From 6c2c91c076a8287921f269ab2bc05345e9db1681 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Sat, 4 Sep 2021 17:16:40 -0400 Subject: [PATCH] harden and fmt --- hosts/ryzen9.nix | 50 +++++++++++++++++++++++++++++++----------------- 1 file changed, 32 insertions(+), 18 deletions(-) diff --git a/hosts/ryzen9.nix b/hosts/ryzen9.nix index 0e69482..0ee7732 100644 --- a/hosts/ryzen9.nix +++ b/hosts/ryzen9.nix @@ -9,7 +9,7 @@ boot.initrd.availableKernelModules = [ "nvme" "ahci" ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot.extraModulePackages = []; fileSystems."/" = { @@ -17,7 +17,7 @@ fsType = "ext4"; }; - swapDevices = [ ]; + swapDevices = []; nix.maxJobs = lib.mkDefault 32; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; @@ -57,11 +57,13 @@ networking.interfaces."enp8s0" = { ipv4 = { - addresses = [{ - # Server main IPv4 address - address = "162.55.241.231"; - prefixLength = 24; - }]; + addresses = [ + { + # Server main IPv4 address + address = "162.55.241.231"; + prefixLength = 24; + } + ]; routes = [ # Default IPv4 gateway route @@ -74,17 +76,21 @@ }; ipv6 = { - addresses = [{ - address = "2a01:4f8:272:4ec9::1"; - prefixLength = 64; - }]; + addresses = [ + { + address = "2a01:4f8:272:4ec9::1"; + prefixLength = 64; + } + ]; # Default IPv6 route - routes = [{ - address = "::"; - prefixLength = 0; - via = "fe80::1"; - }]; + routes = [ + { + address = "::"; + prefixLength = 0; + via = "fe80::1"; + } + ]; }; }; @@ -104,8 +110,16 @@ }; - services.openssh.enable = true; - services.netdata.enable = true; + services = { + openssh = { + enable = true; + permitRootLogin = "no"; + passwordAuthentication = false; + }; + fail2ban.enable = true; + + netdata.enable = true; + }; programs = { mosh.enable = true;