diff options
Diffstat (limited to 'programs')
| -rw-r--r-- | programs/ssh/default.nix | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/programs/ssh/default.nix b/programs/ssh/default.nix index 4c9b418..b6ecb1d 100644 --- a/programs/ssh/default.nix +++ b/programs/ssh/default.nix @@ -3,10 +3,43 @@ lib, ... }: { + # ssh config home-manager.users.${config.user} = { programs.ssh = { enable = true; extraConfig = lib.fileContents ./config; }; }; + + # sshd + services.openssh = { + enable = true; + ports = [22]; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + UseDns = true; + X11Forwarding = false; + PermitRootLogin = "no"; + }; + }; + + # allow ssh port + networking.firewall.allowedTCPPorts = [22]; + + # ban evil + services.fail2ban = { + enable = true; + ignoreIP = [ + # freyanet + "10.0.0.0/14" + ]; + }; + + # add authorized keys + users.users.${config.user} = { + openssh.authorizedKeys.keyFiles = [ + ../../files/keys/ssh.pub + ]; + }; } |