From e8dbb049452e014fe89df34cb8f29e7c21c37666 Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Mon, 30 Jan 2023 01:48:52 +0300 Subject: 2023-01-30 --- modules/nixos/openssh.nix | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) (limited to 'modules/nixos/openssh.nix') diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix index 36b85f8..0cd44bd 100644 --- a/modules/nixos/openssh.nix +++ b/modules/nixos/openssh.nix @@ -18,15 +18,36 @@ in { }; config = mkIf cfg.server.enable { + # TODO Enable on a fresh system. + # ark = { + # files = [ + # "/etc/ssh/ssh_host_ed25519_key" + # "/etc/ssh/ssh_host_ed25519_key.pub" + # "/etc/ssh/ssh_host_rsa_key" + # "/etc/ssh/ssh_host_rsa_key.pub" + # ]; + # directories = ["/etc/ssh/authorized_keys.d"]; + # }; + programs.mosh.enable = true; services = { openssh = { enable = true; ports = [cfg.server.port]; - logLevel = "VERBOSE"; # Required by fail2ban. - permitRootLogin = mkForce "no"; - passwordAuthentication = false; + settings = { + AllowUsers = my.username; + ClientAliveCountMax = 3; + ClientAliveInterval = 60; + KbdInteractiveAuthentication = false; + LogLevel = + if config.nixfiles.modules.fail2ban.enable + then "VERBOSE" + else "ERROR"; + MaxAuthTries = 3; + PasswordAuthentication = false; + PermitRootLogin = "no"; + }; }; fail2ban.jails.sshd = '' -- cgit 1.4.1