34 lines
1,019 B
Nix
34 lines
1,019 B
Nix
{ ... }:
|
|
{
|
|
imports = [ ./fail2ban ];
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
AuthenticationMethods = "publickey";
|
|
PermitEmptyPasswords = true;
|
|
PrintLastLog = "no";
|
|
};
|
|
};
|
|
|
|
programs.ssh = {
|
|
startAgent = true;
|
|
|
|
# Don't host prompt for servers
|
|
knownHosts = {
|
|
midas.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcFMvrx9/iUZ1mEubf+QF1i3LNTxFhaU/1zFSjdo0kK";
|
|
kitty.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrGmsya5DXKuXO6jNjUlrYHqk49KLzxM/60GXtLRLrL";
|
|
detritus.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPD9m/rUjb88C4Kin2YhMrMVigu5IEf20FzwfAvz8SI";
|
|
prophet.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrp3Y/X2BRUENx+0GMTmB1VDA6SiwkGgdJMHSdMMepM";
|
|
};
|
|
};
|
|
|
|
security.pam.services.sshd.allowNullPassword = true;
|
|
|
|
environment.persistence."/persist".files = [
|
|
"/etc/ssh/ssh_host_ed25519_key"
|
|
"/etc/ssh/ssh_host_ed25519_key.pub"
|
|
"/etc/ssh/ssh_host_rsa_key"
|
|
"/etc/ssh/ssh_host_rsa_key.pub"
|
|
];
|
|
}
|