Merge branch 'main' into b12f

This commit is contained in:
Benjamin Bädorf 2022-10-17 16:01:09 +02:00
commit d7bbd78486
No known key found for this signature in database
GPG key ID: 4406E80E13CD656C
5 changed files with 54 additions and 7 deletions

View file

@ -121,7 +121,7 @@ steps:
from_secret: iso_web_ssh_port
key:
from_secret: iso_web_ssh_key
target: /srv/os
target: /srv/os/download
source:
- /var/nix/iso-cache/*.iso
- /var/nix/iso-cache/*.iso.sha256
@ -143,6 +143,6 @@ volumes:
---
kind: signature
hmac: 7b0b56a97294cd563eee2bde56abeea6dd0928e01729980a25f8c165a3f6e0f6
hmac: 8823c7103f6a075bb291a497c7ab5d5db47a91f9bc7d8ef95329b5620c9cf91d
...

View file

@ -36,6 +36,8 @@ in
wifi.backend = "iwd";
};
networking.firewall.enable = true;
# Customized binary caches list (with fallback to official binary cache)
nix.binaryCaches = cfg.binaryCaches;
nix.binaryCachePublicKeys = cfg.publicKeys;

View file

@ -4,6 +4,8 @@
# For rage encryption, all hosts need a ssh key pair
services.openssh = {
enable = true;
# If you don't want the host to have SSH actually opened up to the net,
# set `services.openssh.openFirewall` to false in your config.
openFirewall = lib.mkDefault true;
passwordAuthentication = false;
};

View file

@ -100,10 +100,15 @@
foreground = "0xe3e1e4";
};
# Colors the cursor will use if `custom_cursor_colors` is true
# Cursor colors
#
# Colors which should be used to draw the terminal cursor.
#
# Allowed values are CellForeground/CellBackground, which reference the
# affected cell, or hexadecimal colors like #ff00ff.
cursor = {
text = "0x1a181a";
cursor = "0xe3e1e4";
text = "CellBackground";
cursor = "CellForeground";
};
# Colors used for the search bar and match highlighting.
@ -115,14 +120,25 @@
background = "0x1a181a";
};
focused_match = {
foreground = "0xe5c463";
background = "0xe3e1e4";
foreground = "CellBackground";
background = "CellForeground";
};
#bar =
# background = "#c5c8c6";
# foreground = "#1d1f21";
};
# Selection colors
#
# Colors which should be used to draw the selection area.
#
# Allowed values are CellForeground/CellBackground, which reference the
# affected cell, or hexadecimal colors like #ff00ff.
selection = {
text = "0x1a181a";
background = "0xf85e84";
};
# Normal colors
normal = {
black = "0x1a181a";

View file

@ -25,5 +25,32 @@ in
services.tor.settings = {
UseBridges = true;
};
# The options below are directly taken from or inspired by
# https://xeiaso.net/blog/paranoid-nixos-2021-07-18
# Don't set this if you need sftp
services.openssh.allowSFTP = false;
services.openssh.openFirewall = false; # Lock yourself out
# Limit the use of sudo to the group wheel
security.sudo.execWheelOnly = true;
# Remove the complete default environment of packages like
# nano, perl and rsync
environment.defaultPackages = lib.mkForce [ ];
# fileSystems."/".options = [ "noexec" ];
services.openssh = {
kbdInteractiveAuthentication = false;
extraConfig = ''
AllowTcpForwarding yes
X11Forwarding no
AllowAgentForwarding no
AllowStreamLocalForwarding no
AuthenticationMethods publickey
'';
};
};
}