ashie/nixos-vps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add security hardening and basic VPS setup

Browse source 
- Enable firewall with only SSH port 22 open, disable ping
- Harden SSH: disable root login and password auth
- Create non-root user 'ashie' with sudo access
- Add htop and tmux to system packages
- Enable automatic NixOS updates (no auto-reboot)
- Fix hostname syntax error (missing closing quote)
- Remove duplicate nixos/ subdirectory

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
ashisgreat22 2026-03-17 19:28:26 +01:00
parent e2277631af
commit 58905b7666
3 changed files with 40 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

53
configuration.nix
View file

@ -1,8 +1,6 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
# Workaround for https://github.com/NixOS/nix/issues/8502 # Workaround for https://github.com/NixOS/nix/issues/8502
@ -10,25 +8,54 @@
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
zramSwap.enable = true; zramSwap.enable = true;
networking.hostName = "nixos; networking.hostName = "nixos";
networking.domain = ""; networking.domain = "";
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII0OjmlFPbz/H0sv+Y7L+rHR7KCD9lL7HIevEnqy48qH ashisgreat22@github.com'' ]; # === Firewall ===
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 ]; # SSH
allowPing = false;
};
# === SSH Hardening ===
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
# === User Account ===
users.users.ashie = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII0OjmlFPbz/H0sv+Y7L+rHR7KCD9lL7HIevEnqy48qH ashisgreat22@github.com"
];
};
# === Sudo without password for wheel group ===
security.sudo.wheelNeedsPassword = false;
# === Automatic Updates ===
system.autoUpgrade = {
enable = true;
allowReboot = false;
};
system.stateVersion = "23.11"; system.stateVersion = "23.11";
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim # Do not forget to add an editor, also! vim
wget wget
git git
nano nano
kitty.terminfo kitty.terminfo
htop
tmux
]; ];
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];
} }

19
nixos/configuration.nix
View file

@ -1,19 +0,0 @@
{ ... }: {
imports = [
./hardware-configuration.nix
];
# Workaround for https://github.com/NixOS/nix/issues/8502
services.logrotate.checkConfig = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
networking.hostName = "ubuntu";
networking.domain = "";
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII0OjmlFPbz/H0sv+Y7L+rHR7KCD9lL7HIevEnqy48qH ashisgreat22@github.com'' ];
system.stateVersion = "23.11";
}

9
nixos/hardware-configuration.nix
View file

@ -1,9 +0,0 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/vda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
}