Mitigate CVE-2024-6387 until merged upstream; Add justfile

2024-11-22 15:20:31 +01:00 · 2024-07-01 15:53:59 +02:00 · 2024-07-01 15:53:59 +02:00 · 4a285e0444
parent 05c70d976d
commit 4a285e0444
4 changed files with 15 additions and 1 deletions
--- a/home/modules/home-pkgs.nix
+++ b/home/modules/home-pkgs.nix
@ -28,6 +28,8 @@ in {
      pkgs.iftop
      pkgs.ranger

+      pkgs.just
+
      pkgs.catppuccin-kde

      pkgs.anki
--- a/hosts/x86_64-linux/beleth/default.nix
+++ b/hosts/x86_64-linux/beleth/default.nix
@ -161,7 +161,10 @@ with lib; {
    ];
  };
  users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7UkcmSVo+SeB5Obevz3mf3UHruYxn0UHUzoOs2gDBy xqtc@asmodeus"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJTLJqIVwnqFO64rnc66d234TFOdFXpDS9fJUA4/f4in xqtc@alastor"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7UkcmSVo+SeB5Obevz3mf3UHruYxn0UHUzoOs2gDBy xqtc@asmodeus"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPf3w5bHAssHthg9SPXVpG4w9v8m16X/0J3bjg08P6EA xqtc@seraphim"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYa+LoHGGvu12iBufUcr3GD8tsq4LuJdwLjaDkTr0SL xqtc@lilith"
  ];

  programs.bash.blesh.enable = true;
--- a/hosts/x86_64-linux/beleth/networking.nix
+++ b/hosts/x86_64-linux/beleth/networking.nix
@ -7,6 +7,8 @@
  # imports = [./wireguard.nix];

  services.openssh.settings.PasswordAuthentication = false;
+  # Mitigates https://www.cve.org/CVERecord?id=CVE-2024-6387
+  services.openssh.settings.LoginGraceTime = 0;

  networking = {
    interfaces = {
--- a/7
+++ b/7
@ -0,0 +1,7 @@
+beleth-host := "root@88.99.90.90"
+
+rebuild:
+  nh os switch . -- -vv
+
+beleth:
+  nixos-rebuild switch --flake '.#beleth' --build-host {{beleth-host}} --target-host {{beleth-host}}