copie de configuration.nix par nix dans l'environement courant

ssh: ajout lien best practices
ajout clef mbp pour root (car radx n'est toujours pas en route)
2016-09-20 15:21:48 +02:00 · 2016-09-15 15:52:15 +02:00 · 2016-09-15 12:08:25 +02:00
3 changed files with 5 additions and 0 deletions
--- a/base/activation-manuelle/users.nix
+++ b/base/activation-manuelle/users.nix
@@ -20,6 +20,7 @@ in {

  users.extraUsers.root = {
    openssh.authorizedKeys.keys = [
+      mbpJPierre03
      radxJPierre03
      radxRoot
      phenomTaeradan
--- a/public/environment.nix
+++ b/public/environment.nix
@@ -14,6 +14,9 @@ in
  # The NixOS release to be compatible with for stateful data such as databases.
  system.stateVersion = "16.03";

+  #  copies the NixOS configuration file (usually /etc/nixos/configuration.nix) and links it from the resulting system (getting to /run/current-system/configuration.nix)
+  system.copySystemConfiguration = true;
+
  # On autorise les paquets non-libres
  nixpkgs.config.allowUnfree = true;

--- a/public/service-ssh.nix
+++ b/public/service-ssh.nix
@@ -14,6 +14,7 @@ mkIf true {
  services.openssh = {
    enable = true;
    # https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29
+    # http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
    extraConfig = ''
      KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
      Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
Author	SHA1	Message	Date
Jean-Pierre PRUNARET	5444be4fd2	copie de configuration.nix par nix dans l'environement courant	2016-09-20 15:21:48 +02:00
Jean-Pierre PRUNARET	9b4a4f1b67	ssh: ajout lien best practices	2016-09-15 15:52:15 +02:00
Jean-Pierre PRUNARET	b622554b42	ajout clef mbp pour root (car radx n'est toujours pas en route)	2016-09-15 12:08:25 +02:00