big changes again..

modules/common/default.nix

@@ -5,14 +5,12 @@
   ...
 }: {
   imports = [
-    ../../users
-    ./home.nix
+    ../users
+    ./security.nix
     ./yubikey.nix
   ];
 
   nix.settings.experimental-features = ["nix-command" "flakes"];
-  services.openssh.enable = true;
-  networking.firewall.allowedTCPPorts = [22];
 
   time.timeZone = "Europe/Berlin";
 

modules/common/home.nix

@@ -1,74 +0,0 @@
-{
-  lib,
-  config,
-  pkgs,
-  ...
-}: {
-  home-manager.useGlobalPkgs = true;
-  home-manager.users.sammy = {
-    imports = [./nvim];
-    home.username = "sammy";
-    home.homeDirectory = "/home/sammy";
-    home.stateVersion = "23.11"; # Please read the comment before changing.
-    home.packages = with pkgs; [
-      bat
-      lsd
-      gnupg
-      kitty
-      tmux
-    ];
-
-    programs = {
-      home-manager.enable = true;
-
-      git = {
-        enable = true;
-        userName = "CherryKitten";
-        userEmail = "git@cherrykitten.dev";
-        signing.key = "0xC01A7CBBA617BD5F";
-        signing.signByDefault = true;
-        extraConfig = {
-          init = {defaultBranch = "main";};
-          core = {editor = "nvim";};
-          pull.rebase = true;
-        };
-      };
-
-      nushell = {
-        enable = true;
-      };
-    };
-
-    # Home Manager is pretty good at managing dotfiles. The primary way to manage
-    # plain files is through 'home.file'.
-    home.file = {
-      # # Building this configuration will create a copy of 'dotfiles/screenrc' in
-      # # the Nix store. Activating the configuration will then make '~/.screenrc' a
-      # # symlink to the Nix store copy.
-      # ".screenrc".source = dotfiles/screenrc;
-
-      # # You can also set the file content immediately.
-      # ".gradle/gradle.properties".text = ''
-      #   org.gradle.console=verbose
-      #   org.gradle.daemon.idletimeout=3600000
-      # '';
-    };
-
-    # Home Manager can also manage your environment variables through
-    # 'home.sessionVariables'. If you don't want to manage your shell through Home
-    # Manager then you have to manually source 'hm-session-vars.sh' located at
-    # either
-    #
-    #  ~/.nix-profile/etc/profile.d/hm-session-vars.sh
-    #
-    # or
-    #
-    #  /etc/profiles/per-user/sammy/etc/profile.d/hm-session-vars.sh
-    #
-    home.sessionVariables = {
-      EDITOR = "nvim";
-    };
-
-    # Let Home Manager install and manage itself.
-  };
-}

modules/common/security.nix

@@ -0,0 +1,43 @@
+{pkgs, ...}: {
+  networking.firewall.allowedTCPPorts = [22];
+
+  services.openssh = {
+    enable = true;
+    banner = "nyanya :3";
+    logLevel = "VERBOSE";
+    settings = {
+      PermitRootLogin = "no";
+      PasswordAuthentication = false;
+      Macs = [
+        "hmac-sha2-512"
+        "hmac-sha2-256"
+      ];
+      KexAlgorithms = [
+        "sntrup761x25519-sha512@openssh.com"
+        "curve25519-sha256"
+        "curve25519-sha256@libssh.org"
+        "diffie-hellman-group-exchange-sha256"
+      ];
+      Ciphers = [
+        "aes256-gcm@openssh.com"
+        "aes128-gcm@openssh.com"
+        "aes256-ctr"
+        "aes192-ctr"
+        "aes128-ctr"
+      ];
+    };
+  };
+
+  security = {
+    sudo = {
+      enable = true;
+      wheelNeedsPassword = false;
+      keepTerminfo = true;
+    };
+  };
+
+  services.fail2ban = {
+    enable = true;
+    maxretry = 5;
+  };
+}

modules/users/default.nix

@@ -0,0 +1,19 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  users.users = {
+    sammy = {
+      isNormalUser = true;
+      extraGroups = ["networkmanager" "wheel" "docker"];
+      shell = pkgs.nushell;
+    };
+  };
+
+  home-manager.useGlobalPkgs = true;
+  home-manager.users = {
+    sammy.imports = [./sammy.nix];
+  };
+}

modules/users/sammy.nix

@@ -0,0 +1,43 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [../nvim];
+  home.username = "sammy";
+  home.homeDirectory = "/home/sammy";
+  home.stateVersion = "23.11"; # Please read the comment before changing.
+  home.packages = with pkgs; [
+    bat
+    lsd
+    gnupg
+    kitty
+    tmux
+  ];
+
+  programs = {
+    home-manager.enable = true;
+
+    git = {
+      enable = true;
+      userName = "CherryKitten";
+      userEmail = "git@cherrykitten.dev";
+      signing.key = "0xC01A7CBBA617BD5F";
+      signing.signByDefault = true;
+      extraConfig = {
+        init = {defaultBranch = "main";};
+        core = {editor = "nvim";};
+        pull.rebase = true;
+      };
+    };
+
+    nushell = {
+      enable = true;
+    };
+  };
+
+  home.sessionVariables = {
+    EDITOR = "nvim";
+  };
+}

users/sammy.nix

@@ -0,0 +1,43 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [./nvim];
+  home.username = "sammy";
+  home.homeDirectory = "/home/sammy";
+  home.stateVersion = "23.11"; # Please read the comment before changing.
+  home.packages = with pkgs; [
+    bat
+    lsd
+    gnupg
+    kitty
+    tmux
+  ];
+
+  programs = {
+    home-manager.enable = true;
+
+    git = {
+      enable = true;
+      userName = "CherryKitten";
+      userEmail = "git@cherrykitten.dev";
+      signing.key = "0xC01A7CBBA617BD5F";
+      signing.signByDefault = true;
+      extraConfig = {
+        init = {defaultBranch = "main";};
+        core = {editor = "nvim";};
+        pull.rebase = true;
+      };
+    };
+
+    nushell = {
+      enable = true;
+    };
+  };
+
+  home.sessionVariables = {
+    EDITOR = "nvim";
+  };
+}