From ceaaa5dc2dc8fea804bed26235a39a6757a1a252 Mon Sep 17 00:00:00 2001 From: Richie Cahill Date: Sun, 8 Sep 2024 15:44:34 -0400 Subject: [PATCH] clean up --- .vscode/settings.json | 121 ++++++++++++++++++++++++++++++++++ systems/common/global/ssh.nix | 120 ++++++++++++++++----------------- 2 files changed, 181 insertions(+), 60 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index c214cff..c2b162e 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,50 +1,171 @@ { "cSpell.words": [ + "aboutwelcome", + "ahci", "alsa", + "asrouter", + "auditd", + "autofetch", + "autopull", + "azuretools", "bantime", + "bitwarden", + "breakpad", "btop", "cachix", + "captivedetect", "cgroupdriver", + "charliermarsh", + "codezombiech", + "compactmode", "Compat", + "contentblocking", + "cookiebanners", + "crlite", + "darkreader", + "datareporting", + "davidanson", + "dconf", + "dearrow", + "debugpy", "dialout", + "diffie", + "direnv", + "dmask", "dotfiles", + "drawio", + "eamodio", + "endlessh", + "errorlens", + "esbenp", "extest", + "fastforwardteam", + "FASTFOX", + "fileroller", + "findbar", + "fmask", + "formfill", + "foxundermoon", + "FULLSCREEN", + "fxaccounts", "gamemode", "gamescope", + "ghdeploy", + "globalprivacycontrol", + "gparted", + "healthreport", + "Heatsink", + "hediet", + "hexeditor", + "hicolor", + "hmac", + "HPKP", + "htmlaboutaddons", "hwloc", "iperf", + "jnoortheen", + "jsbc", "libglvnd", "libmysqlclient", "libsodium", "libssh", "libvirtd", + "luks", "lynis", "mangohud", + "markdownlint", "maxretry", "maxtime", + "mechatroner", + "mediainfo", + "modesetting", + "mousewheel", + "mtxr", "ncdu", + "nemo", "neofetch", "networkmanager", + "newtabpage", "nixos", "nixpkgs", "nmap", + "nonsponsored", + "nvme", + "OCSP", + "oderwat", + "optimise", + "optoutstudies", "overalljails", + "overscroll", + "pbmode", "pciutils", + "pdfjs", + "peerconnection", + "PESKYFOX", "pipewire", "pkgs", "plugdev", + "privatebrowsing", + "proxychains", + "prusa", "pulseaudio", + "punycode", + "pylance", + "quicksuggest", + "readahead", + "Redistributable", + "referer", + "REFERERS", + "Rhosts", "ripgrep", "rtkit", "rycee", + "safebrowsing", + "schemeless", + "scrollback", + "SECUREFOX", + "sessionstore", + "shellcheck", + "signon", + "Signons", + "skia", "smartmontools", + "SMOOTHFOX", + "socialtracking", + "sponsorblock", + "sqltools", "stdenv", + "subresource", "substituters", + "supermaven", + "tabmanager", + "tamasfe", + "tiktok", + "timonwong", + "topsites", + "topstories", + "twimg", "uaccess", + "ublock", + "uitour", + "unsubmitted", + "urlbar", + "urlclassifier", + "usbhid", "usbutils", + "usernamehw", + "userprefs", + "vfat", + "virt", "virtualisation", + "vpnpromourl", + "webchannel", + "WEBRTC", "wireshark", + "xhci", + "yzhang", "zerotier", + "zerotierone", "zoxide", "zstd" ] diff --git a/systems/common/global/ssh.nix b/systems/common/global/ssh.nix index f3bc8e3..3b3ae8f 100644 --- a/systems/common/global/ssh.nix +++ b/systems/common/global/ssh.nix @@ -1,66 +1,66 @@ { lib, ... }: { - services.openssh = { - enable = lib.mkDefault true; - extraConfig = "StreamLocalBindUnlink yes"; - - hostKeys = [ - { - bits = 4096; - path = "/etc/ssh/ssh_host_rsa_key"; - type = "rsa"; - } - { - path = "/etc/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - { - path = "/etc/ssh/ssh_host_ecdsa_key"; - type = "ecdsa"; - } - ]; - - settings = { - AllowAgentForwarding = "no"; - AllowTcpForwarding = lib.mkDefault "yes"; - ChallengeResponseAuthentication = "no"; - ClientAliveCountMax = lib.mkDefault 2; - Compression = "NO"; - IgnoreRhosts = "yes"; - LogLevel = lib.mkDefault "VERBOSE"; - MaxAuthTries = 3; - MaxSessions = lib.mkDefault 2; - PasswordAuthentication = false; - PermitEmptyPasswords = "no"; - PermitRootLogin = lib.mkForce "no"; - TcpKeepAlive = "no"; - X11Forwarding = lib.mkDefault false; - KexAlgorithms = [ - "curve25519-sha256@libssh.org" - "diffie-hellman-group-exchange-sha256" - ]; - - Ciphers = [ - "chacha20-poly1305@openssh.com" - "aes256-gcm@openssh.com" - "aes128-gcm@openssh.com" - "aes256-ctr" - "aes192-ctr" - "aes128-ctr" - ]; - - Macs = [ - "hmac-sha2-512-etm@openssh.com" - "hmac-sha2-256-etm@openssh.com" - "umac-128-etm@openssh.com" - "hmac-sha2-512" - "hmac-sha2-256" - "umac-128@openssh.com" - ]; - }; - }; - services = { + openssh = { + enable = lib.mkDefault true; + extraConfig = "StreamLocalBindUnlink yes"; + + hostKeys = [ + { + bits = 4096; + path = "/etc/ssh/ssh_host_rsa_key"; + type = "rsa"; + } + { + path = "/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + { + path = "/etc/ssh/ssh_host_ecdsa_key"; + type = "ecdsa"; + } + ]; + + settings = { + AllowAgentForwarding = "no"; + AllowTcpForwarding = lib.mkDefault "yes"; + ChallengeResponseAuthentication = "no"; + ClientAliveCountMax = lib.mkDefault 2; + Compression = "NO"; + IgnoreRhosts = "yes"; + LogLevel = lib.mkDefault "VERBOSE"; + MaxAuthTries = 3; + MaxSessions = lib.mkDefault 2; + PasswordAuthentication = false; + PermitEmptyPasswords = "no"; + PermitRootLogin = lib.mkForce "no"; + TcpKeepAlive = "no"; + X11Forwarding = lib.mkDefault false; + KexAlgorithms = [ + "curve25519-sha256@libssh.org" + "diffie-hellman-group-exchange-sha256" + ]; + + Ciphers = [ + "chacha20-poly1305@openssh.com" + "aes256-gcm@openssh.com" + "aes128-gcm@openssh.com" + "aes256-ctr" + "aes192-ctr" + "aes128-ctr" + ]; + + Macs = [ + "hmac-sha2-512-etm@openssh.com" + "hmac-sha2-256-etm@openssh.com" + "umac-128-etm@openssh.com" + "hmac-sha2-512" + "hmac-sha2-256" + "umac-128@openssh.com" + ]; + }; + }; + endlessh-go = { enable = lib.mkDefault true; port = 22;