harden and fmt

2026-05-11 00:55:58 +08:00 · 2021-09-04 17:16:40 -04:00 · 2021-09-04 17:16:40 -04:00 · 6c2c91c076
commit 6c2c91c076
parent 2dcada99cd
1 changed files with 32 additions and 18 deletions
--- a/hosts/ryzen9.nix
+++ b/hosts/ryzen9.nix
@ -9,7 +9,7 @@
  boot.initrd.availableKernelModules = [ "nvme" "ahci" ];
  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
+  boot.extraModulePackages = [];

  fileSystems."/" =
    {
@ -17,7 +17,7 @@
      fsType = "ext4";
    };

-  swapDevices = [ ];
+  swapDevices = [];

  nix.maxJobs = lib.mkDefault 32;
  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
@ -57,11 +57,13 @@

  networking.interfaces."enp8s0" = {
    ipv4 = {
-      addresses = [{
-        # Server main IPv4 address
-        address = "162.55.241.231";
-        prefixLength = 24;
-      }];
+      addresses = [
+        {
+          # Server main IPv4 address
+          address = "162.55.241.231";
+          prefixLength = 24;
+        }
+      ];

      routes = [
        # Default IPv4 gateway route
@ -74,17 +76,21 @@
    };

    ipv6 = {
-      addresses = [{
-        address = "2a01:4f8:272:4ec9::1";
-        prefixLength = 64;
-      }];
+      addresses = [
+        {
+          address = "2a01:4f8:272:4ec9::1";
+          prefixLength = 64;
+        }
+      ];

      # Default IPv6 route
-      routes = [{
-        address = "::";
-        prefixLength = 0;
-        via = "fe80::1";
-      }];
+      routes = [
+        {
+          address = "::";
+          prefixLength = 0;
+          via = "fe80::1";
+        }
+      ];
    };
  };

@ -104,8 +110,16 @@
  };


-  services.openssh.enable = true;
-  services.netdata.enable = true;
+  services = {
+    openssh = {
+      enable = true;
+      permitRootLogin = "no";
+      passwordAuthentication = false;
+    };
+    fail2ban.enable = true;
+
+    netdata.enable = true;
+  };

  programs = {
    mosh.enable = true;