mirror of
https://github.com/adrlau/nix-dotfiles.git
synced 2024-12-12 14:31:50 +01:00
31 lines
702 B
Nix
31 lines
702 B
Nix
{ config, pkgs, lib, ... }:
|
|
{
|
|
environment.systemPackages = [
|
|
pkgs.openssh
|
|
pkgs.endlessh-go
|
|
pkgs.sshguard
|
|
];
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
settings.UseDns = true;
|
|
settings.PermitRootLogin = "prohibit-password";
|
|
startWhenNeeded = true;
|
|
ports = [ 6969 ];
|
|
openFirewall = true;
|
|
#settings.Ciphers = [
|
|
# "chacha20-poly1305@openssh.com"
|
|
# "aes256-gcm@openssh.com"
|
|
# "aes128-gcm@openssh.com"
|
|
# "aes256-ctr"
|
|
# # remove some weaker ciphers
|
|
#];
|
|
};
|
|
services.endlessh-go = {
|
|
enable = true;
|
|
port = 22;
|
|
openFirewall = true;
|
|
};
|
|
services.sshguard.enable = true; #protection against brute force attacks like fail2ban
|
|
}
|