Enable and configure openssh service:
- enable service
- disable PasswordAuthentication and KbdInteractiveAuthentication
- set PermitRootLogin to prohibit-password (allow root keys only)
- add ed25519 public key to authorizedKeys
Open firewall TCP port 22
Add detailed fail2ban configuration: global settings, immich and
forgejo jails with systemd backend, journalmatch identifiers and
local filter definitions.
Remove standalone services.fail2ban.enable and eliminate unused
TCP port 9000 plus a debug log-level flag in netflow2ng. Add nixpkgs
overlay to
build onnxruntime with cudaSupport.
Enable hardware.graphics, nvidia.open and nvidia-container-toolkit; set
xserver video driver to nvidia and enable nixpkgs.allowUnfree
Update Frigate container to stable-tensorrt, add nvidia GPU device,
mount model cache and add --privileged
Add lshw to system packages
