nix-deploy/config/common/services/ssh.nix

28 lines
732 B
Nix
Raw Permalink Normal View History

2022-02-26 16:09:12 +01:00
{ config, ... }:
2021-09-23 16:45:06 +02:00
{
services.openssh = {
enable = true;
2022-02-26 16:09:12 +01:00
hostKeys = [ { path = config.secrets.files.ssh_host_ed25519_key.file; type = "ed25519"; } ];
2023-06-17 12:22:58 +02:00
settings = {
KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
Macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com" "umac-128-etm@openssh.com" ];
PermitRootLogin = "no";
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
2022-02-26 16:09:12 +01:00
2023-06-17 12:22:58 +02:00
};
2021-09-23 16:45:06 +02:00
};
2021-09-27 14:55:55 +02:00
programs.ssh.knownHosts = {
despondos = {
hostNames = [ "despondos.nao.sh" ];
publicKeyFile = ../data/pubkeys/despondos_host_ed25519_key.pub;
};
};
services.sshguard = {
enable = true;
blocktime = 300;
};
2021-09-23 16:45:06 +02:00
}