copie de configuration.nix par nix dans l'environement courant

base/activation-manuelle/users.nix

@@ -20,6 +20,7 @@ in {
 
   users.extraUsers.root = {
     openssh.authorizedKeys.keys = [
+      mbpJPierre03
       radxJPierre03
       radxRoot
       phenomTaeradan

public/environment.nix

@@ -14,6 +14,9 @@ in
   # The NixOS release to be compatible with for stateful data such as databases.
   system.stateVersion = "16.03";
 
+  #  copies the NixOS configuration file (usually /etc/nixos/configuration.nix) and links it from the resulting system (getting to /run/current-system/configuration.nix)
+  system.copySystemConfiguration = true;
+
   # On autorise les paquets non-libres
   nixpkgs.config.allowUnfree = true;
 
@@ -59,6 +62,10 @@ in
     };
     etc.gitconfig.text = builtins.readFile ./gitconfig;
   };
+  # programmes qui n'ont pas besoin de sudo pour fonctionner
+  security.setuidPrograms = [
+    "mtr"
+  ];
   programs.bash = {
     enableCompletion = true;
     promptInit = builtins.readFile ./bash-prompt.sh;

public/service-ssh.nix

@@ -14,6 +14,7 @@ mkIf true {
   services.openssh = {
     enable = true;
     # https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29
+    # http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
     extraConfig = ''
       KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
       Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr