diff --git a/junk.nix b/junk.nix index 231a88f..b8d77d0 100644 --- a/junk.nix +++ b/junk.nix @@ -31,55 +31,43 @@ enable = true; }; + services.fail2ban.enable = true; - # Configure keymap in X11 - # services.xserver.xkb.layout = "us"; - # services.xserver.xkb.options = "eurosign:e,caps:escape"; + containers."jumphost" = { + autoStart = true; + privateNetwork = true; + hostBridge = "br0"; + config = {config, pkgs, lib, ... }: { + networking.useDHCP = lib.mkForce true; + services.endlessh = { + enable = true; + port = 22; + openFirewall = true; + }; + services.openssh = { + enable = true; + ports = [ 2022 ]; + settings.PasswordAuthentication = false; + }; + users.users."jump" = { + name = "jump"; + isNormalUser = true; + }; + }; + }; - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - # sound.enable = true; - # hardware.pulseaudio.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.alice = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # packages = with pkgs; [ - # firefox - # tree - # ]; - # }; - - # List packages installed in system profile. To search, run: - # $ nix search wget - # environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - # ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; + networking.firewall.allowedTCPPorts = [ 53589 ]; + networking.firewall.allowedUDPPorts = [ 9200 ]; # Or disable the firewall altogether. - networking.firewall.enable = false; + networking.firewall.enable = true; + + networking = { + bridges.br0.interfaces = [ "ens3" ]; + useDHCP = false; + interfaces."br0".useDHCP = true; + }; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you diff --git a/private b/private index 06eb2df..6eb8556 160000 --- a/private +++ b/private @@ -1 +1 @@ -Subproject commit 06eb2dfdcac01e4ce8a3baf7348ccf8ebaa0c098 +Subproject commit 6eb855661f87c604ca3c1b4a51eae140d3356356 diff --git a/server.nix b/server.nix index 80e257d..c1d2d87 100644 --- a/server.nix +++ b/server.nix @@ -3,10 +3,6 @@ { services.openssh.enable = true; users.users.root = { - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCnGYYJ8gQfv/lskDeG0DNo4ExgMTMycsg+Fwg4poxzcunQ6OYt+tuzgRuhixU59y2Wt9MFvffZtpE1OkJ/NxHJvvZO0AmXd3YcaKth65SV5AB5pLVLl+9xi/DSfjG8JS7MesnkFcOeXaGiP7j5XztRmiT+jX8Icaz91Yn2pna6S8Lt9RAMxiXQig3qEqA7DYvGl0GTlw6gTHXl9IKnART0v2TjPuio/kZ0brUCl+nFpLRJiUnt4ND5nmhszrvgGA6mshZqqBrYu1zPMIgqWmjVl4p/BrGY8uv8HRtLCvD0NOyXTDhA511ktc1NTVQsX6KjePMYORqdx57heSEvv/eoaroA5+KCTFPxlBKis1M4gLp2rV96EUDYhxnfDgN34hozZWRmgB1ktFH3gz9tby+H8ZPSgp8s+B/6VOjdwKxfy005I3wiyU13BPYOJP1yTLKoL3HVnrUGZ2fSTxkE0dgqxbI/aSoCrQK4NOYnoiQlWcuDd/d36oC5IqtUPAFlPa8= vi@cyberboobs" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCIo5TW9FT+07VuG9bkC0kDo/dcwDmxnvAWqLJG2z6/g6uN4USrGLHeAEPF6w1rh/YwgCv/VivJJF/xYAqld+P3OdoiKF9BuGyyoe+J91obRJ2ad3avK9txRStamdUSuJvXH7L4BCHtgwMWM9DhtXOfT/q2Zv375l7WwDivR/9Tgz8KP+Rld0eN2igkYhKWDJFZhBNnhRUyeqCzvuKk0Rm6z6RKvFyFGx3g/g8HHaaa5QqcttyKc7yPjXlnQ/zbEyksjoHcVz66iM9btWkVkbrIKY7S8sss33kEzbm9mMuvSDG0ZWCJwdetvCbfHSgAhHdR/e2xsd6WvmOjdrbGrY3dasENRqMdTGjcosTsshYTdVC1wyJaxUnHC67EqkOKl6pbEPLc8yKqewUfNwteAluQ9xyDTaJPDszVTr1k7JDruxkO9K5qU3F3DcNQ28I4G5BWAxY7+z4VoGupsvsYdjwn0cUgSHWThXuXk5UTja1jLt2USlDSwt56X0tclZbQdKc= vi@gridlock" - ]; createHome = true; }; environment.systemPackages = with pkgs; [ diff --git a/workstation.nix b/workstation.nix index 6510e9f..81da093 100644 --- a/workstation.nix +++ b/workstation.nix @@ -20,6 +20,7 @@ users.mutableUsers = true; services.gvfs.enable = true; + programs.ssh.startAgent = true; # services.flatpak.enable = true; hardware.sane.enable = true;