Mitigate CVE-2024-6387 until merged upstream; Add justfile

This commit is contained in:
xqtc161 2024-07-01 15:53:59 +02:00
parent 05c70d976d
commit 4a285e0444
4 changed files with 15 additions and 1 deletions

View file

@ -28,6 +28,8 @@ in {
pkgs.iftop
pkgs.ranger
pkgs.just
pkgs.catppuccin-kde
pkgs.anki

View file

@ -161,7 +161,10 @@ with lib; {
];
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJTLJqIVwnqFO64rnc66d234TFOdFXpDS9fJUA4/f4in xqtc@alastor"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7UkcmSVo+SeB5Obevz3mf3UHruYxn0UHUzoOs2gDBy xqtc@asmodeus"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPf3w5bHAssHthg9SPXVpG4w9v8m16X/0J3bjg08P6EA xqtc@seraphim"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYa+LoHGGvu12iBufUcr3GD8tsq4LuJdwLjaDkTr0SL xqtc@lilith"
];
programs.bash.blesh.enable = true;

View file

@ -7,6 +7,8 @@
# imports = [./wireguard.nix];
services.openssh.settings.PasswordAuthentication = false;
# Mitigates https://www.cve.org/CVERecord?id=CVE-2024-6387
services.openssh.settings.LoginGraceTime = 0;
networking = {
interfaces = {

7
justfile Normal file
View file

@ -0,0 +1,7 @@
beleth-host := "root@88.99.90.90"
rebuild:
nh os switch . -- -vv
beleth:
nixos-rebuild switch --flake '.#beleth' --build-host {{beleth-host}} --target-host {{beleth-host}}