diff --git a/nix/nixos-modules/default.nix b/nix/nixos-modules/default.nix index 72900df..e0e8cae 100644 --- a/nix/nixos-modules/default.nix +++ b/nix/nixos-modules/default.nix @@ -9,6 +9,7 @@ ./pin-nixpkgs.nix ./pulseaudio.nix ./vault-agent.nix + ./vps-remote-access.nix ./sshd-emacs.nix ./xserver ../hardware/default.nix diff --git a/nix/systems/oci-nixos.nix b/nix/systems/oci-nixos.nix index be6257c..2a18d08 100644 --- a/nix/systems/oci-nixos.nix +++ b/nix/systems/oci-nixos.nix @@ -16,9 +16,13 @@ inputs: { pins = inputs; overlays = inputs.self.overlays; - hardware."${hostName}" = true; + hardware.${hostName} = true; flakes.enable = true; - sshdEmacs = true; + sshdEmacs.enable = true; + vpsRemoteAccess = + { enable = true; + trustedWheel = true; + }; }; users.groups.nix-cache = @@ -39,10 +43,6 @@ inputs: { [ pkgs.git ]; services.openssh = { - enable = true; - passwordAuthentication = true; - permitRootLogin = "no"; - extraConfig = '' Match User nix-cache ChrootDirectory /var/nix-cache diff --git a/nix/systems/toothpick.nix b/nix/systems/toothpick.nix index 8c49d03..0ce2c49 100644 --- a/nix/systems/toothpick.nix +++ b/nix/systems/toothpick.nix @@ -11,13 +11,12 @@ inputs: { hardware.toothpick = true; flakes.enable = true; sshdEmacs.enable = true; + vpsRemoteAccess = + { enable = true; + trustedWheel = true; + }; }; - nix.trustedUsers = - [ "@wheel" ]; - - services.openssh.enable = true; - environment.systemPackages = [ pkgs.git pkgs.envoy @@ -42,9 +41,9 @@ inputs: { services.nfs.server.enable = true; # create default network with `podman -r network create default` - virtualisation.podman = { - enable = true; - }; + # virtualisation.podman = { + # enable = true; + # }; virtualisation.docker = { enable = true; @@ -361,7 +360,7 @@ inputs: { } # thy - main { publicKey = - "t04ttCF+EaiAcCKbJh/Z+QR0FCspmGe4BpUbKp2t+Co="; + "dEwoaWN1CiCorGwogggUNhbNsXvfYgfw7GqFxvSKGBk="; allowedIPs = [ "10.64.0.6/32" ]; }