ssh-remote
This commit is contained in:
Lilith
parent
56ea69ea23
commit
a22cc6450e
GPG key ID:
8712A0F317C37175
5 changed files with 74 additions and 7 deletions
|
|
@ -1,4 +1,5 @@
|
|||
{...}: {
|
||||
{ ... }:
|
||||
{
|
||||
stylix.targets = {
|
||||
firefox.enable = true;
|
||||
};
|
||||
|
|
|
|||
44
secrets/default.yaml
Normal file
44
secrets/default.yaml
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
ssh:
|
||||
nixremote:
|
||||
public: ENC[AES256_GCM,data:cpgaIleEj+S0AdPnZQ0HeOS44SZNRljSCzi2uzMfA/vb4rmXWPqE+Yh0yG+UD0UThEYmVkZnvK5JNps2lTvp3Dqo92rYLQrn14vFP8yCQMU=,iv:9R5n3yE5yx0JLESRqax2ZWuYFR2XT1Xd882BU/SnAdQ=,tag:IIykViHleEO2lgu1Tjz5pw==,type:str]
|
||||
private: ENC[AES256_GCM,data:7nT/pKf9rfUDQrRgXH/trJ7jv7C+1L71ZiAWK8uKbfYyonHzq3EJZ5hjSiP+9NFa1qoisL3JH/cv5kuDR8FZFLVTv0+oLW55YPD7SOAzVAeL45cnHzgaVvz7CCikve3ZtGHKurqyUcN7MXKDOqwnuQ1tcvzhAmfDBWwbnheUylmokBq20+eivjQ7AGt1lc0e0J2tpEZDdlUOrVFQd0QdoGBGOnadh/yA6fARfZb9oOYryooV1cGhlzoJNQ9/jXEasIDN+GDaNRpvXK5bvWKBNVmNF4QLnt9wJjIVfnpG6IrJJ2yduecgwAFnKj5Gn7NAkJ9RJzE0ysHLWYnIZWm8TGaBaphQLsmd6VJ/47nAiwfAGVoaCWI45lAFwEu9eEdbZn9joQvBFGsE6TEBbjb/JDWSzHFFwFDHNsApIs0w1FN6qEea2BoI6VINgwgzzcyV7XJNPqHd9KFQSSe7eqKAl6OiCGRxrF2pLzTohX/NCDkorkfdDLJ/DlEe+8B+Qe+IGDNtnbzLGDftI+GWYsSyjrUwGXcTSq1meIBB,iv:UBQb9m85xeYioV7VDi5tr7T75MTG9yddBMXASRwvq3A=,tag:1fkwUF1ZuvxNU6ntoXGk0w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1mqw75xvd2gnhx2wsmkr8yctegjfym6xkypwjh82s3yws2glk4vms3cxqaz
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3U1h5dy8xRkc5YUY2Si91
|
||||
dU81eEtjTzVDa2N2My9ycmp1aFRweHcwcTJjClJhY1laNmp5ZG9VN1UwTGdGMVZo
|
||||
N1luQldHNzBYb2dpRGQrbkFwc1V4YUEKLS0tIGxzQU9QUHVzWWt5UnNLT0lYMnpJ
|
||||
TnFFQXNEUDZTdVlOVkV2RVQyaWRRcEUKb/3gZ4lIfWeb6fXcUgdizdG158tpv0hm
|
||||
objc1wG5HjIGiIZoJSvGmI5PnZzmKf8LFjMMfUP2m2JUVpOFKL2baQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1pyav93usza3s363g56687yxh9jmp364w32gs77le7t0cgg7jveyq4zcl6v
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2S0pYL1kwZ2M4VkZWQ3Bl
|
||||
WHdUUDJjOVQ3TkZWRDVGMkJoTnJPWkRWQlM0Cks1SVAwV0M3K3dHRkNHd3JvSEFF
|
||||
QzNCa0ZFWWRLdkhOY0UrZHJNTVFrZEkKLS0tIGtaM2QwK1V3TUxlYkRyWTM3THls
|
||||
endmMkVMRjgvb05ycS9SamFOUk54QVUKB7eaUO/4Ttxjtt3/ZoryQiHeodnTcqHy
|
||||
7Z4xQ21bWqDK3Bw/IaYsMEu1GJ5ZR7KcNENnuoU8wza3ymLv60Xzgw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-17T17:44:37Z"
|
||||
