diff options
Diffstat (limited to '')
| -rw-r--r-- | modules/nixos/default.nix | 4 | ||||
| -rw-r--r-- | modules/nixos/podman.nix | 13 | ||||
| -rw-r--r-- | modules/nixos/ssh.nix | 21 | ||||
| -rw-r--r-- | profiles/cgroups.nix (renamed from modules/nixos/cgroups.nix) | 0 | ||||
| -rw-r--r-- | profiles/defaults.nix (renamed from modules/nixos/base.nix) | 13 |
5 files changed, 0 insertions, 51 deletions
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index bc5c6de..a3c5d70 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -2,15 +2,11 @@ { imports = [ ./backups.nix - ./base.nix - ./cgroups.nix ./hardware ./home-manager.nix ./nas-client.nix ./nix.nix - ./podman.nix ./remote-unlock.nix - ./ssh.nix ./user.nix ]; } diff --git a/modules/nixos/podman.nix b/modules/nixos/podman.nix deleted file mode 100644 index bd5aa3c..0000000 --- a/modules/nixos/podman.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - virtualisation.podman = { - enable = true; - dockerCompat = true; - autoPrune.enable = true; - autoPrune.flags = [ - "--all" - ]; - defaultNetwork.settings.dns_enabled = true; - }; - - virtualisation.oci-containers.backend = "podman"; -} diff --git a/modules/nixos/ssh.nix b/modules/nixos/ssh.nix deleted file mode 100644 index b4c8772..0000000 --- a/modules/nixos/ssh.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, ... }: -{ - networking.firewall.allowedTCPPorts = [ 22 ]; - - services.openssh = { - enable = lib.mkDefault true; - settings = { - PasswordAuthentication = lib.mkForce false; - KbdInteractiveAuthentication = lib.mkForce false; - - PermitRootLogin = lib.mkForce "prohibit-password"; - }; - openFirewall = lib.mkDefault true; - hostKeys = [ - { - path = "/etc/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - ]; - }; -} diff --git a/modules/nixos/cgroups.nix b/profiles/cgroups.nix index 07dc964..07dc964 100644 --- a/modules/nixos/cgroups.nix +++ b/profiles/cgroups.nix diff --git a/modules/nixos/base.nix b/profiles/defaults.nix index 9ed3abc..7c8a7fb 100644 --- a/modules/nixos/base.nix +++ b/profiles/defaults.nix @@ -39,19 +39,6 @@ dnssec = "false"; }; - services.fail2ban = { - enable = true; - ignoreIP = [ - "10.100.0.0/24" # wireguard - ]; - bantime = "1h"; - bantime-increment = { - enable = true; - maxtime = "168h"; - factor = "4"; - }; - }; - i18n = { defaultLocale = "en_US.UTF-8"; supportedLocales = [ |