2023-09-24 03:59:47 +02:00
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
|
|
environment.systemPackages = [
|
|
|
|
pkgs.openssh
|
2023-12-27 22:56:53 +01:00
|
|
|
pkgs.endlessh-go
|
2023-09-24 03:59:47 +02:00
|
|
|
pkgs.sshguard
|
|
|
|
];
|
|
|
|
|
|
|
|
services.openssh = {
|
|
|
|
enable = true;
|
|
|
|
settings.UseDns = true;
|
|
|
|
settings.PermitRootLogin = "prohibit-password";
|
|
|
|
startWhenNeeded = true;
|
2023-10-17 19:42:00 +02:00
|
|
|
ports = [ 6969 ];
|
2023-09-24 03:59:47 +02:00
|
|
|
openFirewall = true;
|
2023-12-06 22:21:44 +01:00
|
|
|
#settings.Ciphers = [
|
|
|
|
# "chacha20-poly1305@openssh.com"
|
|
|
|
# "aes256-gcm@openssh.com"
|
|
|
|
# "aes128-gcm@openssh.com"
|
|
|
|
# "aes256-ctr"
|
|
|
|
# # remove some weaker ciphers
|
|
|
|
#];
|
2023-10-17 19:42:00 +02:00
|
|
|
};
|
2023-12-27 22:56:53 +01:00
|
|
|
services.endlessh-go = {
|
2023-09-24 03:59:47 +02:00
|
|
|
enable = true;
|
|
|
|
port = 22;
|
|
|
|
openFirewall = true;
|
|
|
|
};
|
2023-10-17 19:42:00 +02:00
|
|
|
services.sshguard.enable = true; #protection against brute force attacks like fail2ban
|
|
|
|
}
|