kitten.sh / system
Personal Nix setup
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Tweak server configs

Phil Pluckthun 93a45295 a750247b

+18 -1
+17 -1
modules/router/timeserver.nix
··· 20 20 config = mkIf cfg.timeserver.enable { 21 21 networking.timeServers = [ 22 22 "time.cloudflare.com" 23 - "uk.pool.ntp.org" 23 + "ntppool1.time.nl" 24 + "ptbtime1.ptb.de" 24 25 ]; 25 26 26 27 services.chrony = { 27 28 enable = true; 29 + extraFlags = mkDefault [ 30 + "-F 1" # seccomp filter 31 + "-r" # reload history on restart 32 + ]; 33 + initstepslew.enabled = mkDefault false; 34 + enableRTCTrimming = mkDefault false; 35 + enableNTS = mkDefault true; 28 36 extraConfig = '' 37 + minsources 3 38 + authselectmode require 39 + dscp 46 40 + makestep 1.0 3 41 + cmdport 0 42 + noclientlog 43 + ${strings.optionalString (!config.services.chrony.enableRTCTrimming) "rtcsync"} 29 44 allow all 30 45 ${bindDevices} 31 46 ''; 32 47 }; 33 48 49 + services.timesyncd.enable = false; 34 50 services.ntp.enable = false; 35 51 services.openntpd.enable = false; 36 52 };
+1
modules/server/sshd.nix
··· 21 21 services.openssh = { 22 22 enable = true; 23 23 } // helpers.linuxAttrs { 24 + settings.PermitRootLogin = mkDefault "no"; 24 25 openFirewall = mkDefault (!config.modules.router.enable); 25 26 ports = [ 22 2222 ]; 26 27 };