Security tweaks for heimdall
This commit is contained in:
parent
3b4014b2f8
commit
02874f0e50
1 changed files with 12 additions and 1 deletions
|
@ -76,9 +76,20 @@
|
||||||
|
|
||||||
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
|
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
|
||||||
|
|
||||||
services.openssh.enable = true;
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
PasswordAuthentication = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
services.tailscale.enable = true;
|
services.tailscale.enable = true;
|
||||||
|
|
||||||
|
security.apparmor = {
|
||||||
|
enable = true;
|
||||||
|
killUnconfinedConfinables = true;
|
||||||
|
};
|
||||||
|
security.protectKernelImage = true;
|
||||||
|
|
||||||
# sops.defaultSopsFile = ./secrets.yaml;
|
# sops.defaultSopsFile = ./secrets.yaml;
|
||||||
# sops.secrets = {
|
# sops.secrets = {
|
||||||
# wireguard_key = { };
|
# wireguard_key = { };
|
||||||
|
|
Loading…
Reference in a new issue