28 lines
732 B
Nix
28 lines
732 B
Nix
{ config, ... }:
|
|
{
|
|
services.openssh = {
|
|
enable = true;
|
|
hostKeys = [ { path = config.secrets.files.ssh_host_ed25519_key.file; type = "ed25519"; } ];
|
|
settings = {
|
|
KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
|
|
Macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com" "umac-128-etm@openssh.com" ];
|
|
PermitRootLogin = "no";
|
|
KbdInteractiveAuthentication = false;
|
|
PasswordAuthentication = false;
|
|
|
|
};
|
|
};
|
|
|
|
programs.ssh.knownHosts = {
|
|
despondos = {
|
|
hostNames = [ "despondos.nao.sh" ];
|
|
publicKeyFile = ../data/pubkeys/despondos_host_ed25519_key.pub;
|
|
};
|
|
};
|
|
|
|
services.sshguard = {
|
|
enable = true;
|
|
blocktime = 300;
|
|
};
|
|
}
|