flakes/hosts/winter/security.nix

{ config, pkgs, ... }: {
  networking.firewall.enable = false;

  services.openssh = {
    enable = true;
    permitRootLogin = "no";
    passwordAuthentication = false;
  };

  security = {
    polkit.enable = true;
    sudo.enable = false;
    doas = {
      enable = true;
      extraRules = [
        {
          groups = ["wheel"];
          keepEnv = true;
          persist = true;
        }
      ];
    };
  };
}
a 2021-05-11 14:32:58 +07:00			`{ config, pkgs, ... }: {`
			`networking.firewall.enable = false;`
disallow ssh root login and password auth 2021-07-15 08:39:09 +07:00
			`services.openssh = {`
			`enable = true;`
			`permitRootLogin = "no";`
			`passwordAuthentication = false;`
			`};`
a 2021-05-11 14:32:58 +07:00
			`security = {`
			`polkit.enable = true;`
			`sudo.enable = false;`
			`doas = {`
			`enable = true;`
			`extraRules = [`
			`{`
			`groups = ["wheel"];`
			`keepEnv = true;`
			`persist = true;`
			`}`
			`];`
			`};`
			`};`
			`}`