erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

Security tweaks for heimdall

Browse source
This commit is contained in:
Erwin Boskma 2023-04-10 23:27:31 +02:00
parent 3b4014b2f8
commit 02874f0e50
Signed by: erwin
SSH key fingerprint: SHA256:9LmFDe1C6jSrEyqxxvX8NtJBmcbB105XoqyUZF092bg
1 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
machines/heimdall/configuration.nix
View file

@ -76,9 +76,20 @@
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
services.openssh.enable = true;
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
};
};
services.tailscale.enable = true;
security.apparmor = {
enable = true;
killUnconfinedConfinables = true;
};
security.protectKernelImage = true;
# sops.defaultSopsFile = ./secrets.yaml;
# sops.secrets = {
# wireguard_key = { };