From 8a0667ee2a02783dcb76286bcfd9dfb7cd03cf0a Mon Sep 17 00:00:00 2001 From: Guanran Wang Date: Fri, 23 Aug 2024 16:10:31 +0800 Subject: [PATCH] nixos/server: cleanup --- flake.nix | 1 + hosts/blacksteel/default.nix | 2 -- hosts/tyo0/default.nix | 2 -- nixos/profiles/core/default.nix | 6 +----- nixos/profiles/core/nix.nix | 2 +- nixos/profiles/server/default.nix | 13 ++++++++----- 6 files changed, 11 insertions(+), 15 deletions(-) diff --git a/flake.nix b/flake.nix index 97df329..294150a 100644 --- a/flake.nix +++ b/flake.nix @@ -152,6 +152,7 @@ defaults.imports = [ ./nixos/profiles/core + ./nixos/profiles/server ]; "tyo0" = { diff --git a/hosts/blacksteel/default.nix b/hosts/blacksteel/default.nix index 419f8b7..072d84a 100644 --- a/hosts/blacksteel/default.nix +++ b/hosts/blacksteel/default.nix @@ -6,7 +6,6 @@ }: { imports = [ # OS - ../../nixos/profiles/server ../../nixos/profiles/opt-in/mihomo # Hardware @@ -25,7 +24,6 @@ boot.loader.efi.canTouchEfiVariables = true; boot.loader.systemd-boot.enable = true; networking.hostName = "blacksteel"; - time.timeZone = "Asia/Shanghai"; system.stateVersion = "24.05"; ######## Secrets diff --git a/hosts/tyo0/default.nix b/hosts/tyo0/default.nix index a636c72..ef783da 100644 --- a/hosts/tyo0/default.nix +++ b/hosts/tyo0/default.nix @@ -6,7 +6,6 @@ }: { imports = [ "${modulesPath}/virtualisation/amazon-image.nix" - ../../nixos/profiles/server ./anti-feature.nix ./services/forgejo.nix @@ -20,7 +19,6 @@ ./services/vaultwarden.nix ]; - time.timeZone = "Asia/Tokyo"; boot.loader.grub.device = lib.mkForce "/dev/nvme0n1"; system.stateVersion = "24.05"; diff --git a/nixos/profiles/core/default.nix b/nixos/profiles/core/default.nix index 443148a..5928940 100644 --- a/nixos/profiles/core/default.nix +++ b/nixos/profiles/core/default.nix @@ -50,7 +50,7 @@ ]; users.mutableUsers = false; - users.users = rec { + users.users = { "guanranwang" = { isNormalUser = true; description = "Guanran Wang"; @@ -64,10 +64,6 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMmd/uqiBahzKcKMJ+gT3dkUIdrWQgudspsDchDlx1E/ guanran928@outlook.com" ]; }; - - "root" = { - openssh.authorizedKeys.keys = guanranwang.openssh.authorizedKeys.keys; - }; }; boot.initrd.systemd.enable = true; diff --git a/nixos/profiles/core/nix.nix b/nixos/profiles/core/nix.nix index 7124ebf..573d7c1 100644 --- a/nixos/profiles/core/nix.nix +++ b/nixos/profiles/core/nix.nix @@ -26,7 +26,7 @@ "no-url-literals" ]; flake-registry = ""; - trusted-users = ["root" "@wheel"]; + trusted-users = ["@wheel"]; allow-import-from-derivation = false; auto-allocate-uids = true; auto-optimise-store = true; diff --git a/nixos/profiles/server/default.nix b/nixos/profiles/server/default.nix index 28a54de..0238762 100644 --- a/nixos/profiles/server/default.nix +++ b/nixos/profiles/server/default.nix @@ -1,12 +1,15 @@ -{pkgs, ...}: { +{ + pkgs, + config, + ... +}: { environment.systemPackages = with pkgs; [ - alacritty.terminfo - kitty.terminfo foot.terminfo - tmux.terminfo - wezterm.terminfo ]; # TODO: colmena services.openssh.settings.PermitRootLogin = "prohibit-password"; + users.users."root".openssh.authorizedKeys.keys = config.users.users.guanranwang.openssh.authorizedKeys.keys; + + time.timeZone = "UTC"; }