diff --git a/flake.lock b/flake.lock index 9cb4692c..af05ca6f 100644 --- a/flake.lock +++ b/flake.lock @@ -137,19 +137,19 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "utils": "utils" + ] }, "locked": { - "lastModified": 1675637696, - "narHash": "sha256-tilJS8zCS3PaDfVOfsBZ4zspuam8tc7IMZxtGa/K/uo=", + "lastModified": 1667907331, + "narHash": "sha256-bHkAwkYlBjkupPUFcQjimNS8gxWSWjOTevEuwdnp5m0=", "owner": "nix-community", "repo": "home-manager", - "rev": "c43d4a3d6d9ef8ddbe2438362f5c775b4186000b", + "rev": "6639e3a837fc5deb6f99554072789724997bc8e5", "type": "github" }, "original": { "owner": "nix-community", + "ref": "release-22.05", "repo": "home-manager", "type": "github" } @@ -208,16 +208,32 @@ }, "nixpkgs": { "locked": { - "lastModified": 1675545634, - "narHash": "sha256-TbQeQcM5TA/wIho6xtzG+inUfiGzUXi8ewwttiQWYJE=", + "lastModified": 1675681488, + "narHash": "sha256-0E/oYpixC+joFk7UrY60TwZcdthzP2BXmJwne3Ni8ZI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0591d6b57bfeb55dfeec99a671843337bc2c3323", + "rev": "13fdd3945d8a2da5e4afe35d8a629193a9680911", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-darwin": { + "locked": { + "lastModified": 1675681488, + "narHash": "sha256-0E/oYpixC+joFk7UrY60TwZcdthzP2BXmJwne3Ni8ZI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "13fdd3945d8a2da5e4afe35d8a629193a9680911", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-22.11-darwin", "repo": "nixpkgs", "type": "github" } @@ -324,7 +340,7 @@ "nixpkgs": [ "nixpkgs" ], - "utils": "utils_2" + "utils": "utils" }, "locked": { "lastModified": 1669555118, @@ -351,6 +367,7 @@ "impermanence": "impermanence", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", + "nixpkgs-darwin": "nixpkgs-darwin", "nixpkgs-master": "nixpkgs-master", "nnn-vim": "nnn-vim", "octoprint-spoolmanager": "octoprint-spoolmanager", @@ -358,7 +375,7 @@ "pandoc-latex-template": "pandoc-latex-template", "private": "private", "rnix-lsp": "rnix-lsp", - "utils": "utils_3", + "utils": "utils_2", "x": "x", "xynoblog": "xynoblog", "zsh-completions": "zsh-completions", @@ -367,21 +384,6 @@ } }, "utils": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_2": { "locked": { "lastModified": 1656928814, "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", @@ -396,7 +398,7 @@ "type": "github" } }, - "utils_3": { + "utils_2": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", diff --git a/flake.nix b/flake.nix index 4cf6a773..092adbd0 100644 --- a/flake.nix +++ b/flake.nix @@ -5,11 +5,12 @@ utils.url = "github:numtide/flake-utils"; ## nixos/nix-darwin dependencies - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11"; + nixpkgs-darwin.url = "github:NixOS/nixpkgs/nixpkgs-22.11-darwin"; nixpkgs-master.url = "github:NixOS/nixpkgs/master"; agenix.url = "github:ryantm/agenix/main"; agenix.inputs.nixpkgs.follows = "nixpkgs"; - home-manager.url = "github:nix-community/home-manager"; + home-manager.url = "github:nix-community/home-manager/release-22.05"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; impermanence.url = "github:nix-community/impermanence"; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; @@ -66,6 +67,7 @@ outputs = inputs @ { self , nixpkgs + , nixpkgs-darwin , nixpkgs-master , agenix , home-manager @@ -148,6 +150,10 @@ inherit system overlays; config.allowUnfree = true; }; + genDarwinPkgsWithOverlays = system: import nixpkgs-darwin { + inherit system overlays; + config.allowUnfree = true; + }; hmConfig = { hm, pkgs, inputs, config, ... }: { @@ -191,7 +197,7 @@ }; darwinSystem = system: extraModules: hostName: let - pkgs = genPkgsWithOverlays system; + pkgs = genDarwinPkgsWithOverlays system; in darwin.lib.darwinSystem { diff --git a/nixos-modules/services/ssh.nix b/nixos-modules/services/ssh.nix index bfa4ddb2..b8d1f5d1 100644 --- a/nixos-modules/services/ssh.nix +++ b/nixos-modules/services/ssh.nix @@ -6,9 +6,9 @@ in { options.ragon.services.ssh.enable = lib.mkEnableOption "Enables sshd"; config = lib.mkIf cfg.enable { - services.openssh.settings.PermitRootLogin = "without-password"; + services.openssh.permitRootLogin = "without-password"; services.openssh.enable = true; - services.openssh.settings.PasswordAuthentication = false; + services.openssh.passwordAuthentication = false; users.users.root.openssh.authorizedKeys.keys = pubkeys.ragon.user; }; } diff --git a/nixos-modules/system/security.nix b/nixos-modules/system/security.nix index c8bad5a1..53fc4c49 100644 --- a/nixos-modules/system/security.nix +++ b/nixos-modules/system/security.nix @@ -11,8 +11,9 @@ in config = mkIf cfg.enable { security.sudo.execWheelOnly = true; services.openssh = { - settings.PasswordAuthentication = false; - settings.KbdInteractiveAuthentication = false; + passwordAuthentication = false; + allowSFTP = true; # just use rsync, lol + kbdInteractiveAuthentication = false; extraConfig = '' AllowTcpForwarding yes X11Forwarding no