feat: security - gnupg & openssh's KDF

modules/nixos/server/server-riscv64.nix

@@ -0,0 +1,65 @@
+{pkgs, ...}: {
+  # =========================================================================
+  #      Base NixOS Configuration
+  # =========================================================================
+
+  imports = [
+    ../base/i18n.nix
+    ../base/misc.nix
+    ../base/user-group.nix
+
+    ../../base.nix
+    
+    ./security.nix
+  ];
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  #
+  # TODO feel free to add or remove packages here.
+  environment.systemPackages = with pkgs; [
+    neovim
+
+    # networking
+    mtr # A network diagnostic tool
+    iperf3 # A tool for measuring TCP and UDP bandwidth performance
+    nmap # A utility for network discovery and security auditing
+    ldns # replacement of dig, it provide the command `drill`
+    socat # replacement of openbsd-netcat
+    tcpdump # A powerful command-line packet analyzer
+
+    # archives
+    zip
+    xz
+    unzip
+    p7zip
+    zstd
+    gnutar
+
+    # misc
+    file
+    which
+    tree
+    gnused
+    gawk
+    zellij
+    docker-compose
+  ];
+
+  virtualisation.docker = {
+    enable = true;
+    # start dockerd on boot.
+    # This is required for containers which are created with the `--restart=always` flag to work.
+    enableOnBoot = true;
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      X11Forwarding = true;
+      PermitRootLogin = "prohibit-password"; # disable root login with password
+      PasswordAuthentication = false; # disable password login
+    };
+    openFirewall = true;
+  };
+}