users.extraUsers.root.openssh.authorizedKeys.keys = [ config.myEnv.sshd.rootKeys.nix_repository ];
secrets.deleteSecretsVars = true;
- secrets.gpgKeys = [
- ./public_keys/Immae.pub
- ];
secrets.secretsVars = "/run/keys/vars.yml";
services.openssh.enable = true;
[
(self: super: {
postgresql = self.postgresql_pam;
- mariadb = self.mariadb_106.overrideAttrs(old: {
+ mariadb = self.mariadb_1011.overrideAttrs(old: {
passthru = old.passthru // { mysqlVersion = "5.7"; };
});
}) # don’t put them as generic overlay because of home-manager
'';
users.groups.acme.gid = myuids.lib.gids.acme;
- users.users =
- builtins.listToAttrs (map (x: lib.attrsets.nameValuePair x.name ({
- isNormalUser = true;
- home = "/home/${x.name}";
- createHome = true;
- linger = true;
- # Enable in latest unstable homeMode = "755";
- } // x)) (config.hostEnv.users pkgs))
- // {
- acme.uid = myuids.lib.uids.acme;
- };
+ users.users.acme.uid = myuids.lib.uids.acme;
environment.systemPackages = [
pkgs.inetutils
pkgs.htop
pkgs.iftop
pkgs.bind.dnsutils
pkgs.httpie
+ pkgs.iptables
pkgs.iotop
pkgs.whois
pkgs.ngrep
pkgs.rsync
pkgs.strace
pkgs.sqlite
+ pkgs.unzip
pkgs.jq
pkgs.yq
};
services.fail2ban.jails.DEFAULT = {
- settings.bantime = "12h";
+ settings.bantime = lib.mkForce "12h";
settings.findtime = "12h";
};
services.fail2ban = {