NixOS-Config/modules/system/services/general/ssh/default.nix

23 lines
473 B
Nix

{ lib, ... }:
{
imports = [ ./fail2ban ];
services.openssh = {
enable = true;
settings = {
PermitRootLogin = lib.mkForce "no";
PrintLastLog = "no";
PasswordAuthentication = false;
UsePAM = false;
X11Forwarding = false;
};
};
environment.persistence."/persist".files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
}