From 84a37a8ef41712840e1a2462b6edc6eab56346d5 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 5 Apr 2018 12:50:05 +0200 Subject: More stuff on odin --- odin.nix | 32 ++++++++++++++++++++++++++------ ymir.nix | 8 -------- 2 files changed, 26 insertions(+), 14 deletions(-) diff --git a/odin.nix b/odin.nix index 447566a7..24129d38 100644 --- a/odin.nix +++ b/odin.nix @@ -39,7 +39,17 @@ programs.zsh.enable = true; - services.openssh.enable = true; + services.openssh = { + enable = true; + passwordAuthentication = false; + challengeResponseAuthentication = false; + extraConfig = '' + AllowGroups ssh + ''; + }; + users.groups."ssh" = { + members = ["root"]; + }; networking.firewall = { enable = true; @@ -57,9 +67,19 @@ openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles; }; - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "18.09"; # Did you read the comment? + services.journald = { + rateLimitBurst = 0; + }; + + services.haveged.enable = true; + + system.autoUpgrade.enable = true; + system.stateVersion = "18.09"; + + systemd.services."nixos-upgrade" = { + path = with pkgs; [ git ]; + preStart = '' + git -C /etc/nixos pull --recurse-submodules + ''; + }; } diff --git a/ymir.nix b/ymir.nix index 0f8e36a0..7f582980 100644 --- a/ymir.nix +++ b/ymir.nix @@ -209,10 +209,6 @@ in rec { openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles; }; - services.ntp = { - enable = false; - }; - # List services that you want to enable: services.openssh = { @@ -243,10 +239,6 @@ in rec { ]; }; - services.timesyncd = { - enable = true; - }; - services.journald = { rateLimitBurst = 0; }; -- cgit v1.2.3