diff options
Diffstat (limited to 'modules/nixos/openssh.nix')
-rw-r--r-- | modules/nixos/openssh.nix | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix index 36b85f8..0cd44bd 100644 --- a/modules/nixos/openssh.nix +++ b/modules/nixos/openssh.nix @@ -18,15 +18,36 @@ in { }; config = mkIf cfg.server.enable { + # TODO Enable on a fresh system. + # ark = { + # files = [ + # "/etc/ssh/ssh_host_ed25519_key" + # "/etc/ssh/ssh_host_ed25519_key.pub" + # "/etc/ssh/ssh_host_rsa_key" + # "/etc/ssh/ssh_host_rsa_key.pub" + # ]; + # directories = ["/etc/ssh/authorized_keys.d"]; + # }; + programs.mosh.enable = true; services = { openssh = { enable = true; ports = [cfg.server.port]; - logLevel = "VERBOSE"; # Required by fail2ban. - permitRootLogin = mkForce "no"; - passwordAuthentication = false; + settings = { + AllowUsers = my.username; + ClientAliveCountMax = 3; + ClientAliveInterval = 60; + KbdInteractiveAuthentication = false; + LogLevel = + if config.nixfiles.modules.fail2ban.enable + then "VERBOSE" + else "ERROR"; + MaxAuthTries = 3; + PasswordAuthentication = false; + PermitRootLogin = "no"; + }; }; fail2ban.jails.sshd = '' |