Split off vpsRemoteAccess module

Signed-off-by: Magic_RB <magic_rb@redalder.org>
2024-11-26 01:56:13 +01:00 · 2021-07-31 13:21:50 +02:00 · 2021-07-31 13:21:50 +02:00 · 45e7f50e88
parent 87fe56b9ab
commit 45e7f50e88
3 changed files with 15 additions and 15 deletions
--- a/nix/nixos-modules/default.nix
+++ b/nix/nixos-modules/default.nix
@ -9,6 +9,7 @@
    ./pin-nixpkgs.nix
    ./pulseaudio.nix
    ./vault-agent.nix
+    ./vps-remote-access.nix
    ./sshd-emacs.nix
    ./xserver
    ../hardware/default.nix
--- a/nix/systems/oci-nixos.nix
+++ b/nix/systems/oci-nixos.nix
@ -16,9 +16,13 @@ inputs: {
          pins = inputs;
          overlays = inputs.self.overlays;

-          hardware."${hostName}" = true;
+          hardware.${hostName} = true;
          flakes.enable = true;
-          sshdEmacs = true;
+          sshdEmacs.enable = true;
+          vpsRemoteAccess =
+            { enable = true;
+              trustedWheel = true;
+            };
        };

        users.groups.nix-cache =
@ -39,10 +43,6 @@ inputs: {
          [ pkgs.git ];

        services.openssh = {
-          enable = true;
-          passwordAuthentication = true;
-          permitRootLogin = "no";
-
          extraConfig = ''
            Match User nix-cache
              ChrootDirectory /var/nix-cache
--- a/nix/systems/toothpick.nix
+++ b/nix/systems/toothpick.nix
@ -11,13 +11,12 @@ inputs: {
        hardware.toothpick = true;
        flakes.enable = true;
        sshdEmacs.enable = true;
+        vpsRemoteAccess =
+          { enable = true;
+            trustedWheel = true;
+          };
      };

-      nix.trustedUsers =
-        [ "@wheel" ];
-
-      services.openssh.enable = true;
-
      environment.systemPackages =
        [ pkgs.git
          pkgs.envoy
@ -42,9 +41,9 @@ inputs: {
      services.nfs.server.enable = true;

      # create default network with `podman -r network create default`
-      virtualisation.podman = {
-        enable = true;
-      };
+      # virtualisation.podman = {
+      #  enable = true;
+      # };

      virtualisation.docker = {
        enable = true;
@ -361,7 +360,7 @@ inputs: {
              }
              # thy - main
              { publicKey =
-                  "t04ttCF+EaiAcCKbJh/Z+QR0FCspmGe4BpUbKp2t+Co=";
+                  "dEwoaWN1CiCorGwogggUNhbNsXvfYgfw7GqFxvSKGBk=";
                allowedIPs =
                  [ "10.64.0.6/32" ];
              }