mac: ENC[AES256_GCM,data:ws3pqokNCWVxXgXOFI8mDZQ9XTY1G8WZEEVzk3mD/+ERynLoD4xcPHL5tu3EisPBNIe90olnQy7/FwN8ZOkUl7UWjTPfCOPBqpY8P253YHz5mSdBp3U+9x16nbQHXH2InTzQQwbj7Z2Uz6kzz7Tk8tg8x+zli8lqWwFdpqv7p2k=,iv:Eqw4Q4Yy8/Yq8avXJ3na3lnu275YLvnacjluB++ta54=,tag:FcJDDJtPLm4pCG7ZKWCK0Q==,type:str]
|
||||
pgp:
|
||||
- created_at: "2025-03-17T17:42:02Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DCgMW7d7co2gSAQdA6aDjYqTJFftxYboMahLPLvKcqzy++N+t6iKVR0J0k2sw
|
||||
HroxiisYugH8mXue6VkCprlXiNt0M61gDLK1EeiUpN3FqqTxkKiKzF/kQRTrHJGU
|
||||
0l4BwaRyJyL+2Of0SwmB8rKfeVqSGW/PExZnrRrTRYxqxxaZwqNHqFxlQBC+COBg
|
||||
u/h2KP2NCz5O5Pt1rjPWxlLcz0TsxPH8a4HiBQfmiwM91dowvq+6mWVcwW5NAmf5
|
||||
=EnO5
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 3586D8D6689B9C9ECD598C588712A0F317C37175
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
|
|
@ -1,11 +1,24 @@
|
|||
{...}: {
|
||||
networking.firewall.allowedTCPPorts = [22];
|
||||
{ ... }:
|
||||
{
|
||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||
|
||||
sops.secrets."ssh/nixremote/private" = {
|
||||
sopsFile = ../../secrets/default.yaml;
|
||||
path = "/root/.ssh/nixremote";
|
||||
};
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
ports = [22];
|
||||
ports = [ 22 ];
|
||||
settings = {
|
||||
PermitRootLogin = "no";
|
||||
PasswordAuthentication = false;
|
||||
};
|
||||
extraConfig = ''
|
||||
Host lilith-server-builder
|
||||
HostName 2a01:4f9:4a:1ecb::2
|
||||
User nixremote
|
||||
IdentityFile /root/.ssh/nixremote
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,15 +1,23 @@
|
|||
{ config, lib, ...}: {
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
hyprland,
|
||||
...
|
||||
}:
|
||||
{
|
||||
options.desktop.enable = lib.mkEnableOption "Enable Wayland compositor with hyprland login";
|
||||
|
||||
config = lib.mkIf config.desktop.enable {
|
||||
hardware.graphics.enable = true;
|
||||
|
||||
|
||||
security.polkit.enable = true;
|
||||
security.pam.services.hyprlock = {};
|
||||
security.pam.services.hyprlock = { };
|
||||
|
||||
services.dbus.enable = true;
|
||||
|
||||
programs.hyprland.enable = true;
|
||||
programs.hyprland.package = hyprland.packages.${pkgs.stdenv.system}.hyprland;
|
||||
|
||||
services.greetd = {
|
||||
enable = true;
|
||||
|
|
|
|||
|
|
@ -54,6 +54,7 @@
|
|||
cursor = {
|
||||
package = pkgs.rose-pine-cursor;
|
||||
name = "Rosé Pine";
|
||||
size = 10;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue