We require this for setting up a VPS on Hetzner Cloud, since Hetzner uses
legacy BIOS boot for its instances.
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
* KbdInteractiveAuthentication: disable keyboard interactive-auth, since
we solely rely on the SSH key for connection.
* PermitEmptyPasswords: disable empty passwords for SSH connection, again,
since we use SSH keys.
* Protocol: Explicitly set the SSH protocol to 2, even though it is the
default value.
* MaxAuthTries: Set auth tries to 3. This is to allow up to 3 keys to try
connection.
* ChallengeResponseAuthentication: We do not require a challenge-response
setup.
* AllowTcpForwarding: Allows access to locally-running ports without having
to expose them. Since all auth methods are disabled, we can enable this.
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
Setting it to 10 does not play well with srvos, since it uses lib.mkDefault
to set it to 10 as well. And anyways, we don't need 10 generations to show
up during the boot menu.
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
Umm, this is a hard one as to why it was added in the first place. I think
someone had told me about it, but it seems like it's not really required, and
not recommended to be run on systems that do not support it by default.
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
A security issue currently plagues nix_git package, along with some other issues cropping up
in the newer versions. So we'll stick to the last stable, bug-free nix version for a while.
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
* Lat2-Terminus16 looks nice, not sure why I replaced it.
* Remove `udev.log_level=3` from the kernel param cmdline. This option
was added to test out plymouth on boot, which surprisingly seems to not
be working right now. Will revisit this later.
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
Had been removed to debug issues with netbird connectivity after suspend.
Can be added back since the issue is unrelated.
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>