    enable = true;
-  };
  services.journald = {
    rateLimitBurst = 0;
  };

diff --git a/odin.nix b/odin.nix index 447566a7..24129d38 100644 --- a/odin.nix +++ b/odin.nix
@@ -39,7 +39,17 @@
39		39
40	programs.zsh.enable = true;	40	programs.zsh.enable = true;
41		41
42	services.openssh.enable = true;	42	services.openssh = {
		43	enable = true;
		44	passwordAuthentication = false;
		45	challengeResponseAuthentication = false;
		46	extraConfig = ''
		47	AllowGroups ssh
		48	'';
		49	};
		50	users.groups."ssh" = {
		51	members = ["root"];
		52	};
43		53
44	networking.firewall = {	54	networking.firewall = {
45	enable = true;	55	enable = true;
@@ -57,9 +67,19 @@
57	openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles;	67	openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles;
58	};	68	};
59		69
60	# This value determines the NixOS release with which your system is to be	70	services.journald = {
61	# compatible, in order to avoid breaking some software such as database	71	rateLimitBurst = 0;
62	# servers. You should change this only after NixOS release notes say you	72	};
63	# should.	73
64	system.stateVersion = "18.09"; # Did you read the comment?	74	services.haveged.enable = true;
		75
		76	system.autoUpgrade.enable = true;
		77	system.stateVersion = "18.09";
		78
		79	systemd.services."nixos-upgrade" = {
		80	path = with pkgs; [ git ];
		81	preStart = ''
		82	git -C /etc/nixos pull --recurse-submodules
		83	'';
		84	};
65	}	85	}


diff --git a/ymir.nix b/ymir.nix index 0f8e36a0..7f582980 100644 --- a/ymir.nix +++ b/ymir.nix
@@ -209,10 +209,6 @@ in rec {
209	openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles;	209	openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles;
210	};	210	};
211		211
212	services.ntp = {
213	enable = false;
214	};
215
216	# List services that you want to enable:	212	# List services that you want to enable:
217		213
218	services.openssh = {	214	services.openssh = {
@@ -243,10 +239,6 @@ in rec {
243	];	239	];
244	};	240	};
245		241
246	services.timesyncd = {
247	enable = true;
248	};
249
250	services.journald = {	242	services.journald = {
251	rateLimitBurst = 0;	243	rateLimitBurst = 0;
252	};	244	};