tasiaiso/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

test 2fa

Browse source
This commit is contained in:
Tasia Iso 2024-04-24 12:34:43 +02:00
parent 22b888aeba
commit 409d5f46ee
Signed by: tasiaiso
SSH key fingerprint: SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw
5 changed files with 41 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
common/hardware/amdgpu.nix Normal file
View file

@ -0,0 +1,22 @@
{pkgs, ...}: {
boot = {
initrd.kernelModules = ["amdgpu"];
# params for Sea Islands or smth
kernelParams = ["radeon.cik_support=0" "amdgpu.cik_support=1"];
};
hardware.opengl = {
enable = true;
## radv: an open-source Vulkan driver from freedesktop
driSupport = true;
driSupport32Bit = true;
## amdvlk: an open-source Vulkan driver from AMD
extraPackages = [pkgs.amdvlk];
extraPackages32 = [pkgs.driversi686Linux.amdvlk];
};
services.xserver.videoDrivers = ["amdgpu"];
}

13
common/services/sshd.nix
View file

@ -1,4 +1,4 @@
{ {pkgs, ...}: {
# Hardened OpenSSH server # Hardened OpenSSH server
# Resources: # Resources:
# https://cyber.gouv.fr/en/publications/openssh-secure-use-recommendations (2015) # https://cyber.gouv.fr/en/publications/openssh-secure-use-recommendations (2015)
@ -10,9 +10,13 @@
settings = { settings = {
PermitRootLogin = "no"; PermitRootLogin = "no";
AllowUsers = [ "user" "tasia" ];
# Public key authentiation only # Public key authentiation only
PasswordAuthentication = false; PasswordAuthentication = false;
ChallengeResponseAuthentication = false; ChallengeResponseAuthentication = false;
KbdInteractiveAuthentication = true;
}; };
extraConfig = '' extraConfig = ''
# Only allow SSH v2 # Only allow SSH v2
@ -39,6 +43,13 @@
AuthenticationMethods publickey AuthenticationMethods publickey
''; '';
}; };
security.pam = {
services.sshd.googleAuthenticator.enable = true;
};
environment.systemPackages = with pkgs; [
google-authenticator
];
} }
# ssh R6: StrictHostKeyChecking ask # ssh R6: StrictHostKeyChecking ask

7
dotfiles/.bashrc
View file

@ -2,10 +2,9 @@ export XDG_DATA_HOME="$HOME/.local/share"
if [[ -n $SSH_CONNECTION ]] ; then if [[ -n $SSH_CONNECTION ]] ; then
curl \ curl \
-H "Title: Test" \ -H "Title: New SSH session" \
-H "Priority: high" \ -H "Priority: urgent" \
-H "Tags: warning" \ -H "Tags: urgent" \
-d "$(cat /etc/hostname ): ssh session ($SSH_CONNECTION)" \ -d "$(cat /etc/hostname ): ssh session ($SSH_CONNECTION)" \
ntfy.sh/tasiaiso_alerts &> /dev/null ntfy.sh/tasiaiso_alerts &> /dev/null
fi fi

4
dotfiles/.zshrc
View file

@ -2,8 +2,8 @@ export XDG_DATA_HOME="$HOME/.local/share"
if [[ -n $SSH_CONNECTION ]] ; then if [[ -n $SSH_CONNECTION ]] ; then
curl \ curl \
-H "Title: Test" \ -H "Title: New SSH session" \
-H "Priority: high" \ -H "Priority: urgent" \
-H "Tags: urgent" \ -H "Tags: urgent" \
-d "$(cat /etc/hostname ): ssh session ($SSH_CONNECTION)" \ -d "$(cat /etc/hostname ): ssh session ($SSH_CONNECTION)" \
ntfy.sh/tasiaiso_alerts &> /dev/null ntfy.sh/tasiaiso_alerts &> /dev/null

2
hosts/new-phoenix/configuration.nix
View file

@ -26,6 +26,7 @@ in {
hostName = "phoenix"; hostName = "phoenix";
firewall.allowedTCPPorts = [ firewall.allowedTCPPorts = [
# 8384 # syncthing web UI
12345 # tildefriends 12345 # tildefriends
13378 # audiobookshelf 13378 # audiobookshelf
]; ];
@ -45,6 +46,7 @@ in {
services.syncthing = { services.syncthing = {
dataDir = lib.mkForce "/home/user"; dataDir = lib.mkForce "/home/user";
configDir = lib.mkForce "/data/sync/configuration/"; configDir = lib.mkForce "/data/sync/configuration/";
guiAddess = "0.0.0.0:8384";
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [