diff --git a/common/ssh-keys.nix b/common/ssh-keys.nix new file mode 100644 index 0000000..1140004 --- /dev/null +++ b/common/ssh-keys.nix @@ -0,0 +1,4 @@ +[ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDmUSRs2akTTWtiaCcB5PNaLFJlwZmvD8YEZp2R4SQ56gj1xddZ0QP8XQIqRd6cmkaGzS9QzNpo03mlaOUTItFarp+OJh7oe9DcqpLR7+30mdLJgmYC6SOm/Upm9jZbl+YVuRbCWUXJ8pgKeJ+GseiKUx/3nPFPJ17Z7xV1GwPBVDxE4F3TVF/JFn6NYE0NF0I35lYUT8JOrmr7r2+VYBt9Pbqta7G6afTl4ETX/pDDiEHQAsf5dUvF/FdAUp50DMVqC81xPlx/ajMzI4thssA8CkUDZdns7WhWSvDuyCz6bRZhnBqJ0oM9clhljhVq7eAScAEH4mM0XEexlE5NUmGqLZJT7NZIX+SRhxtKMTZBY3y6w6cxgNMo8lAhp0d1mlSmBEB1cvlCr38ZtcAyYA1m3vHwnJ4vsbCxxGZeTyLY+mZC4dFcSSyc+P3DtxBle7q6F/Qc9K53I454YsUVHTzD/K1A6r75/6igQBKEoGScVQX5qFLFWOu0k1hOEV3mT3jzP48l5iEz6whdO0EKbHJT3vvM+vj3zLzJ9YeSTDbxTE0AhMNt17yICB/vX1Fi/SwlwjYgUQnwiKbqkOaT5ZTxcqcv3x0EyTdq43J1TEWcAKUW7nlcQ9rwJnwg6MfUKE/cawwPUqGp8WTbavX4/IX/k+jQsuI9XvZ9Y96ilLhTRw== openpgp:0xD85CD295" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFemc4Pzp7I0y8FHxgRO/c/ReBmXuqXR6CWqbhiQ+0t noa@Noas_flaptop" +] diff --git a/hosts/lambdaos/configuration.nix b/hosts/lambdaos/configuration.nix index 41f564f..c16ba8f 100644 --- a/hosts/lambdaos/configuration.nix +++ b/hosts/lambdaos/configuration.nix @@ -75,9 +75,7 @@ description = "Noa Aarts"; extraGroups = [ "networkmanager" "wheel" "docker" "wireshark" "dialout" ]; hashedPassword = "$6$rounds=512400$Zip3xoK2zcoR4qEL$N13YTHO5tpWfx2nKb1sye.ZPwfoRtMQ5f3YrMZqKzzoFoSSHHJ.l5ulCEa9HygFxZmBtPnwlseFEtl8ERnwF50"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFemc4Pzp7I0y8FHxgRO/c/ReBmXuqXR6CWqbhiQ+0t noa@Noas_flaptop" - ]; + openssh.authorizedKeys.keys = import ../../common/ssh-keys.nix; }; }; @@ -205,12 +203,6 @@ pulse.enable = true; jack.enable = true; }; - nix-serve = { - enable = true; - secretKeyFile = "/var/cache-priv-key.pem"; - bindAddress = "127.0.0.1"; - port = 22332; - }; fail2ban.enable = true; greetd = { enable = false; @@ -250,28 +242,6 @@ }; flatpak.enable = true; udev.packages = [ pkgs.yubikey-personalization ]; - nginx = - { - enable = true; - package = pkgs.nginx.override { - modules = [ pkgs.nginxModules.brotli ]; - }; - - - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedBrotliSettings = true; - sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - - virtualHosts = { - - "lambdaos" = { - locations."