forked from nico/dots
27 lines
611 B
Nix
27 lines
611 B
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
# Enable the OpenSSH daemon.
|
|
services.openssh = {
|
|
enable = true;
|
|
allowSFTP = true;
|
|
openFirewall = false;
|
|
authorizedKeysInHomedir = false;
|
|
settings = {
|
|
PermitRootLogin = "no";
|
|
PasswordAuthentication = false;
|
|
GatewayPorts = "no";
|
|
};
|
|
};
|
|
|
|
# add ssh key
|
|
users.users.nico.openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHzUJnqCpbRxggjyIZo4KWnTyHobPdi/xXkN1/n/yIMD"
|
|
];
|
|
|
|
# enable ssh in the firewall
|
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
|
|
|
# enable fail2ban
|
|
services.fail2ban.enable = true;
|
|
}
|