causalhonk/dots
1
0
Fork 0
forked from nico/dots
Code Pull requests Activity

nixos: move ssh to its own module

Browse source
This commit is contained in:
Nico 2025-05-03 16:16:01 +10:00
parent a64332e822
commit 0c44f58311
2 changed files with 22 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

8
hosts/nixos-common.nix
View file

@ -23,17 +23,9 @@
# useXkbConfig = true; # use xkb.options in tty. # useXkbConfig = true; # use xkb.options in tty.
# }; # };
# Enable sysrq # Enable sysrq
boot.kernel.sysctl."kernel.sysrq" = 1; boot.kernel.sysctl."kernel.sysrq" = 1;
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Auto store clean # Auto store clean
nix.gc = { nix.gc = {
automatic = true; automatic = true;

22
modules/linux/ssh.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, lib, pkgs, ... }:
{
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
allowSFTP = true;
openFirewall = false;
authorizedKeysInHomedir = false;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
GatewayPorts = "no";
};
};
# enable ssh in the firewall
networking.firewall.allowedTCPPorts = [ 22 ];
# enable fail2ban
services.fail2ban.enable = true;
}