/".proxyPass = "http://127.0.0.1:22332"; - }; - - }; - }; }; systemd = { @@ -345,7 +315,6 @@ # Open ports in the firewall. networking.firewall.allowedTCPPorts = [ - 80 # nix-serve 53317 # Localsend 7791 # Pixelflut 38281 # Archipelago diff --git a/hosts/muos/configuration.nix b/hosts/muos/configuration.nix index b2507e5..09d378c 100644 --- a/hosts/muos/configuration.nix +++ b/hosts/muos/configuration.nix @@ -63,9 +63,7 @@ description = "Noa Aarts"; extraGroups = [ "networkmanager" "wheel" "docker" "wireshark" ]; hashedPassword = "$6$rounds=512400$Zip3xoK2zcoR4qEL$N13YTHO5tpWfx2nKb1sye.ZPwfoRtMQ5f3YrMZqKzzoFoSSHHJ.l5ulCEa9HygFxZmBtPnwlseFEtl8ERnwF50"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFemc4Pzp7I0y8FHxgRO/c/ReBmXuqXR6CWqbhiQ+0t noa@Noas_flaptop" - ]; + openssh.authorizedKeys.keys = import ../../common/ssh-keys.nix; }; }; diff --git a/hosts/nuos/configuration.nix b/hosts/nuos/configuration.nix index a9acbbd..bb967b7 100644 --- a/hosts/nuos/configuration.nix +++ b/hosts/nuos/configuration.nix @@ -40,14 +40,16 @@ noa = { isNormalUser = true; extraGroups = [ "networkmanager" "wheel" "docker" "libvirt" ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDmUSRs2akTTWtiaCcB5PNaLFJlwZmvD8YEZp2R4SQ56gj1xddZ0QP8XQIqRd6cmkaGzS9QzNpo03mlaOUTItFarp+OJh7oe9DcqpLR7+30mdLJgmYC6SOm/Upm9jZbl+YVuRbCWUXJ8pgKeJ+GseiKUx/3nPFPJ17Z7xV1GwPBVDxE4F3TVF/JFn6NYE0NF0I35lYUT8JOrmr7r2+VYBt9Pbqta7G6afTl4ETX/pDDiEHQAsf5dUvF/FdAUp50DMVqC81xPlx/ajMzI4thssA8CkUDZdns7WhWSvDuyCz6bRZhnBqJ0oM9clhljhVq7eAScAEH4mM0XEexlE5NUmGqLZJT7NZIX+SRhxtKMTZBY3y6w6cxgNMo8lAhp0d1mlSmBEB1cvlCr38ZtcAyYA1m3vHwnJ4vsbCxxGZeTyLY+mZC4dFcSSyc+P3DtxBle7q6F/Qc9K53I454YsUVHTzD/K1A6r75/6igQBKEoGScVQX5qFLFWOu0k1hOEV3mT3jzP48l5iEz6whdO0EKbHJT3vvM+vj3zLzJ9YeSTDbxTE0AhMNt17yICB/vX1Fi/SwlwjYgUQnwiKbqkOaT5ZTxcqcv3x0EyTdq43J1TEWcAKUW7nlcQ9rwJnwg6MfUKE/cawwPUqGp8WTbavX4/IX/k+jQsuI9XvZ9Y96ilLhTRw== openpgp:0xD85CD295" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFemc4Pzp7I0y8FHxgRO/c/ReBmXuqXR6CWqbhiQ+0t noa@Noas_flaptop" - ]; hashedPassword = "$6$rounds=512400$g/s4dcRttXi4ux6c$Z6pKnhJXcWxv0TBSMtvJu5.piETdUBSgBVN7oDPKiQV.lbTYz1r.0XQLwMYxzcvaaX0DL6Iw/SEUTiC2M50wC/"; + openssh.authorizedKeys.keys = import ../../common/ssh-keys.nix; }; }; + nix.sshServe = { + enable = true; + keys = import ../../common/ssh-keys.nix; + }; + # Allow unfree packages nixpkgs.config.allowUnfree = true; @@ -230,18 +232,6 @@ }; }; - "locked.itepastra.nl" = { - forceSSL = true; - useACMEHost = "itepastra.nl"; - extraConfig = extra; - - locations."/" = { - proxyWebsockets = true; - proxyPass = "http://192.168.42.5:9000/"; - }; - - }; - "calendar.itepastra.nl" = proxy "itepastra.nl" "http://[::1]:29341"; }; };