From 7ec851253141d95868a9592671d3c263ef0a58b5 Mon Sep 17 00:00:00 2001 From: jacekpoz Date: Sun, 25 Aug 2024 22:33:45 +0200 Subject: [PATCH] add olm to insecure packages on da server (for some reason) --- hosts/chmura/configuration.nix | 8 +++++++- hosts/del/ssh.nix | 1 + hosts/niks/ssh.nix | 1 + modules/services/ssh.nix | 7 ++++++- 4 files changed, 15 insertions(+), 2 deletions(-) diff --git a/hosts/chmura/configuration.nix b/hosts/chmura/configuration.nix index db6cf7e..fb4239e 100644 --- a/hosts/chmura/configuration.nix +++ b/hosts/chmura/configuration.nix @@ -5,6 +5,9 @@ inherit (config.poz.other.system) username; in { nixpkgs = { + permittedInsecurePackages = [ + "olm-3.2.16" + ]; # fuck broadcom config.allowUnfree = true; }; @@ -65,7 +68,10 @@ in { services = { ssh = { agent.enable = false; - daemon.enable = true; + daemon = { + enable = true; + ports = [ 7312 ]; + }; }; syncthing.enable = true; }; diff --git a/hosts/del/ssh.nix b/hosts/del/ssh.nix index 02c42a2..12cadcb 100644 --- a/hosts/del/ssh.nix +++ b/hosts/del/ssh.nix @@ -7,6 +7,7 @@ chmura = { hostName = "192.168.15.2"; publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZLEWp9DsF9znp3W6uqP23yMFd8QQs0CmNKTKTanbfRYOqRWw0Jpuryxg7rTU8ioRM5L4zpIqu/v+pt9x76UsWTlFqjk9S35M1g0Kb2QN3czMJj5uA4jtFh47H8+hfBHm2RelPCcJCSmkR9gDa3XcrxlcC642yU4LTObHeHZg0yUDhUwKS8AdybxkPlmXPZ+UPEphq0CIBxU9mnieQMbQtMFnjEnNMDZJnP4BUF/XuWeHwh8yBttlL+hS37aI3hQYwGd5zdkSD9RWha10Nandlmt6+io6KYQgJxRK0c27i2jO7cmEMOz0h/ZnwHpTtRD9ifDTXuWN9l8+prAxsbC9pBsiDHqZ9ESHq7DzvqIeeyrQT0iHDoOPfB2PPCFJZlkFiM7hsWwkMc5Jaol9SjjH1a+B/+BvNGAQDWt1JIZzwE6T9RVQdGph6GMDS4o3gW3Hd8hyVdFhwD5xTJ567SntqsJdhzGH9HU5ybya3MG0WTWw3dLI0aMv/eAWSRx+7ZPE="; + port = 7312; user = "chmura"; }; _chmura = chmura // { hostName = "jacekpoz.pl"; }; diff --git a/hosts/niks/ssh.nix b/hosts/niks/ssh.nix index 02c42a2..12cadcb 100644 --- a/hosts/niks/ssh.nix +++ b/hosts/niks/ssh.nix @@ -7,6 +7,7 @@ chmura = { hostName = "192.168.15.2"; publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZLEWp9DsF9znp3W6uqP23yMFd8QQs0CmNKTKTanbfRYOqRWw0Jpuryxg7rTU8ioRM5L4zpIqu/v+pt9x76UsWTlFqjk9S35M1g0Kb2QN3czMJj5uA4jtFh47H8+hfBHm2RelPCcJCSmkR9gDa3XcrxlcC642yU4LTObHeHZg0yUDhUwKS8AdybxkPlmXPZ+UPEphq0CIBxU9mnieQMbQtMFnjEnNMDZJnP4BUF/XuWeHwh8yBttlL+hS37aI3hQYwGd5zdkSD9RWha10Nandlmt6+io6KYQgJxRK0c27i2jO7cmEMOz0h/ZnwHpTtRD9ifDTXuWN9l8+prAxsbC9pBsiDHqZ9ESHq7DzvqIeeyrQT0iHDoOPfB2PPCFJZlkFiM7hsWwkMc5Jaol9SjjH1a+B/+BvNGAQDWt1JIZzwE6T9RVQdGph6GMDS4o3gW3Hd8hyVdFhwD5xTJ567SntqsJdhzGH9HU5ybya3MG0WTWw3dLI0aMv/eAWSRx+7ZPE="; + port = 7312; user = "chmura"; }; _chmura = chmura // { hostName = "jacekpoz.pl"; }; diff --git a/modules/services/ssh.nix b/modules/services/ssh.nix index de59a2f..2426d9c 100644 --- a/modules/services/ssh.nix +++ b/modules/services/ssh.nix @@ -9,7 +9,7 @@ inherit (lib.meta) getExe'; inherit (lib.modules) mkIf mkMerge; inherit (lib.options) mkEnableOption mkOption; - inherit (lib.types) attrsOf bool nullOr number str submodule; + inherit (lib.types) attrsOf bool listOf nullOr number port str submodule; inherit (lib.strings) concatStrings; inherit (lib.attrsets) mapAttrsToList; @@ -32,6 +32,10 @@ in { default = false; type = bool; }; + ports = mkOption { + description = "ssh ports"; + type = listOf port; + }; }; }; }; @@ -76,6 +80,7 @@ in { (mkIf cfg.daemon.enable { services.openssh = { enable = true; + inherit (cfg.daemon) ports; settings = { PasswordAuthentication = false; PermitRootLogin = "no";