1 files changed, 33 insertions, 0 deletions

diff --git a/system/sshd.nix b/system/sshd.nix
new file mode 100644
index 0000000..0e0f1a2
--- /dev/null
+++ b/system/sshd.nix
@@ -0,0 +1,33 @@
+{config, ...}: {
+  # sshd
+  services.openssh = {
+    enable = true;
+    ports = [22];
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+      UseDns = true;
+      X11Forwarding = false;
+      PermitRootLogin = "no";
+    };
+  };
+
+  # allow ssh port
+  networking.firewall.allowedTCPPorts = [22];
+
+  # ban evil
+  services.fail2ban = {
+    enable = true;
+    ignoreIP = [
+      # freyanet
+      "10.0.0.0/14"
+    ];
+  };
+
+  # add authorized keys
+  users.users.${config.user} = {
+    openssh.authorizedKeys.keyFiles = [
+      ../files/keys/ssh.pub
+    ];
+  };
+}