nix-deploy/config/common/services/ssh.nix
2023-06-17 12:22:58 +02:00

28 lines
732 B
Nix

{ config, ... }:
{
services.openssh = {
enable = true;
hostKeys = [ { path = config.secrets.files.ssh_host_ed25519_key.file; type = "ed25519"; } ];
settings = {
KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
Macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com" "umac-128-etm@openssh.com" ];
PermitRootLogin = "no";
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
};
};
programs.ssh.knownHosts = {
despondos = {
hostNames = [ "despondos.nao.sh" ];
publicKeyFile = ../data/pubkeys/despondos_host_ed25519_key.pub;
};
};
services.sshguard = {
enable = true;
blocktime = 300;
};
}