test 2fa
This commit is contained in:
parent
22b888aeba
commit
409d5f46ee
SSH key fingerprint:
SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw
22
common/hardware/amdgpu.nix
Normal file
22
common/hardware/amdgpu.nix
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
{pkgs, ...}: {
|
||||
boot = {
|
||||
initrd.kernelModules = ["amdgpu"];
|
||||
|
||||
# params for Sea Islands or smth
|
||||
kernelParams = ["radeon.cik_support=0" "amdgpu.cik_support=1"];
|
||||
};
|
||||
|
||||
hardware.opengl = {
|
||||
enable = true;
|
||||
|
||||
## radv: an open-source Vulkan driver from freedesktop
|
||||
driSupport = true;
|
||||
driSupport32Bit = true;
|
||||
|
||||
## amdvlk: an open-source Vulkan driver from AMD
|
||||
extraPackages = [pkgs.amdvlk];
|
||||
extraPackages32 = [pkgs.driversi686Linux.amdvlk];
|
||||
};
|
||||
|
||||
services.xserver.videoDrivers = ["amdgpu"];
|
||||
}
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
{
|
||||
{pkgs, ...}: {
|
||||
# Hardened OpenSSH server
|
||||
# Resources:
|
||||
# https://cyber.gouv.fr/en/publications/openssh-secure-use-recommendations (2015)
|
||||
|
|
@ -10,9 +10,13 @@
|
|||
settings = {
|
||||
PermitRootLogin = "no";
|
||||
|
||||
|
||||
AllowUsers = [ "user" "tasia" ];
|
||||
|
||||
# Public key authentiation only
|
||||
PasswordAuthentication = false;
|
||||
ChallengeResponseAuthentication = false;
|
||||
KbdInteractiveAuthentication = true;
|
||||
};
|
||||
extraConfig = ''
|
||||
# Only allow SSH v2
|
||||
|
|
@ -39,6 +43,13 @@
|
|||
AuthenticationMethods publickey
|
||||
'';
|
||||
};
|
||||
|
||||
security.pam = {
|
||||
services.sshd.googleAuthenticator.enable = true;
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
google-authenticator
|
||||
];
|
||||
}
|
||||
# ssh R6: StrictHostKeyChecking ask
|
||||
|
||||
|
|
|
|||
|
|
@ -2,10 +2,9 @@ export XDG_DATA_HOME="$HOME/.local/share"
|
|||
|
||||
if [[ -n $SSH_CONNECTION ]] ; then
|
||||
curl \
|
||||
-H "Title: Test" \
|
||||
-H "Priority: high" \
|
||||
-H "Tags: warning" \
|
||||
-H "Title: New SSH session" \
|
||||
-H "Priority: urgent" \
|
||||
-H "Tags: urgent" \
|
||||
-d "$(cat /etc/hostname ): ssh session ($SSH_CONNECTION)" \
|
||||
ntfy.sh/tasiaiso_alerts &> /dev/null
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@ export XDG_DATA_HOME="$HOME/.local/share"
|
|||
|
||||
if [[ -n $SSH_CONNECTION ]] ; then
|
||||
curl \
|
||||
-H "Title: Test" \
|
||||
-H "Priority: high" \
|
||||
-H "Title: New SSH session" \
|
||||
-H "Priority: urgent" \
|
||||
-H "Tags: urgent" \
|
||||
-d "$(cat /etc/hostname ): ssh session ($SSH_CONNECTION)" \
|
||||
ntfy.sh/tasiaiso_alerts &> /dev/null
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ in {
|
|||
hostName = "phoenix";
|
||||
|
||||
firewall.allowedTCPPorts = [
|
||||
# 8384 # syncthing web UI
|
||||
12345 # tildefriends
|
||||
13378 # audiobookshelf
|
||||
];
|
||||
|
|
@ -45,6 +46,7 @@ in {
|
|||
services.syncthing = {
|
||||
dataDir = lib.mkForce "/home/user";
|
||||
configDir = lib.mkForce "/data/sync/configuration/";
|
||||
guiAddess = "0.0.0.0:8384";
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
|
|
|||
Loading…
Reference in a new issue