diff --git a/.ssh/guz.pub b/.ssh/guz.pub new file mode 100644 index 0000000..a5a1399 --- /dev/null +++ b/.ssh/guz.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICA6bcTagMSci1oHpXuq8w3LQ7eaR80yjYrjidkIGv3M spacestation login diff --git a/configuration.nix b/configuration.nix index e4707c2..94e15c6 100644 --- a/configuration.nix +++ b/configuration.nix @@ -32,6 +32,9 @@ home = "/home/guz"; isNormalUser = true; extraGroups = ["wheel" "networkmanager" "plugdev" "docker"]; + openssh.authorizedKeys.keyFiles = [ + ./.ssh/guz.pub + ]; }; home-manager.users."guz" = import ./homes/guz.nix; @@ -64,10 +67,10 @@ hostName = "spacestation"; wireless.enable = false; dhcpcd.enable = true; - defaultGateway = "192.168.1.1"; + defaultGateway = "${config.spacestation-secrets.lesser.devices.defaultGateway}"; interfaces."eno1".ipv4.addresses = [ { - address = "192.168.1.10"; + address = "${config.spacestation-secrets.lesser.devices.spacestation}"; prefixLength = 24; } ]; @@ -75,6 +78,10 @@ }; services.openssh.enable = true; + services.openssh.settings = { + PasswordAuthentication = false; + PermitRootLogin = "forced-commands-only"; + }; security.rtkit.enable = true; diff --git a/secrets/spacestation.lesser.json b/secrets/spacestation.lesser.json index a4f234a..dc0bd23 100644 --- a/secrets/spacestation.lesser.json +++ b/secrets/spacestation.lesser.json @@ -3,6 +3,10 @@ "device-ip": "ENC[AES256_GCM,data:Ed6hS/9F52UGVLpAyw==,iv:sg9iVEmZxA2lNJoc0xwLRyDzoF1Cy48wp9CQf3zOOzQ=,tag:77RYGvjgw0QdZUsPcqVTvA==,type:str]", "homelab-domain": "ENC[AES256_GCM,data:XkgOP94q3gBknoGzcA==,iv:pKnrjhi9VnW0xWIEQfnxV+wb/iNxT/TFs07K9/NW8sU=,tag:N2sGj5lTCJHFBpI9baja9Q==,type:str]", "cloudflare-funnel": "ENC[AES256_GCM,data:bUGjnOkfGZaXV7htm0QotjMRs9fMXRQ1zR+KMLicBfYSpEj6rlrg8zos4eGXfueYvHbL/+kgtG+ncmmWCClHyVVeF7lJFykzu0/x/EVf7ia0p451CghfXJ0uJPoH03S42zru/B2OfF0nyatXdknd6s6mn6vsO7eT37OzjFANB51nhPTX+rYi+TAdN9CRVp11TwGcY6ag9jDKo/AbsFPrmwasSXELeYFnNNkI78+4uPeusYoRFhn/uA==,iv:TgaFg5nCc0DDiVI28Fk8OHJ+cJjd90eTt6kKVgzT7mQ=,tag:kEFXsDqSbfq+z3ayDmofow==,type:str]", + "devices": { + "defaultGateway": "ENC[AES256_GCM,data:0/7uxwYJi65l3fw=,iv:LH5/6P8uKphBpiRCTUJuTe99qJuExn0TNOlmEO9CtY0=,tag:4hnscOeIYbH97SGqz/gPGA==,type:str]", + "spacestation": "ENC[AES256_GCM,data:4Sv2ukbvy7R5MZn4,iv:f6I57L1dGHVSIravgpK8Ui4fbw0y60mdjCjAl+L55v4=,tag:qF749Etc7PxK8lG5GfTpyw==,type:str]" + }, "services": { "adguard": { "domain": "ENC[AES256_GCM,data:HBSOMhBmEGjzmAtXiulXDcDzWbUD,iv:NcL5I//0buHgMtZX4BEv2i66pYsZAZkLBWfZDe8tWhg=,tag:5f3y6wjCAjiD7qTxwx0ltA==,type:str]", @@ -54,8 +58,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnL3dCY1VLMmoxRFRmS0Ir\nV0ppTnI0RE5ZMjcvRGNPWkNxWFdJYTBDTG00ClRGQkh1UStGTmc0RE5aNy9nL3FI\nbHJIa3hLR0ZkTjd6WkFzOFkzeFdMNUEKLS0tIDBidk93Qy9LenFlSGZ2aEpuTUFt\nWVM2eS9UdXAvbzE4eEdKMjVEM3RLdm8KKeIhk+YOKVL9Y19lLyb6/Pxv8rbewK2e\nLm96jx+LOMOCFcQGxuFKWqQbTB4br/cPvRKSY5jFmFWqVg7pCPTAzQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2024-09-18T01:25:20Z", - "mac": "ENC[AES256_GCM,data:f7KDdiyhcRpGFwVJIs/AU5t++1cQnHxr1kBJTAcZ7v0TTIqjVMwXd6JtcEX8p6voiTXbj+/pVJ0d0ucy6BZdnC8f97wnRpVUlsogeWGfotQCamfrqqa8NTNrg9uMeZqZefPDE5OikCPeyP7fyhJzbm6FmgZEcwsp4o3YefXwqxA=,iv:UzfDPzkNJGlgOF/eJAeekYKV7j50CK6p8EC2LflLoGI=,tag:0yQ0mXl9vBbwReXCuhWWHQ==,type:str]", + "lastmodified": "2024-10-01T22:30:14Z", + "mac": "ENC[AES256_GCM,data:hUuc7hWvuNneU0zhHfXbIXarBjmavUB6a6q4BP7go9NTPXhmCLOr6ey/Lm2nhaTA4ahd8ZxrraiWGFpC5FzblKzR70VKUDX9YqJiu1m6RraMGmnhP+sa8HgwvnPsxvkS2WuKei6t+fbfyKl1fn1S8P4F6rFvNlTmbNubDcSOgxs=,iv:ojAqKDdcvpGIZ/k/5fwuwwjsofIzTu63VUp5gsGJLZA=,tag:MYypOSWk1b6VWYBoJNPzQA==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.9.0"