1 files changed, 26 insertions, 6 deletions
diff --git a/odin.nix b/odin.nix
index 447566a7..24129d38 100644
--- a/odin.nix
+++ b/odin.nix
@@ -39,7 +39,17 @@
  programs.zsh.enable = true;
-  services.openssh.enable = true;
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+    challengeResponseAuthentication = false;
+    extraConfig = ''
+      AllowGroups ssh
+    '';
+  };
+  users.groups."ssh" = {
+    members = ["root"];
+  };
  networking.firewall = {
    enable = true;
@@ -57,9 +67,19 @@
      openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles;
    };
-  # This value determines the NixOS release with which your system is to be
+  services.journald = {
-  # compatible, in order to avoid breaking some software such as database
+    rateLimitBurst = 0;
-  # servers. You should change this only after NixOS release notes say you
+  };
-  # should.
-  system.stateVersion = "18.09"; # Did you read the comment?
+  services.haveged.enable = true;
+  system.autoUpgrade.enable = true;
+  system.stateVersion = "18.09";
+  systemd.services."nixos-upgrade" = {
+    path = with pkgs; [ git ];
+    preStart = ''
+      git -C /etc/nixos pull --recurse-submodules
+    '';
+  };
 }

diff --git a/odin.nix b/odin.nix index 447566a7..24129d38 100644 --- a/odin.nix +++ b/odin.nix
@@ -39,7 +39,17 @@
39		39
40	programs.zsh.enable = true;	40	programs.zsh.enable = true;
41		41
42	services.openssh.enable = true;	42	services.openssh = {
		43	enable = true;
		44	passwordAuthentication = false;
		45	challengeResponseAuthentication = false;
		46	extraConfig = ''
		47	AllowGroups ssh
		48	'';
		49	};
		50	users.groups."ssh" = {
		51	members = ["root"];
		52	};
43		53
44	networking.firewall = {	54	networking.firewall = {
45	enable = true;	55	enable = true;
@@ -57,9 +67,19 @@
57	openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles;	67	openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles;
58	};	68	};
59		69
60	# This value determines the NixOS release with which your system is to be	70	services.journald = {
61	# compatible, in order to avoid breaking some software such as database	71	rateLimitBurst = 0;
62	# servers. You should change this only after NixOS release notes say you	72	};
63	# should.	73
64	system.stateVersion = "18.09"; # Did you read the comment?	74	services.haveged.enable = true;
		75
		76	system.autoUpgrade.enable = true;
		77	system.stateVersion = "18.09";
		78
		79	systemd.services."nixos-upgrade" = {
		80	path = with pkgs; [ git ];
		81	preStart = ''
		82	git -C /etc/nixos pull --recurse-submodules
		83	'';
		84	};
65	}	85	}