Server Defaults Leaf

cells/server/defaults.nix provides generic headless defaults for the server branch.

What this leaf does

It sets timezone and locale, creates a normal wheel user, enables OpenSSH, disables password authentication, disables NetworkManager by force, opens server ports, enables fail2ban, sets basic Nix features, and installs a compact utility set.

services.openssh = {
  enable = true;
  settings = {
    PasswordAuthentication = false;
    KbdInteractiveAuthentication = false;
    PermitRootLogin = "prohibit-password";
  };
};
 
services.fail2ban.enable = true;

Why it belongs to server

These are not workstation defaults. SSH should be enabled on a remote server, but disabled by default on the workstation security leaf. Branch separation lets both be true.

security leaf
OpenSSH
Fail2ban

Digital Garden

Explorer

Recent Notes

access-control

addons

Addons Branch

administration

Server Defaults Leaf

Server Defaults Leaf

What this leaf does

Why it belongs to server

Graph View

Table of Contents

Backlinks

Digital Garden

Explorer

Recent Notes

access-control

addons

Addons Branch

administration

Server Defaults Leaf

Server Defaults Leaf

What this leaf does

Why it belongs to server

Related

Graph View

Table of Contents

Backlinks