eliribble
/
nixos-systems
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: eliribble:f625d764dbb01a586a08d7f4f8bdf75da25a4b9e
Branches Tags
eliribble:main
...
compare: eliribble:01808ecf8435140314b85a5386e04f543cce2f7c
Branches Tags
eliribble:main

2 Commits
f625d764db ... 01808ecf84

Author SHA1 Message Date
Eli Ribble 01808ecf84 Only bind mysql to the localhost address 
That way its not addressable from outside.
 2025-04-12 08:58:30 -07:00
Eli Ribble 39d2eb3ab7 Get the very latest sshd, 9.9p2 
This is required by the PCI compliance scanner. In order to make this
work I now need to run "nixos-rebuild switch --impure" and I had to add
the unstable channel with "nix-channel --add
https://nixos.org/channels/nixpkgs-unstable nixpkgs-unstable"
 2025-04-12 08:56:38 -07:00
1 changed files with 9 additions and 1 deletions
Show Stats Expand all files Collapse all files

10
anythingforafriend/etc/nixos/configuration.nix
View File

@ -18,7 +18,13 @@
];
i18n.defaultLocale = "en_US.UTF-8";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.config = {
packageOverrides = pkgs: {
unstable = import <nixpkgs-unstable> {
config = config.nixpkgs.config;
};
};
};
programs.neovim.enable = true;
programs.neovim.defaultEditor = true;
@ -64,6 +70,7 @@
services.mysql = {
enable = true;
package = pkgs.mariadb;
settings.mysqld.bind-address = "127.0.0.1";
};
services.nginx = {
enable = true;
@ -105,6 +112,7 @@
services.openssh = {
enable = true;
# require public key authentication for better security
package = pkgs.unstable.openssh;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "no";