blob: 00d28520c38eef5fb3d0687923cf8eece13e60bc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.nixfiles.modules.openssh;
in {
options.nixfiles.modules.openssh.server.enable =
mkEnableOption "OpenSSH server";
config = mkIf cfg.server.enable {
programs.mosh.enable = true;
services = let
port = 22022; # Port 22 should be occupied by a tarpit.
in {
openssh = {
enable = true;
ports = [port];
logLevel = "VERBOSE"; # Required by fail2ban.
permitRootLogin = "no";
passwordAuthentication = false;
};
fail2ban.jails.sshd = ''
enabled = true
mode = aggressive
port = ${toString port}
'';
};
};
}
|