diff options
author | tzlil <tzlils@protonmail.com> | 2022-12-13 15:21:30 +0200 |
---|---|---|
committer | tzlil <tzlils@protonmail.com> | 2022-12-13 15:21:30 +0200 |
commit | f51f8e398fffe33dcbb4b9f9db95708e7a3dde82 (patch) | |
tree | 08a9c853a29b01c53be526aecc8d2505f5086af5 /profiles/ssh.nix | |
parent | 24637dfdfdd6dc8d116542f16a07d808c9e43c36 (diff) |
stuff
Diffstat (limited to 'profiles/ssh.nix')
-rw-r--r-- | profiles/ssh.nix | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/profiles/ssh.nix b/profiles/ssh.nix new file mode 100644 index 0000000..e0a623a --- /dev/null +++ b/profiles/ssh.nix @@ -0,0 +1,34 @@ +{ pkgs, lib, config, inputs, ... }: + +{ + config = { + services.openssh = { + enable = true; + openFirewall = false; + passwordAuthentication = false; + kbdInteractiveAuthentication = false; + allowSFTP = false; + permitRootLogin = "no"; + startWhenNeeded = true; + extraConfig = '' + AllowTcpForwarding yes + X11Forwarding no + AllowAgentForwarding no + AllowStreamLocalForwarding no + AuthenticationMethods publickey + StreamLocalBindUnlink yes + + AllowUsers tzlil + ''; + }; + environment.persistence."/nix/persist" = { + hideMounts = true; + files = [ + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; + }; + }; +} \ No newline at end of file |