aragon

hosts/aragon/configuration.nix

@@ -12,6 +12,7 @@
     ../../modules/displaymanager.nix
     ../../modules/polkit.nix
     ../../modules/nix.nix
+    ../../modules/openssh.nix
     ../../secrets/sops.nix
     ../../secrets/sopsconf.nix
     ../../modules/sound.nix
@@ -22,7 +23,6 @@
     ../../modules/steam.nix
     ../../modules/xdg.nix
     ../../modules/bluetooth.nix
-    ../../modules/powerprofiles.nix
     ../../modules/basePackages.nix
     ../../modules/develPackages.nix
     ../../modules/desktopApplications.nix
@@ -47,7 +47,7 @@
   boot.initrd.luks.devices."luks-08650b6b-6143-4503-8bf5-a3d32ef62d73".keyFile = "/crypto_keyfile.bin";
 
   networking.hostName = "aragon"; # Define your hostname.
-  
+  time.timeZone = "Europe/Amsterdam";
   networking.networkmanager.enable = true;
 
   # Enable the X11 windowing system.

modules/openssh.nix

@@ -0,0 +1,25 @@
+{ config, pkgs, lib, ... }:
+{
+  services.openssh = {
+    enable = true;
+    settings.UseDns = true;
+    settings.PermitRootLogin = "prohibit-password";
+    startWhenNeeded = true;
+    ports = [ 6969 ];
+    openFirewall = true;
+    #settings.Ciphers = [
+    #  "chacha20-poly1305@openssh.com"
+    #  "aes256-gcm@openssh.com"
+    #  "aes128-gcm@openssh.com"
+    #  "aes256-ctr"
+    #  # remove some weaker ciphers
+    #];
+  };
+  services.endlessh-go = {
+    enable = true;
+    port = 22;
+    openFirewall = true;
+  };
+  services.sshguard.enable = true; #protection against brute force attacks
+}
+