22 lines
391 B
Nix
22 lines
391 B
Nix
{
|
|
# Enable SSH
|
|
services = {
|
|
openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "no";
|
|
PrintLastLog = "no";
|
|
PasswordAuthentication = false;
|
|
UsePAM = false;
|
|
};
|
|
};
|
|
|
|
# Block nefarious SSH connections
|
|
fail2ban = {
|
|
enable = true;
|
|
maxretry = 5;
|
|
bantime = "5m";
|
|
ignoreIP = [ "10.0.0.0/24" ];
|
|
};
|
|
};
|
|
}
|